Kenna Release Notes and Bug Fixes

February 2023

General

Remediation Scores Available in Your Test Account

If you have Kenna Premier Tier and have purchased a test account, you can now see Remediation Scores in your test account before you go live to users in production.

Changes to the Tanium Comply File-Based Connector

This improved connector generates asset vulnerability data in a CSV file , and when ingested by Kenna, calculates a risk score for the assets in your environment. The data from Tanium and Kenna can enhance your risk posture and improve security. Now, your IT and security teams can work together to patch vulnerabilities that are essential to reduce risk.

Depending on if you have an On-Prem or Cloud version of Tanium, you may need to use a different method to download the Tanium input file.

For more information, see "Tanium Comply File-Based Connector."

Changes to Rapid7 Nexpose Connector

The Rapid7 Nexpose connector can import hostname and Fully Qualified Domain Name (FQDN) to use in asset deduplication.

To benefit from this improvement immediately, you must clear your asset data, which refreshes your asset deduplication. Contact the Kenna Support team and ask them to clear your asset data. Be sure to say that you want to clear only assets and vulnerabilities and keep connectors and risk meter data.

Note: If you don’t clear your asset data, the duplicate assets persist until they become inactive and are removed from the system.

For more information about how Kenna deduplicates assets, see "Rapid7 (Nexpose or InsightVM) Connectors - API and XML" and "Understanding Locator Order."

Changes to the Qualys WAS Connector

We’ve added support for the following Qualys regions :

• US4
• Qualys AE
• Qualys UK
• Qualys AU

For more information about the Qualys WAS connector, see "QualysWAS Connector."

API

You can see the latest changes to the API in the API changelog. 

The following changes are coming soon.

New Vulnerability APIs

These vulnerability APIs enhance existing custom field support and introduce new data types. The new endpoints use v2 as the API URL. To use these APIs, you will have to switch to using v2 URLs. The v1 endpoints will be supported for a minimum of 12 months.

Remediation Scores

The remediation scores will be added to List Asset Groups API and Show Asset Group
API.

The following changes have been made to the Kenna API V1:

Changes to Retrieve Data Export

The following changes have been made to the Retrieve Data Export API:

• New message with 400 HTTP status code: "Cannot retrieve a failed or cancelled export"
• New message with 400 HTTP status code: "Export Not Found"
• 404 HTTP status code and message has been removed

Changes to the Introduction

The following changes have been made to Kenna Platform API Introduction section and the Guides section:

• Authentication renamed to API Authentication
• HTTP Status codes moved to Errors
• Downloading Export Files and User-Agent moved to Guides

Bug Fixes

The following bugs are fixed:

Sonatype Agent Connector Runs Fail

Problem: The Sonatype connector runs failed due to missing agent file (client_file) uploads. The IP whitelisting process was blocking the agent file uploads.

Fix: The IP whitelisting process now uses the correct customer IP address. We also changed the way Kenna processes IP addresses from X-Forwarded-For headers for clients with SAML enabled.

Error When Viewing Alerts

Problem: When trying to view Alerts, you receive an error. The page can’t load because of a large number of unacknowledged alerts.

Fix: We’ve improved the performance of the Alerts page by making the following changes to it:

• Added pagination (displaying alerts page by page, rather than one long list)
• Added filtering by alert type

Prisma Connector Assets are Not Deleted

Problem: Prisma Connector Assets reach their asset purge setting limit but are not deleted. During the connector run, assets not seen by the connector are inactivated, and the inactive_at date is not set. Deleting an asset depends on the inactive_at date so the asset is not deleted.

Fix: We changed the processing so that when a connector is inactivated, the inactive_at field is populated, and the deletion process works as designed.

Bulk Delete Vulnerabilities API Endpoint Fails

Problem: Bulk delete requests fail with a 504 response. The error occurs because the requests include vulnerability IDs with large numbers of scanner vulnerabilities.

Fix: We improved the performance of the batch processing of bulk delete requests.

Snyk v2 Toolkit Task Does Not Apply Changes

Problem: The projectName_strip_colon setting on the Snyk v2 toolkit task does not apply its changes, resulting in incorrect application_locator values. Incorrect application_locator values can affect the asset selection when the data is imported.

Fix: We corrected the problem in the Snyk v2 toolkit task so that the change is applied.

 

January 2023

General

Subscription End Date 

An administrator can see the Kenna subscription end date on the License page. For more information about licenses, see Kenna License Entitlement FAQ.

Figure 1: Subscription end date

Changes to Kenna.VM utilization email notifications

An administrator can configure the level of email notifications for Kenna.VM utilization. 

If entitlement enforcement is on, administrators receive email notifications when Kenna.VM utilization is at 80%, 90%, and 100%. Administrators can disable the 80% and 90% email notification on the Alerts page.

Figure 2: Configuring level of notification for asset entitlement usage

To configure the level of email notifications, hover over the gear icon (Settings),and in the menu, click Alerts.

Figure 3: Selecting the Alerts page

Changes to Export

The success banner displays the Export ID when you export from Explore or the Top Fixes page. Use the Export ID to quickly query the status of the export in the API or search the VM Activity table.

Figure 4: Export ID displayed in success banner

Changes to Explore

In Explore, on the Assets tab, you can display Asset ID in the asset list. The Asset ID can be useful when you are using the Kenna API and for the Customer Support Team.

Figure 5: Export ID displayed in Assets list

To show Asset ID in the asset list, click Display, and select the Asset ID checkbox from the list. 

Figure 6: Configuring Asset ID to be displayed

Changes to Crowdstrike

If an asset in Crowdstrike has a Fully Qualified Domain Name (FQDN) or NetBIOS name, the values are imported into Kenna and are used in asset deduplication. 

For more information about how Kenna deduplicates assets, see Crowdstrike Connector and Understanding Locator Order.

Changes to Zero Day Vulnerability Intelligence license indicator

The tooltips for the Zero Days facet have been improved to clarify when the Zero Day Vulnerability Intelligence feature is enabled. 

When you hover over the Zero Days facet, the following message displays when the feature is enabled and there are active zero days:

Figure 7: Message indicating that there are zero-day vulnerabilities (feature enabled)

When you hover over the Zero Days facet, the following message displays when the feature is enabled and there are no active zero days: 

Figure 8: Message indicating there are no zero-day vulnerabilities (feature enabled)

When you hover over the Zero Days facet, the following message displays when the feature is disabled. It means that your organization doesn’t have the Premium Tier license that supports the Zero Day Vulnerability Intelligence feature: 

Figure 9: Message indicating Zero Day Vulnerabilities feature is disabled

API

You can see the latest changes to the API in the API changelog. 

The following changes are coming soon.

Export Status Codes and Messages

The export HTTP status codes and response messages are being standardized and updated.
The following changes are being made to the "Retrieve Data Export" API:

• New message with 400 HTTP status code: "Cannot retrieve a failed or cancelled export."
• New message with 400 HTTP status code: "Export Not Found."
• 404 HTTP status code and message will be removed.

Vulnerability APIs

The vulnerability APIs are moving to version v2, which supports better custom field interaction. You’ll see "v2" in the API URL.

Remediation Scores

The remediation scores are being add to "List Asset Groups" and "Show Asset Group".

Virtual Tunnel

The following improvements are in Virtual Tunnel 1.4.2:

• Improvements to the client-user account creation and management process.
• Verification of Internet connectivity when changing an API key through the UI. If no Internet connection is detected, an error message displays, and the API key is not saved.

• Changes to the way commands are executed to improve security. Remotely delivered commands are executed locally, instead of remotely.

You can download VPN Tunnel 1.4.2 from the Software Download page. 

Bug Fixes

The following bugs are fixed: 

Links on VM Activity page

The VM Activity page displays a list of all exports. The download links on the VM Activity page for Findings were broken. These links have been fixed, and you can download Findings exports.

For more information about exports, see Exporting data from Kenna.

Assets affected by a fix in ServiceNow ticketing description filters assets incorrectly

Child risk meter filtering didn't work for assets affected by a fix in ServiceNow ticketing description. The filter showed all affected assets in the instance, instead of only affected assets within the scope of the child risk meter. Child risk meter filtering works correctly now. 

 

December 2022

General

Remediation Analytics and Scoring

Please note that Remediation Score is a Kenna Premier Tier feature.

 

The overall Remediation Score is now color coded to provide better context on the scale. 

The score ranges from 0-100 with higher numbers indicating success across the four metrics of the score. As a security program progresses in maturity, it should strive to increase its score.

Figure 1: Remediation Analytics and Scoring

Figure 2: Remediation and scoring description

November 2022

General

Kenna.VM Premier 

Introducing the availability of Kenna.VM Premier, an advanced tier of Kenna’s flagship risk-based vulnerability management (RBVM) platform.  

In addition to the existing features and functionality of Kenna.VM, the Premier tier adds zero-day vulnerability intelligence from Cisco Talos, remediation analytics and scoring, and access to Kenna’s vulnerability intelligence via both a web-based user interface, and API (also known as “Kenna.VI+”).

 

Figure 1: Remediation Analytics and Scoring

Figure 2: Talos zero-day Vulnerability Intelligence

Figure 3: Kenna Vulnerability Intelligence Dashboard (VI Dashboard)

To learn more about Kenna.VM Premier and its new features, go to the following resources: 

• Cisco Security Blog – Introducing the Kenna.VM Premier
• At a Glance One Pager – Benefits of Kenna.VM Premier
• Remediation Score Guide
• Updated Kenna.VM At-a-Glance
• Updated Kenna.VM Data Sheet

Kenna.VM Premier is generally available on the Cisco GPL, EA 3.0, MSLA buying programs, and is planned for the EA 2.0 buying program later this year. For more information on Kenna.VM Premier, please contact your Partner or Cisco Sales specialist.

API

Virtual Tunnel 1.4.1

• Kenna service account has been removed
• Scanner account name changed to client-user
• Base ISO upgraded to Rocky 8.6
• Adjustments to available crypto cipher packages

Virtual Tunnel 1.4.0

The following security enhancements were added to Kenna Virtual Tunnel 

• Adjustment to default SSL handling.
• Security check for hypervisor support for RDRAND/RDSEED number generation.
• Upgraded file hash generation from SHA1 to SHA2.

CSV Export

• File locator field in now supported in the CSV export

VI+

• Show Vulnerability Definitions has been renamed to List Vulnerability Definitions in Kenna VI+ API documentation.

Note: The URL has not changed, only the name.

Bug Fixes

• Kenna users with roles set to allow asset note editing were unable to edit nil value asset notes 
• In Kenna.AppSec, after Findings reached a closed status it’s custom field values were no longer visible on the Finding detail page
• In Kenna.AppSec, Checkmarx findings mapped last_seen to found date rather than the Checkmarx detection date.

October 2022

General

Microsoft Defender for Endpoint TVM Connector

The Microsoft Defender for Endpoint TVM connector leverages the Advanced Threat Protection (ATP) built-in Threat & Vulnerability Management (TVM) data into your Kenna account.

License Entitlement Enforcement

Kenna began enabling license enforcement within the product. Please see the License Entitlement FAQ for further information. 

CVE Score History in VI+

Users can now see changes to Kenna scoring within the CVE Details page as well as via a Show CVE History VI+ API endpoint.

VI+ UI Enhancements

Users can now filter vulnerabilities to focus on those with remote code execution. CVSS 2 exploit, impact, and temporal scores were added to the UI. CVSS 3 vectors and fields were added to the UI. Vulnerability chatter is now visualized on a graph to show changes over time.

VI+ UI Usability Improvements

Users will now experience a more uniform experience between VM and VI with adjustments to font families, sizing, colors, and component alignment within the application. 

API

Trending Vulnerabilities in VI

Users can now see top Trending Vulnerabilities within the new VI Dashboard and filter based on Most Chatter, Risk Score, and Velocity. This information is also available via a new Get Trending Vulnerabilities VI+ API Endpoint. 

Virtual Tunnel 1.3.0

The 1.3.0 release of the Virtual Tunnel allows customers to run on prem with SCSI storage controllers. Find more information here. 

Bug Fixes

• The parameter max_priority on the Search Vulnerabilities API endpoint was not filtering results correctly.
• The VI+ Vulnerability Trends endpoint response contained unclear/stale data.
• Kenna.AppSec custom fields presented both "Clear" and "Save" buttons on dates, but failed to save when attempting to clear.

• The VI+ Data Snapshot endpoint returned old data without the newest exploits/fixes available.
• The Black Duck Hub agent selector was not displaying on the Connectors page edit modal.
• A change on Qualys' end in the scanner_id mapping for CVE-2021-31166 was creating orphaned vulnerabilities.

September 2022

General

Filter Assets without Vulnerabilities

Kenna.VM customers now have a way to see assets that have no vulnerabilities in Kenna.

Navigate to Explore → Asset Filters → expand Additional Filters → select the Assets without Vulnerabilities checkbox.

API

API Changelog

Kenna customers can now see what's new in the API with the API Changelog. If an item requires advanced notification, it will be added to the "Upcoming Changes" section. Note: the upcoming changes section will not show if there are no upcoming changes.

Bug Fixes

• The Search Findings API endpoint was not returning an infinite number of page results and left out search results.
• For some Kenna.AppSec customers, the Findings Timeline on each application's reporting page showedno results.
• In Kenna.VM, Custom Fields with Dates were being inconsistently displayed in the UI.
• Customers that are configured to use SAML, saw 401 responses to calls to the SLA Adherence endpoint made from the home page. An error displayed on the SLA Adherences graph on the Kenna Homepage.
• For Kenna.AppSec Findings customers, the Reporting Total Risk Score Over Time graph did not use Findings data.
• Within the Bulk Update Assets API Endpoint, users were permitted to edit and/or remove the created_at date field on assets. Now, this field is non editable.

August 2022 

General

Updated CVSS Search Terms

Kenna customers are now able to build Risk Meters based on CVSS v2 and CVSS v3 score terms. This is significant for many customers who need to build risk meters based on CVSS v3 scores for auditors and compliance reporting.

The following fields will be supported in the API, Exports and the custom query box in Explore page(new custom query search terms).The existing CVSS slider will be removed.

1. cvss_v2_score
2. cvss_v2_exploit_subscore
3. cvss_v2_impact_subscore
4. cvss_v2_temporal_score
5. cvss_v3_score
6. cvss_v3_exploit_subscore
7. cvss_v3_impact_subscore
8. cvss_v3_temporal_score

Additionally, CVSS v2 base score will no longer be rounded to the nearest whole number. CVSS v2 severity and temporal scores will still be rounded to the nearest whole number as they are today.

Lock Header in Explore

Within the Explore Page, customers can now lock the header so you don’t lose action buttons as you scroll. For now, the header is unlocked by default.

API

API Server Name

Customers can now view their API server name at the top of the Settings → API Keys page in Kenna.

Additionally, there is now a simple API Docs link in the sidebar. To use the API docs, customers must still manually type in your base URL and API key.

 

Bug Fixes

• The Audit Logs Search API endpoint was not returning a consistent amount of data for identical requests.
• For Kenna.AppSec Findings customers, the Reporting Total Risk Score Over Time graph was not using Findings data.
• Within the Bulk Update Assets API Endpoint, users were permitted to edit and/or remove the created_at date field on assets. Now, this field is non editable.

July 2022  

General 

Export Activity 

Kenna users with an Administrator role can now see exports requested by any user within the platform. 

API 

Solutions in the API 

When exporting solutions in the UI, there is a cap on the information exported. In light of this limitation, we expanded the Show Scanner Vulnerability Details API Endpoint to include any available solutions along with the details for a vulnerability.  This endpoint will only provide a response for 1 vulnerability ID at a time.  

Additional Data Export Status in the API 

Within the Check Data Export Status API endpoint, an enqueued status for exports was added to be more consistent with statuses we offer in Export Activity in the user interface.  This provides a more granular status, and it is consistent with statuses we offer in Export Activity in the user interface. 

 

June 2022 

General

High Risk Vulnerability Density Benchmark 

Users with access to the Kenna Homepage can now see how many open high-risk vulnerabilities they have on critical assets relative to other companies in their industry. This feature builds on the 2 already existing benchmarks on the Kenna Homepage. Benchmarks in Kenna help customers defend their VM program spend and / or lobby to expand or maintain their budget with data. Metrics are also available via the API. 
 
Vulnerabilities in this benchmark are open and have a Kenna score greater than 66.  

Only active assets are considered. You can filter by asset priority. The asset priority buckets are: 

1. Critical: asset priority 8-10 

1. Medium: asset priority 5-7 

1. Low: asset priority 0-4 

1. All Assets 

 

Kenna.Appsec Custom Fields 

Kenna.AppSec users can now create custom fields on the findings level to bring in loads of great metadata. The available data field types are Date, Numeric, Short and Long Strings, Text Dropdown, and attachments. You can read more by checking out our help article Creating a Custom Field in Kenna.AppSec. 

API

Kenna.VI API Improvements  

• Users can now better refine the data they are requesting via API to return a list of CVEs using a minimum risk score, active internet breach, remote code execution, or whether a CVE is easily exploitable.   
• Users can limit vulnerability definitions by the state of the CVE (published, reserved, or rejected).   
• Users can define which fields to include in the response for the vulnerability definitions endpoints. 

UI Enhancements

Kenna.VM Enhancements 

The Kenna.VM UI had a few small enhancements made to improve the user experience and interactions within the graphs and home page.   

• Risk meters are now alphabetized on the SLA Setup page.  
• Drop-down menus were updated to align styling across graphs.  
• Tooltip colors were updated, and tooltips were realigned for uniform appearance across the application. 

Bug Fixes

• The number of fixes included in the fixes export did not match the count displayed within the VM Activity page for JSON exports. 
• CSV vulnerabilities exports were occasionally failing due to a scroll time out issue. 
• For AppSec Findings customers using AppSec Explore, CSV Exports disregarded application filters and included all findings in the export. 
• Invalid custom field syntax provided to vulnerabilities bulk update API endpoint will either return either a 422 or 500 code or may silently accept bad data, depending on specific syntax used. 
• Ticket creation for both ServiceNow and Jira was failing due to storing incorrectly formatted hostnames in the connector records.  
• When a ServiceNow service ticket was successfully created on a vulnerability, there were occasional long delays with ticket information being populated in the Kenna platform. 
• ServiceNow Ticketing was also omitting the specified template "caller" value when creating tickets. 
• Some users were receiving multiple emails associated with single events in Kenna. 
• Veracode applications with quotes in their name caused the Veracode toolkit to fail. 

 

May 2022

Exports

Export Visibility

When an export is requested, users can now access an activity page that details the status of the export. The activity page displays enqueued, in progress, completed or failed exports. This feature is currently behind a feature flag. Please contact your CSM (Customer Success Manager) or Support to enable the feature. 

SLA Adherence Report

Kenna believes understanding your patch management health is critical to understanding the risk in your environment. SLA adherence is additional data, that paired with the Kenna Risk Score can help a client understand their risk posture. 
 
This new report on the Kenna Homepage displays the percentage of vulnerabilities that a customer has patched within SLA (due date) in the last rolling week. 

• This is an organization-level report, not Risk Meter report. 
• Each day has a data point, and each data point is a rolling average of the last 7 days. 
• You can filter by vulnerability criticality. 
• Metrics are also available in the API. 

Kenna Virtual Tunnel Release 1.2

• Consolidated Virtual Tunnel images to allow for a single installer to be used. Users will no longer have to select a particular VT image from multiple options to install from Cisco Software Download. 
• Resolved an issue that prevented establishing VPN connections. 
• Kenna Support Account is now disabled by default for users to enable as needed. 

 

Bug Fixes

• A backend service for synching tickets was failing which resulted in outdated ticket statuses for many customers in Kenna. 
• The Kenna Virtual Tunnel was not successfully creating an openvpn.conf file and therefore was not able to make the tunnel connection. 
• AppSec Explore was displaying findings that were associated with inactive assets. 
• In AppSec, a user could create multiple applications with the same name. Now, if a user tries to create a new application with an existing application name, we display the following error message: “name must be unique”. 
• When a customer clicks to add a new connector and then cancels setup, the Connectors page would occasionally fail to refresh. This refresh issue would retain the setup page on-screen and incorrectly allow the user to populate fields without the ability to save the configuration. When a connector configuration is cancelled, the screen now refreshes as expected 

April 2022

General

Tag Management

Asset tags are now kept in sync with customer connector runs.

Kenna imports tags from connectors, and those tags change over time. In the past customers did not have a way to remove the old tags. Kenna only added new tags which caused meta data from old connector runs to become outdated quickly. With this enhancement Kenna removes tags on an asset that were not seen on a connector run.

For more detail please see this help page on Asset Tags.

API Key Management

Administrators can copy an API key when they generate it, but not after they navigate away from the page. Existing keys will continue to work and customer Administrators will continue to be able to revoke or generate new API keys. To learn more about managing API keys, check out this video and our help article on API Key Generation and Permissions.

API

Near Real Time Score for VI+ API

Customers using the VI+ API can now receive risk score updates in near real-time when CVE scores change by at least one point. All CVE scores with at least a one point change can be queried with a single endpoint to provide targeted updates and streamline time to remediation.

Connectors

CrowdStrike

The CrowdStrike connector was released on our new data integration and processing platform which provides:

• Faster and more reliable syncing
• More detailed OS information
• Ability to pull in tags assigned to assets
• Incremental syncing for even faster performance

Bug Fixes

• Changes made on the Edit Asset page were not being saved. Changes to the primary locator is no longer allowed in the UI and must be made at the source before import. This will prevent duplication of assets.  
• Certain invalid search queries were not presenting an error message. 
• Confusing tooltips were being displayed on scanner vulnerabilities in the UI. 
• The Tanium Comply connector had an unhandled exception for a field value. 
• The Black Duck connector was stalling runs. 
• Very large vulnerability exports were returning 504 errors during retrieval. 
• Some SecurityCenter connectors were failing due to an XML parsing error. 
• The KDI upload was failing to open vulnerabilities as expected. 
• A Jira OAuth issue was preventing JIRA ticket creation.
• AppSec Reporting page had mismatched names and values such as the “Open Findings Count” displaying the Total findings count.

March 2022

General

Changes to User Management Workflow 

The user management workflow has been improved to a more intuitive and flexible experience. Changes are demonstrated in this video Admin Settings Menu: Managing Users and Roles and documented on the Role Based Access Control help page. 

 

Kenna Virtual Tunnel Release 1.1.0

This release includes the following changes:

1. Changed base OS from Centos to Rocky Linux.

2. A local service account for doing authenticated security scans is now included with the image and can be initialized with a password by following the command prompts when running the virtual tunnel VM.

3. New option to restart machine.

4. New option to check the local IP address (the bash command ifconfig is invoked).

5. Weekly automatic package updates.

6. Customer restarts trigger any pending kernel patching.

To download the newest version of the virtual tunnel go to Cisco Software Downloads.

 

Custom Field Improvements

Custom fields have been improved so that fields with a period (.) can now be used to search vulnerabilities as filter parameters and custom fields with underscores (_) are displayed with underscore in all places in the user interface. 

 

API

Tag Source 

Tag Source can now be pulled from the API using the List Tags endpoint. This was released in preparation for overall improvements to Tag Management, which were released April 4. Read all about Asset Tags here. 

 

VI+ Download

Download VI+ data (all CVE definitions) with a single step. This replaces the need for several API calls, reduces the time to download the data.

The curl command:

% curl --request GET \

  --url https://api.kennasecurity.com/vulnerability_definitions/vi_data_snapshot \

  --header "X-Risk-Token: ${KENNA_API_KEY}" \

  --header 'Content-Type: application/gzip' \

  --location \

  --output vi_data.gzip

% ll vi_data.gzip

-rw-r--r--  1 babarick  staff  47862221 Apr  5 16:30 vi_data.gzip

 

Support for End Date in Incremental Exports

Kenna now supports an end date for incremental exports. The new parameter is records_updated_until and is an optional field. It’s effective only when records_updated_since is present.

Ticketing with the API

Customers with integrated Jira & ServiceNow Ticketing connectors, as well as customers without integrated ticketing connectors, can associate, update and delete the ticket ID, due date, and status on a vulnerability in Kenna via the API. 

If a customer has a Jira or ServiceNow ticketing connector integrated in Kenna, and passes in the required fields, we will sync data nightly. For the nightly sync to work a user must pass in External ID and System ID.  

Please note: 

• A single vulnerability can still only have 1 service ticket associated. 
• Provide the Vulnerability ID in the call, which can be found in the last digits of the URL on a vulnerability detail page in the UI. 
• Use the Create Vulnerability, Update Vulnerability and Bulk Update Vulnerabilities endpoints.
• Under each endpoint, look for and expand the Vulnerability Object and then the Service Ticket Object to find more details. 

Please see API documentation for more detail. (Tip: Expand the vulnerability object and then the service ticket object as shown below.)

 

Bug Fixes

• ServiceNow tickets were not updating Status in Kenna. 
• The toolkit Jfrog Connector was producing an error where certain findings lacked a CVE identifier when uploaded via the KDI connector, causing connector run failures.  
• Very large CVE exports from the Explore page were  resulting in inconsistent sizes, usually exporting less vulnerabilities than shown in the UI. 
• Some CSV exports ‘with-details’ were failing outright. 
• The toolkit Contrast connector was failing with a 500 error. 
• Changes made to the ServiceNow ticketing connector on the settings page were not being reflected in the table used. 
• Several specific CVE’s had scores which were stale/not updated. 
• There were discrepancies in how certain search queries were handled when grouped in parenthesis and using quotation marks. Now problematic queries that require quotation marks are explicitly rejected. 

 

February 2022

AppSec

Stacks

Stacks is a new feature for AppSec Findings customers which allows users to group and organize their applications and risk groups into single combined views. With this release, we have a new set of APIs that will handle the basic Create, Read, Show and Update functions for users to programmatically interact with Stacks. Read more about Stacks here!

Findings API

Findings are now available on the Kenna API supporting the following options.

• Show Finding

• Update Finding

• Bulk Delete Findings

• Search Findings

• Create Finding

Find the docs here https://apidocs.kennasecurity.com/reference/show-finding

Connectors

New Toolkit Connectors

• HCL AppScan - AppScan Enterprise delivers scalable application security testing and risk management capabilities, to help enterprises manage risk and compliance. AppScan enables security, DevOps teams to collaborate, establish policies, and perform testing throughout the application development lifecycle.
• GitHub Code Scanning - Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.
• WhiteSource Scanning - Cover your open source security needs with WhiteSource, a leader in The Forrester Wave™!

Ticketing

Kenna Risk Score filter in the Kenna.VM ServiceNow app

Customers are now able to filter the vulnerabilities they bring into the Kenna.VM ServiceNow app by a minimum Kenna Risk Score. This aligns with Kenna’s Risk based approach of remediating based on risk and not attempting to patch everything.

To add this filter:

1. Open "Kenna Vulnerability Integration" -> "Administration" -> "Kenna Integrations"

2. Open the Vulnerable Item integration and there's a setting on the screen..

3. Find the "Minimum Risk Score" on that screen, and that'll establish a minimum number the incoming Vulnerable Items have to meet.

January 2022 Release Notes

General UI

Benchmarking Calculation Rate

Both the Total Risk Score Over Time Benchmark & the Mean Time to Remediate Benchmark on the Kenna homepage will begin to be calculated daily. This change will increase the frequency of the calculation from weekly to daily, giving clients the most up to date data.

UI Data Export Failure Notification

We have been sending emails to users when a data export is successful but now we also send users an email when it fails.

Connectors

Tenable.io

The Tenable.io API-based connector is now available. Read more about Tenable.io here!

New Toolkit Connectors

• Acunetix - Acunetix 360 is a best-of-breed enterprise web vulnerability solution designed to be a part of complex environments. It provides multiple integrations as well as options to integrate within custom contexts.
• Veracode - Confidently secure apps you build and manage with Veracode. This simple and scalable solution enables you to create more secure software so that you can boost your business and reduce risk without hindering innovation.
• CheckMarx SAST - With Checkmarx SAST™, you can run fast and accurate incremental or full scans whenever you need them. Trust our industry-leading SAST solution to give you the flexibility, accuracy, and coverage to secure your most critical code commits, within your rule sets, at scale.

AppSec

Typeahead Searching for Application Identifiers

The application identifiers search box now uses typeahead searching to suggest possible matches.

 

Bug Fixes

• Users were able to create multiple applications with the same name using the Kenna API.
• Findings counts for specific applications were not correct in AppSec Explore for those using the findings model.

 

December 2021 Release Notes

Kenna API Docs

The Kenna API docs were just updated and have a number of new benefits! 

November 2021 Release Notes

General UI

Hierarchical Risk Meters via API

Hierarchical risk meters can now be created via the API and we have a script for this on our github! The script will take a csv of descendant risk meters and add them to a parent.

Warning Message Before Deleting Users
Last month we released the warning message regarding deletion of shared dashboard views and more details can be found below. This month it was updated so that the message only shows when an admin is attempting to delete a user that actually has shared dashboards.

Connectors

We now have three new Toolkit Connectors:

• BugCrowd - Bugcrowd reduces risk with coverage powered by our crowdsourced cybersecurity platform. Go beyond vulnerability scanners and traditional penetration tests with trusted security expertise that scales — and find critical issues faster.
• Wiz - Wiz scans every resource across your entire cloud stack and multi-cloud environment using a 100% API approach that deploys in minutes.
• Burp Suite - The web vulnerability scanner behind Burp Suite's popularity has more to it than most. Burp Scanner uses PortSwigger's world-leading research to help its users find a wide range of vulnerabilities in web applications, automatically.

Bug Fixes

• Asset and vulnerability counts were inconsistent in child/descendant risk meters.

• Nexpose connectors were failing when they saw unmapped vulnerability definitions.

October 2021 Release Notes

General UI

Multiple Roles Per User Increase

Last month, we released Multiple Roles Per User. Users were allowed to assign up to 5 roles per user. Now the limit has been increased to 10 roles per user!

New Warning Message Before Deleting Users

For users that have shared dashboard views, the following warning message will be displayed: 

"Warning! Deleting a user will remove all of their Dashboard Views.

Are you sure you want to delete NAME?

This is a permanent action and cannot be undone. If you desire to retain Dashboard Views created and shared by this user, consider resetting their User ID and Password rather than deleting the user. Read more."

Kenna.VI

Kenna.VI+ App in ServiceNow Store

The Kenna.VI+ app is now live on the ServiceNow application store for Quebec and Rome releases.  

Bug Fixes

• For VI+ customers, we were returning all fixes associated with a given CVE rather than only returning fixes containing URLs & product information, resulting in unhelpful data.
  When attempting to delete a role with no users assigned, an error message was popping up suggesting there were users assigned.
• Customers using DUO 2FA were being sent to bad pages.
• Tags containing commas were very difficult to delete.
• The KDI was not accepting multiple WASC IDs per scanner vulnerability, causing the connector run to fail.
• The Nessus API connector was not functioning with the Kenna Agent.
• The Teneble SC connector was not properly logging out at the end of the connector run causing customer to run out of API sessions over time. Now the connector logs out after each run.
• For customers with the "Asynchronous Asset Export" setting turned on, assets were not being exported from child risk meters.
• Some customers using vulnerability-based risk meters were seeing assets appear in groups where no vulnerabilities matched the risk meter filters.

September 2021 Release Notes

General UI

License Usage Page

Customer admins can now check their license usage from the Kenna Platform. The new license page indicates what products customers are licensed for (VM & AppSec) as well as how much of the license is being used. Customers will also be able to see their Organization ID used by Cisco as a company identifier. Navigate to the upper right-hand corner and select the dropdown menu. Once the dropdown appears, click on the sub-menu of "Licenses". 

 

Multiple Roles Per User (MRPU)

MRPU has completed its staged rollout. Previously, a user could only be assigned one roll. This change should reduce the administrative burden in managing roles. Customer admins now have the ability to assign up to five Multiple Roles Per User. Please refer to the help page for detailed examples and explanation.

Alert Options for Subscription Expiration (VM, AppSec, VI, VI+)

Users may now subscribe to receive email or in-app alerts for VM, AppSec, VI and VI+ subscriptions that are about to expire (48 hrs notice) and that are expired.

Kenna.VM

Mac Address Normalization

Mac Address Normalization is now available for existing customers and there will be a separate email to all Admins about getting this turned on. You can read about how it works at the bottom of this article on Understanding Locator Order.

AppSec

Remediation Guidance

Remediation Guidance is now displayed as a default field on the Finding Details page! This information supports remediation efforts. This field maps to the "solution" field on the vuln_def record in the KDI. 

AppSec Findings Locator View

AppSec findings now support Locator view on AppSec Explore showing findings for File or URL locators when selected from Summary of Findings. Previously a customer would be re-directed to the Findings detail view when they selected a File or URL locator from the summary of findings view. Now that behavior has changed to direct the customer to the individual findings view showing all findings when a locator is selected in the summary view. See attached screenshots below for selecting the locator from Summary of findings and being directed to the individual findings view showing all findings for that specific selected locator.

Here, the user clicks on the link to DatabaseManagerCommon.java . . .

 

. . . which brings the user to this detail page showing all findings for that locator.

Ticketing

Kenna.VM in ServiceNow Store

The Kenna.VM App in the ServiceNow store has been certified on the ServiceNow Quebec release.

 

Bug Fixes

• Read only users were unable to edit dashboard views that they owned.
  Asset exports did not have a column for image_id or container_id.
• Fix emails were missing a list of affected assets when the "apply to all" button was selected for the search terms to apply to all assets in Explore.
• When using the CSV Vulnerability (with Details) export from the UI, if a given vulnerability had only a single scanner vulnerability open but one (or more) closed scanner vulnerabilities as well, the Details column in the export included details for all of scanner vulnerabilities (open AND closed). Now it will not include close vulnerability details.
• Both Total Risk Score Over Time (TRSOT) and Mean Time to Remediation (MTTR) graphs on the
• Home page lagged one day behind the current date.
• Scanner Vulnerability identifiers were shown in both upper and lowercase in Explore but queries required the lowercase scanner_ids to return results.
• For Exodus Customers: Zero-Day EIP-2013-0021 was removed from the Exodus feed but still existed in Kenna as a zero-day vulnerability definition. The vulnerability definition has been removed.
• Top Fix groups Affected Assets counts were not aligning with the count of assets associated with a fix in a risk meter.

August 2021 Release Notes

Connectors

Improved Connector Run Error Messages 

This is an ongoing project where error messages will continue to be improved through iterations of this project. If a connector run fails, users will see more comprehensive error messages designed to reduce frustration, improve resolution time and enable customers to self resolve in as many instances as possible without having to contact support. 

Two specific areas have been improved: 

1. 1. Precise & Consistent Descriptions - Error messages are no longer generic and will identify the application that is posting the error and alert the user to the specific problem, rather than a vague generality. Error messages will use consistent verbiage across various connector sources, reducing confusion around the meaning of any given error message. 
      
   2. Clear Next Steps - The error message will provide clear solution steps and/or exit points. If the next steps involve calling technical support, the word “Kenna” has been removed in order to not confuse customers which may need to call an MSSP.

MAC Address Normalization for New Customers

As of August 11, 2021, we will normalize mac addresses for any newly signed up customer. Conflict between vendors' representations of mac address cause mismatch/duplication of assets. Kenna can now normalize incoming mac addresses and improve deduplication of assets in Kenna. Read more on this at the bottom of this article on Understanding Locator Order.

This release does NOT impact existing customers - existing customers will be included in a phase 2 rollout targeted for September 2021. 

Connector-level Custom Ordered Locators for the Crowdstrike Connector  

Previously, Custom Ordered Locator configured at the connector-level for the Crowdstrike connector was being ignored. The Crowdstrike connector would always use the Kenna default locator order. Now the Crowdstrike connector uses the following order by default. If the order is changed, the Crowdstrike connector will use the custom order instead.

The Crowdstrike connector default is:

1. external_id_locator
2. ec2_locator
3. netbios_locator
4. external_ip_address_locator
5. hostname_locator
6. url_locator
7. file_locator
8. fqdn_locator
9. ip_address_locator
10. database_locator
11. application_locator
12. mac_address_locator

AppSec

Enhanced Text Searching for AppSec Findings 

Previously AppSec findings text search could support only an exact match on the vulnerability ID or full name. Text search in findings now allows users to search on key date ranges, applications, locators and now supports wildcard searches! In order to use this feature, a customer must be using the AppSec findings model. Open the search help box from within the platform to review your search options!

Bug Fixes

• Previously, when the "NOT" modifier ( '-' ) was placed next to a vulnerability search field, the expected behavior was reversed - the field:value pair was included. This fix restored the expected behavior so that now when a '-' is used next to a vulnerability search field, the search excludes said field:value pair. 
• The True Risk feature of descendant Risk Meters has been fixed so that the number of vulnerabilities shown on the True Risk page is the same as the number of vulnerabilities shown on the reporting page in the "N Vulnerabilities" link. Additionally, the number of assets on the True Risk page reflects the correct number of assets for the vulnerabilities shown.
• The "Active Assets and Open Vulnerabilities Over Time" graph on the reporting page was including inactive assets for certain risk meters. From the end of June through August customers may see that the "Active Assets and Open Vulnerabilities Over Time" graph has an increase in assets due to inactive assets being included. However, going forward customers will only see active assets included in the "Active Assets and Open Vulnerabilities Over Time" graph. 
•  Service Now description and short description fields were fixed to properly populate vulnerability information and the integration has been fixed.
• Validation and an error message has been added to the bulk update API endpoint for vulnerabilities to prevent users from updating vulnerabilities with invalid or blank statuses.
• A job that sends emails on newly identified malware was fixed and emails have resumed.
• The fix_title_keyword parameter when used to create a descendant risk meter has been fixed so that descendants inherit this parameter.

________________________________________________________________________________________

July 2021

Feature Releases

Name	Description
Audit Logs for Toolkit Use	Customers now have visibility into which task is using the toolkit. The toolkit uses User-Agent in the HTTP header, and therefore activity will be logged. Example: user_agent:Kenna Toolkit - veracode_asset_vulns
Findings Filter in AppSec Explore	Findings can now be filtered on created date in AppSec Explore.
Updated Prisma Connector External ID Locator	For an asset with either a CONTAINER_ID or IMAGE_ID, the Prisma Connector no longer maps to EXTERNAL_ID automatically. This is a Prisma/Twistlock connector behavior change. On the Asset Detail page, the presentation of fields (EXTERNAL ID, CONTAINER ID, IMAGE ID) has been updated to truncate the ID string and offer a “copy to clipboard” action button to get the full ID string. The reason for this UI change is to better present the very long IDs (often more than 256 characters) within limited horizontal space than to allow for the string to continue off the screen.

 

Bug Fixes

• An issue was discovered when clicking the "Search for Scanner IDs" link in the vulnerabilities tab of Explore. If scanner_id contained spaces, a search term with improper syntax was populated.
• Now if the scanner_id displayed in the vulnerabilities tab is a clickable link, it populates a search term with acceptable syntax.
• Email alerts for malware were not sending.
• Clearing data from a field on an asset was not removing the data.
• The KDI was failing all payloads if the only locators specified for an asset were image or container_id.
• The "Reset Filters" button in Explore was removing filters but not search queries. Now both the filters and search box are cleared.
• Invalid queries were being validated and showed an Update/Save button, but no Risk Meter would be created. Now invalid queries cannot be saved.
• Scanner Vulnerability identifiers were shown in both upper and lowercase in Explore but queries required the lowercase scanner_ids to return results. There are now two fields  (scanner_id: and scanner_unique_id:) which are case sensitive. 

June 2021

Feature	Description
KDI Mac Address Validation Changes	We have removed format validations and added a 30-character maximum length validation to the Mac Address field in the KDI.  The benefits of these changes are: The KDI will exhibit similar behavior to other connectors. The 30 character maximum length validation on the mac address field will prevent users from inputting long strings of bad data into Kenna.
Search by 'role name' in User Settings UI	Customers can search by role name in the user settings UI. Previously the search was limited to searching by User name or e-mail ID. Key Points  Customers will now be able to search by Role Name in addition to the already available search by Name of user or E-mail in the User Settings UI.  The Search bar has been widened to include the "entire role name". The functionality for role name search mirrors that of the currently available "Name or E-mail" search and also allows for prefix based Search (for eg. If searching for a role name with a word  "webgoat" if the user types in "goat" the roles matching the keyword "goat" will be returned").
Handling of older assets not recently seen during Kenna Connector Runs	Assets which are outside of the set retention and purge periods will not be imported during connector runs. You can read more about this in our updated Asset Purge Period Setting article.
VI+ Updates	1. Now customers can search for CVEs by Qualys KB Id (QID) to find all associated CVEs. Functionality is for VI+ clients only The endpoint accepts a comma separated list of QIDs, via the qids query parameter If more than 10 QIDs are submitted, results are returned for the first 10 QIDs If given an unknown QID, result will be empty Results will be grouped by QID - example of the response will be in the API docs   2. We added a link to the specific source of a given exploit to the "Show Vulnerability Definition" response.
Prisma Cloud Connector Updates	1. ALAS Findings Prisma Cloud Connector ALAS (Amazon Linux Advisory Services) findings were previously being presented in Kenna as informationals and the associated CVEs were not being scored.  There can be a 1:1 relationship with CVE or a 1:Many relationship with a CVE, similar to QIDs.  We now present the proper scoring for the CVEs associated with the ALAS finding. Please note that the Prisma Cloud scanner does not identify which specific CVE is or is not present on the asset, therefore we show all the associated CVEs.  2. Prisma Informationals We added support for Prisma ID Security warnings to the Prisma Cloud Connector so that Kenna brings these in as informationals. Many vulnerabilities are publicly discussed or patched without a CVE ever being assigned to them. While monitoring open source vulnerabilities, the PAN team identifies vulnerabilities you need to be aware of, and assigns PRISMA IDs to them whenever applicable. For example, let’s review PRISMA-2021-0020. A user found a bug in the Python package click and opened an issue through its open source repository in GitHub. PAN research team found this issue and determined it explains a valid security vulnerability. Although no CVE was assigned to this vulnerability, our team promptly assigned it a PRISMA identifier, and analyzed the correct range of affected releases. Affected customers were alerted of this vulnerability despite the lack of any public vulnerability identifier. If a CVE is ever assigned to a same PRISMA vulnerability, the CVE takes over and the PRISMA entry is fully replaced by it.

 

May 2021

Feature	Description
Kenna VI+ API Changes: Change to the Show Vulnerability Definitions Endpoint New Show Malware Hashes Endpoint	Popular Malware exploitable CVEs were collecting large numbers of malware hashes which could create very large responses when querying the "Show Vulnerability Definitions" API endpoint and sometimes caused 504s. For all CVEs, we removed malware hashes and replaced them with a malware count field in the response to that endpoint. A new "Show Malware Hashes" endpoint was created where you can query those CVEs to get the hashes.
Home Page Changes Client-Scoped Homepage New Bulk Update Permissions Endpoint	All widgets on the Home Page now reflect full customer data regardless of role. This change will not affect System Roles of Admin, Normal, and Read Only. Data made unavailable to a Custom Role will be greyed-out and the user will not have access to click. For example, on the "Today's Risk Meter Scatter Plot" Custom Roles can click on "Not Accessible" to see unaccessible risk meters represented as grey dots. Admins have the ability to enable/disable home page access for any custom access role. A new endpoint was created to Bulk Update Permissions for custom user roles. Further details are available on the Kenna Home Page article.
New Asset Purge Period Setting	A new feature is available which will automatically purge inactive assets according to a timeframe selected by the customer administrator. Currently the feature is available to all customers in test and production instances.  Customers are required to choose a retention period by July 1st, 2021. If a retention period has not been chosen by July 1st, Kenna Security will default to the following settings: Production Accounts - 180 day retention period Test Accounts - 30 day retention period Further details are available on the Asset Purge Period article.
Improved Connector Error Messaging 2.0	Following last month's release, error messages continue to be improved as an ongoing effort to build a database of potential errors and corresponding comprehensive error messages to display to the customer.  Two specific areas have been improved:  Precise & Consistent Descriptions - Error messages are no longer generic and will identify the application that is posting the error and alert the user to the specific problem, rather than a vague generality. Error messages will use consistent verbiage across various connector sources, reducing confusion around the meaning of any given error message.  Clear Next Steps - The error message will provide clear solution steps and/or exit points. If the next steps involve calling technical support, the word “Kenna” has been removed in order to not confuse customers which may need to call an MSSP.
Client Setting to Increase the Asset Export Limit in the UI	There is a new client setting called “Async Asset Export” that can be enabled in client environments. When enabled, this setting will increase the UI asset export limit to 500k (from 100k) by changing the export to process in the background and send the user an email to download the file as a GZIP (this is similar to the process for Vulnerability and Fix exports from the UI). This setting is turned off by default. When it is not enabled the UI, asset exports in the client's environment will continue to have the 100k limit and download directly in the browser as a CSV.
Added Image ID and Container ID to KDI	For a customer who wishes to use the KDI for a container scanner that doesn't have a connector yet, we added container and image locators in order to map the ingested data for image or container assets.

April 2021

Feature	Description
Risk Meters: Dashboard Views and Faster Risk Meter Creation	Improved Risk Meter Drop down for Dashboard Views Users now see enriched information in the Risk Meter drop down when creating and modifying Dashboard Views. Risk Meter score Risk Meter color coding HRM hierarchy (first-level child and sibling Risk Meters) It is also possible to add the child Risk Meters to Dashboard Views without adding parent Risk Meters. Optimized Risk Meter Creation Risk Meter creation speeds markedly improved in both the UI and API.
Connectors: Improved Error Messaging	Improved Connector Run Error Messages Users now see more comprehensive error messages designed to reduce frustration, improve resolution time, and enable self-resolution of issues in as many instances as possible without the need to contact support. From the Connectors page or Home page, you see detailed messages that identify the application that is posting the error and alert the user to the specific problem. The message also provides clear solution steps and/or exit points. Note: The error message indicates if/when users should reach out to support after following the suggested troubleshooting steps.
Bug Fixes: Unassigned Roles Deletion and Search Queries Streamlined	Deleting Unassigned Role Unassigned roles that returned an error message when attempting to delete can now be deleted. Search Queries Some search query results were impacted by the order of the query, which returned inconsistent results. Users will now find search queries return the same results regardless of the order of the query.

March 2021

Feature	Description
Risk Meters: User Role Creation	Improved Risk Meter Drop down for User Role Creation Improved the Risk Meter drop down menu for creating or editing User Roles. Now you can use type-ahead in the Search bar. You can click the arrow to expand child hierarchy.
Exports: Enhancement	Export Vulnerabilities with Full Solutions from the UI You can now see a column for 'Short Solution' and a column for 'Solution', which has the full scanner solution.   Vulnerability Exports Limit Increase to 500K with Details from the U For the existing vulnerability export with details, an increase in the limit from 100k to 500k vulnerabilities with details was implemented. Important: These export features must be turned on by request by your customer success team. If you do not engage regularly with a CSM or a CSE, please contact support if you want these turned on.
Connectors: Prisma Cloud Compute Edition (PCCE)	Search By Image Ability to search by asset identifier for images ingested from the Prisma Cloud Connector and the containers that are running them.
UI: Changes to Alternate Fix Button Location and Vuln CSV Export Column	Alternate Fix Button Location Users do not need to scroll down the page to see the Alternate Fixes Available button in Explore. Vuln CSV Export Column The previously named 'Solution' column has been renamed to 'Short Solution' to better describe the content. The column named 'Solution' now reflects the full scanner solution. Note: If you are using a script that references these column, please take note and make sure you are pulling the data you intend.

February 2021

Feature	Description
VM Explore: Search Result	Search result speed improvement in Risk Meter when using the All Groups drop-down in the top left of the VM Explore page.
API: Enhancement	Remote code execution (RCE) added to the Kenna.VM and Kenna.VI+ client-facing API. In addition, Kenna.VI+ API has popular targets added to it.
Connectors: Prisma Cloud Compute Edition (PCCE)	Scheduled Scans Scheduled Scan functionality has been added to PCCE connector. Registry/Repo Information Ability to present Registry and Repo Tag information for each of the scanned images. It prepends the word registry or repo to the tag for easier identification as seen in the image below:
UI: Pop-ups Fix	Previously, when you reached the bottom and continue scrolling, the content of the pop up did NOT scroll and got cut off. Now, after reaching the bottom of the dropdown you can continue scrolling.

 

January 2021

Feature	Description
Hierarchical Risk Meters: Exports	Users that have created child risk meters can export that data from the UI. Use the same button in the front-end to export parent or child risk meters. Note: Exporting children from the API is not a part of this release, but will be a part of the work to support HRM in the API.
Audit Logs: GCP	The Audit Logs feature in GCP has the same functionality as Audit Logs in AWS and allows clients to pull down data regarding user-initiated events that happen in the client’s instance of the Kenna application and the Kenna API. It also allows clients visibility into user behavior in their Kenna instance so they can be responsive to any breaches and/or nefarious behavior. For more information on Audit Logs or how to configure this feature, please refer to the below information: Getting Started with Audit Logs API documentation
Containers: Search Capability	Ability to search by container ID for clients using Prisma Cloud Compute Connector.

 

__________________________________________________

For past release notes, please refer to this archived page.