July 2023
New Features and Updates
Rebranding
Kenna.VM is now Cisco Vulnerability Management, and Kenna Security logos and text references now use Cisco’s naming conventions and logos.
The only impact on functionality is that CSV Exports no longer include the column name “Kenna Fix ID” for Fixes and Top Fix Groups and instead reference this column as "Fix ID". If you are using any scripts to extract this column name, ensure you update them to incorporate this change.
Risk Meter Editing
The edit risk meter button stated “Name/Permissions” even if the user didn’t have the ability to edit the name. Now the button states “Name/Permissions” for administrator users, and “Name” for non-administrator users.
KDI Importer Findings for Kenna.AppSec and Cisco Vulnerability Management
In Kenna.AppSec, when you use the KDI connector to ingest vulnerability data, the connector creates findings only when the Findings attribute is in the asset payload.
In Cisco Vulnerability Management, the KDI connector creates findings if the assets payload contained the following attributes:
[:asset][:url]
[:asset][:application]
[:asset][:file]
[:asset][:locator][:url]
[:asset][:locator][:application]
[:asset][:locator][:file]
If you are a Cisco Vulnerability Management (formerly Kenna.VM) customer and want to continue to see findings in VM, contact Support and ask them to enable the Import Legacy Findings setting.
If you are a Kenna.AppSec customer, you can use the Findings attribute in the asset payload to create them.
Kenna Risk Score now Incorporates Exploit Prediction Scoring System (EPSS) Scores
The Kenna Risk Score previously predicted if a vulnerability was Easily Exploited. With the adoption of the latest version of EPSS, the Kenna Risk Score now looks at the probability of a vulnerability having an Active Internet Breach, and factors it into the overall Kenna Risk Score.
Crowdstrike Connector
The Connector now ingests fix and recommendation data from your Crowdstrike scanner, and you will now see fix details for CrowdStrike in your VM UI. To establish the API connection and use the required data mappings, see the Fix Data Mappings section in the CrowdStrike Connection article.
Note: This supported fix and recommendation data is only for newly created fixes. Currently, it does not update existing fixes, so it is not backwards compatible.
API
You can see the latest changes to the API in the API changelog.
Export vulnerability details
You can now use the API to export vulnerability details. For more information, see the Request Data Export endpoint documentation.
Pick which fields to export for assets and vulnerabilities
You can now pick which fields are returned in asset and vulnerability exports. For more information, see the Request Data Export endpoint documentation.
Custom fields export
When no VM custom fields are defined, vulnerability exports will return custom_fields: [].
Export Details update
When you export details about a vulnerability, the “connector_definition_name” is now “connector_name”.
Bug Fixes
The Cisco EULA now links to the Privacy policy instead of the Product Specific Terms.
When a Tenable.io connector run was performed, it might have intermittently failed because of an SSL error.
The ServiceNow CMDB connector settings page no longer returns a 500 error when an unresolvable host is set.
If the name of a child risk meter contained an underscore character (_), the name did not wrap and displayed incorrectly. Now if the name of a child risk meter is long, the text wraps and displays correctly.
Checkmarx XML payloads no longer fail if a timestamp is unparseable.
Users might have seen different industries listed on their Mean Time to Remediate and Total Risk Score Over Time graphs.
June 2023
New Features and Updates
Changes to Custom Fields in Cisco Vulnerability Management (formerly Kenna.VM)
Cisco Vulnerability Management now supports the same data types as custom fields in AppSec. In addition to the existing numeric data type, the following data types are supported:
- Date: Supports a searchable calendar date
- Short string: Maximum of 50 characters
- Long string: Maximum of 500 characters
- Dropdown menu: List of static choices that appears when you click on a title
- Attachment: Supported file types are PDF, JPEG, JPG, PNG, and XLSX. Maximum size of 2 MB
For more information about creating custom fields, see Creating a Custom Field.
Vulnerability Endpoints
The vulnerability endpoints in Kenna API V2 now also support custom fields.
Vulnerabilities tab of the VM Explore page
On the Vulnerabilities tab of the VM Explore page, when you click Display, if you have 10 or more fields, a scroll bar appears beside the list, making it easier to scroll through the available fields.
API
You can see the latest changes to the API in the API changelog.
Rate Limit
The Error documentation has been updated to include more information about the rate limit. For more information, see the API documentation.
Bug Fixes
- Now when vulnerabilities are created in Cisco Vulnerability Management (formally Kenna.VM), only CVEs are included in the Findings sections of the KDI, and they open as findings.
- A custom field created with a long name from the Cisco Vulnerability Management Explore page, now displays with its correct name in the Edit window.
- Vulnerability scores are now rounded to the nearest whole number rather than displaying with a decimal point.
- When the Black Duck Hub Connector sent a GET request for vulnerability reports with a valid authentication token, a 401 error no longer returns. Now, GETs retrieve valid vulnerability reports and then the data is ingested.
- When you set the priority of an asset in a MS Defender Connector run to a value other than the default value of 10, the asset priority no longer resets to the default value on subsequent connector runs.
- The count for the number of records in the stream record count is now accurate.
- When you try to create or edit application locators with a name that already exists, AppSec now informs you that there is a duplicate name, and you can now fix it before the application locators are applied.
June 7, 2023: Special Update
Introducing Vulnerability Assessment with Cisco Secure Endpoint!
Cisco Vulnerability Management (formerly Kenna.VM) is now integrated with Cisco Secure Endpoint. Use it for the following things:
- Do end-to-end Cisco asset data gathering
- Improve vulnerability detection and analysis
- Enhance your reporting
For more information, see the Cisco Security blog post and the Cisco Secure Endpoint documentation.
May 2023
New Features and Updates
Toolkit: Snyk V2 Connector
The findings of this Connector have multiple identifiers associated to them. Now, when these findings are ingested, the findings ID is split, and then new findings are created for all the unique identifiers. So, the findings are separated, indexed and searchable.
Important: All previous findings will change to a Completed state. A new connector run will reindex findings. If you are tracking a specific finding by an ID, you must re-point to the new identifier. For more information, see the readme.md.
Custom Fields pagination
Added Pagination to the Settings > Custom Fields page. Custom fields are displayed page by page, rather than one long list.
API
You can see the latest changes to the API in the API changelog.
The following changes have been made to the API V2:
New Vulnerability APIs
We’ve added the following vulnerability APIs, that provide access to custom fields for a vulnerability:
- Show
- Update
- Bulk Update
- Search
- List
Bug Fixes
On the VM Explore page, when you click Display and scroll to the bottom of the page, the Display menu options no longer overlap the main navigation bar at the top of the page.
Previously, when you applied an SLA that had a fix published date as the due date basis to a vulnerability that did not have a fix, a due date was applied.
On the VM Explore page, in the Search help, the example syntax for the Term Existence Check was updated so that it works when it is pasted into the search box.
If there is a timeout enforced, the Tripwire (IP360) connector now renews sessions by setting a shorter lookback to a successful run, resolving the API error, and ingesting the reports (audits).
April 2023
New Features and Updates
Amazon Web Services (AWS) Inspector V2: Toolkit Release
The AWS Inspector V2: Toolkit Release is a vulnerability management and scanning service for AWS workloads. It captures vulnerabilities and unintended network exposures. It can scan Elastic Compute Cloud (EC2) instances and Amazon ECR Container images. For detailed information about the AWS Inspector V2, see the README.md in GitHub.
Note: The AWS Inspector V1 (now named Classic) Toolkit connector is supported until a full migration occurs.
Virtual Tunnel Client: Release – 1.4.3
For users of the Virtual Tunnel, the current release 1.4.3 makes it easier to start, simplifies the UI to reduce confusion, and improves your overall user experience. In addition, there was an issue with network requests when using proxy configurations. This problem is now fixed.
Deduplicate CrowdStrike assets against Wiz assets using the EC2 InstanceID
The Wiz toolkit connector is updated to pull in the EC2 Instance ID. Now the Wiz toolkit connector consumes five points of asset locator information, including the External ID, MAC address, IP address, Hostname and the EC2 Instance ID. This update fosters deduplication capabilities with inbound data sources, such as CrowdStrike, so you can use it to deduplicate CrowdStrike assets against Wiz assets using the EC2 Instance ID. For more information, see Running the Wiz task.
API
You can see the latest changes to the API in the API changelog.
Pick Your Fields for Asset Exports in the Request Data Export API Endpoint
You can now select the fields to be used for an asset export in the Request Data Export API Endpoint. This update has the following criteria:
- Field selection is specific to the asset model in the Request Data Export endpoint.
- Selecting fields is specific to the API and not supported in the UI.
- You cannot combine field selection with slim exports.
For a complete list of the fields supported, scroll down to the BODY PARAMS section on the Retrieve Data Export page.
Bug Fixes
The following bugs are fixed:
When creating a risk meter, you can’t specify the roles that can access it
Problem: When you created risk meters (asset groups), you couldn’t select roles that could access the risk meter, because the Roles drop-down list was empty.
Fix: The Roles drop-down list is now populated, and you can select from it.
The Updated On date and Last Updated fields displayed different dates
Problem: The Updated On date on the Vulnerability CVE Description detail page, and the Last Updated field on the Vulnerability Intel Explore page were populated from different fields, so they had different dates.
Fix: The fields now use the “Last Modified Date” information, so they display the same date.
The error message for failed connector runs didn't provide useful information
Problem: When a connector run found corrupted files, it failed and returned a generic buffer error that wasn't informative for users.
Fix: Now, when a connector run fails because of corrupt files, the following error message displays: "There was an error running the [Name of connector] connector. Please try again. If you continue to encounter issues, please contact Support."
The Create Vulnerability API didn't update notes correctly
Problem: When you used the Notes parameter in the Create Vulnerability API, the note was also applied to the associated asset.
Fix: Notes are now applied only to the vulnerability that is being created.
The Lacework toolkit syncs fewer records than expected
Problem: The hosted Lacework toolkit imported fewer records than expected.
Fix: All records returned through the API are now processed.
The Lacework connector didn't import all CVE vulnerability details
Problem: The Lacework connector didn't import all the CVE vulnerability details into Cisco Vulnerability Management.
Fix: This connector now imports all CVE vulnerability details.
March 2023
New Features and Updates
Changes to the CrowdStrike Connector
The CrowdStrike Connector using Spotlight supports vulnerability scanners in Kenna. It has its own default locator order, so it does not use the Kenna default locator order. Now, CrowdStrike Asset Data Mapping fields include a new EC2 asset locator to deduplicate data. For more information, see the CrowdStrike Connector.
Hierarchical Risk Meters
All new customers can now create hierarchical risk meters by default. If you are an existing customer and want to have access to this feature, contact Customer Support and request to have it enabled on your account. For more information about hierarchical risk meters, see Getting Started with Hierarchical Risk Meters and Navigating Groups in VM Explore.
API
You can see the latest changes to the API in the API changelog.
Exports
Pick your fields for asset exports is added as an option to Request Data Export.
New Vulnerability APIs
These vulnerability APIs enhance existing custom field support and introduce new data types. The new endpoints use V2 as the API URL. To use these APIs, you have to switch to using V2 URLs. The V1 endpoints will be supported for a minimum of 12 months.
Remediation Scores
The remediation scores are added to List Asset Groups API and Show Asset Group API.
The following changes have been made to the Kenna API V1:
Changes to Resources section
Added "Counting Closed Vulnerabilities" blog entry to Resources.
Changes to Request Data Export
Fixed typos and removed "custom_fields" from input body parameters in Request Data Export.
Changes to Update Asset Group
Updated some parameters in Update Asset Group. Removed "historical" parameter.
Bug Fixes
The following bugs are fixed:
Connector runs using corrupted files fail with generic error message
Problem: When a connector run fails because of corrupt files, it returns the default error message, which doesn’t provide any information about why the error occurred. It should return a more descriptive message.
Fix: When this error occurs, the following error message is returned: "Could not decompress the uploaded file(s) [file_name]. Please ensure the file(s) are .nessus format, uncompressed, or in a valid zip archive. If the error persists after a successful validation, please contact Support."
Links to Risk Meters in the Alert Section return an error
Problem: The problem occurs for alerts that indicate changes in the group risk score. When you click one of these alerts, it goes to the Dashboard and displays an error “Risk Meter Not Found.” It should display the risk meter associated with the alert.
Fix: The risk meter is now displayed.
VI Data Mismatch
Problem: The Updated On date shown on a Vulnerability CVE Description detail page and the Last Updated field on the VI Explore page can display different values because they are sourced from different places.
Fix: The “last modified” date for the CVE is now displayed.
February 2023
General
Remediation Scores Available in Your Test Account
If you have Kenna Premier Tier and have purchased a test account, you can now see Remediation Scores in your test account before you go live to users in production.
Changes to the Tanium Comply File-Based Connector
The way this connector generates asset vulnerability data has improved. Kenna uses this data, along with asset risk data reported by other connectors, to calculate a risk score for the assets in your environment, providing you with enhanced risk posture and security.
Depending on if you have an On-Prem or Cloud version of Tanium, you may need to use a different method to download the Tanium input file.
For more information, see "Tanium Comply File-Based Connector."
Changes to Rapid7 Nexpose Connector
The Rapid7 Nexpose connector can import hostname and Fully Qualified Domain Name (FQDN) to use in asset deduplication.
To benefit from this improvement immediately, you must clear your asset data, which refreshes your asset deduplication. Contact the Kenna Support team and ask them to clear your asset data. Be sure to say that you want to clear only assets and vulnerabilities and keep connectors and risk meter data.
Note: If you don’t clear your asset data, the duplicate assets persist until they become inactive and are removed from the system.
For more information about how Kenna deduplicates assets, see "Rapid7 (Nexpose or InsightVM) Connectors - API and XML" and "Understanding Locator Order."
Changes to the Qualys WAS Connector
We’ve added support for the following Qualys regions :
- US4
- Qualys AE
- Qualys UK
- Qualys AU
For more information about the Qualys WAS connector, see "QualysWAS Connector."
API
You can see the latest changes to the API in the API changelog.
The following changes are coming soon.
New Vulnerability APIs
These vulnerability APIs enhance existing custom field support and introduce new data types. The new endpoints use v2 as the API URL. To use these APIs, you will have to switch to using v2 URLs. The v1 endpoints will be supported for a minimum of 12 months.
Remediation Scores
The remediation scores will be added to List Asset Groups API and Show Asset Group
API.
The following changes have been made to the Kenna API V1:
Changes to Retrieve Data Export
The following changes have been made to the Retrieve Data Export API:
- New message with 400 HTTP status code: "Cannot retrieve a failed or cancelled export"
- New message with 400 HTTP status code: "Export Not Found"
- 404 HTTP status code and message has been removed
Changes to the Introduction
The following changes have been made to Kenna Platform API Introduction section and the Guides section:
- Authentication renamed to API Authentication
- HTTP Status codes moved to Errors
- Downloading Export Files and User-Agent moved to Guides
Bug Fixes
The following bugs are fixed:
Sonatype Agent Connector Runs Fail
Problem: The Sonatype connector runs failed due to missing agent file (client_file) uploads. The IP whitelisting process was blocking the agent file uploads.
Fix: The IP whitelisting process now uses the correct customer IP address. We also changed the way Kenna processes IP addresses from X-Forwarded-For headers for clients with SAML enabled.
Error When Viewing Alerts
Problem: When trying to view Alerts, you receive an error. The page can’t load because of a large number of unacknowledged alerts.
Fix: We’ve improved the performance of the Alerts page by making the following changes to it:
- Added pagination (displaying alerts page by page, rather than one long list)
- Added filtering by alert type
Prisma Connector Assets are Not Deleted
Problem: Prisma Connector Assets reach their asset purge setting limit but are not deleted. During the connector run, assets not seen by the connector are inactivated, and the inactive_at date is not set. Deleting an asset depends on the inactive_at date so the asset is not deleted.
Fix: We changed the processing so that when a connector is inactivated, the inactive_at field is populated, and the deletion process works as designed.
Bulk Delete Vulnerabilities API Endpoint Fails
Problem: Bulk delete requests fail with a 504 response. The error occurs because the requests include vulnerability IDs with large numbers of scanner vulnerabilities.
Fix: We improved the performance of the batch processing of bulk delete requests.
Snyk v2 Toolkit Task Does Not Apply Changes
Problem: The projectName_strip_colon setting on the Snyk v2 toolkit task does not apply its changes, resulting in incorrect application_locator values. Incorrect application_locator values can affect the asset selection when the data is imported.
Fix: We corrected the problem in the Snyk v2 toolkit task so that the change is applied.
January 2023
General
Subscription End Date
An administrator can see the Kenna subscription end date on the License page. For more information about licenses, see Kenna License Entitlement FAQ.
Figure 1: Subscription end date
Changes to Kenna.VM utilization email notifications
An administrator can configure the level of email notifications for Kenna.VM utilization.
If entitlement enforcement is on, administrators receive email notifications when Kenna.VM utilization is at 80%, 90%, and 100%. Administrators can disable the 80% and 90% email notification on the Alerts page.
Figure 2: Configuring level of notification for asset entitlement usage
To configure the level of email notifications, hover over the gear icon (Settings),and in the menu, click Alerts.
Figure 3: Selecting the Alerts page
Changes to Export
The success banner displays the Export ID when you export from Explore or the Top Fixes page. Use the Export ID to quickly query the status of the export in the API or search the VM Activity table.
Figure 4: Export ID displayed in success banner
Changes to Explore
In Explore, on the Assets tab, you can display Asset ID in the asset list. The Asset ID can be useful when you are using the Kenna API and for the Customer Support Team.
Figure 5: Export ID displayed in Assets list
To show Asset ID in the asset list, click Display, and select the Asset ID checkbox from the list.
Figure 6: Configuring Asset ID to be displayed
Changes to Crowdstrike
If an asset in Crowdstrike has a Fully Qualified Domain Name (FQDN) or NetBIOS name, the values are imported into Kenna and are used in asset deduplication.
For more information about how Kenna deduplicates assets, see Crowdstrike Connector and Understanding Locator Order.
Changes to Zero Day Vulnerability Intelligence license indicator
The tooltips for the Zero Days facet have been improved to clarify when the Zero Day Vulnerability Intelligence feature is enabled.
When you hover over the Zero Days facet, the following message displays when the feature is enabled and there are active zero days:
Figure 7: Message indicating that there are zero-day vulnerabilities (feature enabled)
When you hover over the Zero Days facet, the following message displays when the feature is enabled and there are no active zero days:
Figure 8: Message indicating there are no zero-day vulnerabilities (feature enabled)
When you hover over the Zero Days facet, the following message displays when the feature is disabled. It means that your organization doesn’t have the Premium Tier license that supports the Zero Day Vulnerability Intelligence feature:
Figure 9: Message indicating Zero Day Vulnerabilities feature is disabled
API
You can see the latest changes to the API in the API changelog.
The following changes are coming soon.
Export Status Codes and Messages
The export HTTP status codes and response messages are being standardized and updated.
The following changes are being made to the "Retrieve Data Export" API:
- New message with 400 HTTP status code: "Cannot retrieve a failed or cancelled export."
- New message with 400 HTTP status code: "Export Not Found."
- 404 HTTP status code and message will be removed.
Vulnerability APIs
The vulnerability APIs are moving to version v2, which supports better custom field interaction. You’ll see "v2" in the API URL.
Remediation Scores
The remediation scores are being add to "List Asset Groups" and "Show Asset Group".
Virtual Tunnel
The following improvements are in Virtual Tunnel 1.4.2:
- Improvements to the client-user account creation and management process.
- Verification of Internet connectivity when changing an API key through the UI. If no Internet connection is detected, an error message displays, and the API key is not saved.
- Changes to the way commands are executed to improve security. Remotely delivered commands are executed locally, instead of remotely.
You can download VPN Tunnel 1.4.2 from the Software Download page.
Bug Fixes
The following bugs are fixed:
Links on VM Activity page
The VM Activity page displays a list of all exports. The download links on the VM Activity page for Findings were broken. These links have been fixed, and you can download Findings exports.
For more information about exports, see Exporting data from Kenna.
Assets affected by a fix in ServiceNow ticketing description filters assets incorrectly
Child risk meter filtering didn't work for assets affected by a fix in ServiceNow ticketing description. The filter showed all affected assets in the instance, instead of only affected assets within the scope of the child risk meter. Child risk meter filtering works correctly now.
December 2022
General
Remediation Analytics and Scoring
Please note that Remediation Score is a Kenna Premier Tier feature.
The overall Remediation Score is now color coded to provide better context on the scale.
The score ranges from 0-100 with higher numbers indicating success across the four metrics of the score. As a security program progresses in maturity, it should strive to increase its score.
Figure 1: Remediation Analytics and Scoring
Figure 2: Remediation and scoring description
November 2022
General
Kenna.VM Premier
Introducing the availability of Kenna.VM Premier, an advanced tier of Kenna’s flagship risk-based vulnerability management (RBVM) platform.
In addition to the existing features and functionality of Kenna.VM, the Premier tier adds zero-day vulnerability intelligence from Cisco Talos, remediation analytics and scoring, and access to Kenna’s vulnerability intelligence via both a web-based user interface, and API (also known as “Kenna.VI+”).
Figure 1: Remediation Analytics and Scoring
Figure 2: Talos zero-day Vulnerability Intelligence
Figure 3: Kenna Vulnerability Intelligence Dashboard (VI Dashboard)
To learn more about Kenna.VM Premier and its new features, go to the following resources:
- Cisco Security Blog – Introducing the Kenna.VM Premier
- At a Glance One Pager – Benefits of Kenna.VM Premier
- Remediation Score Guide
- Updated Kenna.VM At-a-Glance
- Updated Kenna.VM Data Sheet
Kenna.VM Premier is generally available on the Cisco GPL, EA 3.0, MSLA buying programs, and is planned for the EA 2.0 buying program later this year. For more information on Kenna.VM Premier, please contact your Partner or Cisco Sales specialist.
API
Virtual Tunnel 1.4.1
- Kenna service account has been removed
- Scanner account name changed to client-user
- Base ISO upgraded to Rocky 8.6
- Adjustments to available crypto cipher packages
Virtual Tunnel 1.4.0
The following security enhancements were added to Kenna Virtual Tunnel
- Adjustment to default SSL handling.
- Security check for hypervisor support for RDRAND/RDSEED number generation.
- Upgraded file hash generation from SHA1 to SHA2.
CSV Export
- File locator field in now supported in the CSV export
VI+
- Show Vulnerability Definitions has been renamed to List Vulnerability Definitions in Kenna VI+ API documentation.
Note: The URL has not changed, only the name.
Bug Fixes
- Kenna users with roles set to allow asset note editing were unable to edit nil value asset notes
- In Kenna.AppSec, after Findings reached a closed status it’s custom field values were no longer visible on the Finding detail page
- In Kenna.AppSec, Checkmarx findings mapped last_seen to found date rather than the Checkmarx detection date.
October 2022
General
Microsoft Defender for Endpoint TVM Connector
The Microsoft Defender for Endpoint TVM connector leverages the Advanced Threat Protection (ATP) built-in Threat & Vulnerability Management (TVM) data into your Kenna account.
License Entitlement Enforcement
Kenna began enabling license enforcement within the product. Please see the License Entitlement FAQ for further information.
CVE Score History in VI+
Users can now see changes to Kenna scoring within the CVE Details page as well as via a Show CVE History VI+ API endpoint.
VI+ UI Enhancements
Users can now filter vulnerabilities to focus on those with remote code execution. CVSS 2 exploit, impact, and temporal scores were added to the UI. CVSS 3 vectors and fields were added to the UI. Vulnerability chatter is now visualized on a graph to show changes over time.
VI+ UI Usability Improvements
Users will now experience a more uniform experience between VM and VI with adjustments to font families, sizing, colors, and component alignment within the application.
API
Trending Vulnerabilities in VI
Users can now see top Trending Vulnerabilities within the new VI Dashboard and filter based on Most Chatter, Risk Score, and Velocity. This information is also available via a new Get Trending Vulnerabilities VI+ API Endpoint.
Virtual Tunnel 1.3.0
The 1.3.0 release of the Virtual Tunnel allows customers to run on prem with SCSI storage controllers. Find more information here.
Bug Fixes
- The parameter max_priority on the Search Vulnerabilities API endpoint was not filtering results correctly.
- The VI+ Vulnerability Trends endpoint response contained unclear/stale data.
- Kenna.AppSec custom fields presented both "Clear" and "Save" buttons on dates, but failed to save when attempting to clear.
- The VI+ Data Snapshot endpoint returned old data without the newest exploits/fixes available.
- The Black Duck Hub agent selector was not displaying on the Connectors page edit modal.
- A change on Qualys' end in the scanner_id mapping for CVE-2021-31166 was creating orphaned vulnerabilities.
September 2022
General
Filter Assets without Vulnerabilities
Kenna.VM customers now have a way to see assets that have no vulnerabilities in Kenna.
Navigate to Explore → Asset Filters → expand Additional Filters → select the Assets without Vulnerabilities checkbox.
API
API Changelog
Kenna customers can now see what's new in the API with the API Changelog. If an item requires advanced notification, it will be added to the "Upcoming Changes" section. Note: The upcoming changes section will not display if there are no upcoming changes.
Bug Fixes
- The Search Findings API endpoint was not returning an infinite number of page results and left out search results.
- For some Kenna.AppSec customers, the Findings Timeline on each application's reporting page showedno results.
- In Kenna.VM, Custom Fields with Dates were being inconsistently displayed in the UI.
- Customers that are configured to use SAML, saw 401 responses to calls to the SLA Adherence endpoint made from the home page. An error displayed on the SLA Adherences graph on the Kenna Homepage.
- For Kenna.AppSec Findings customers, the Reporting Total Risk Score Over Time graph did not use Findings data.
- Within the Bulk Update Assets API Endpoint, users were permitted to edit and/or remove the created_at date field on assets. Now, this field is non editable.
August 2022
General
Updated CVSS Search Terms
Kenna customers are now able to build Risk Meters based on CVSS v2 and CVSS v3 score terms. This is significant for many customers who need to build risk meters based on CVSS v3 scores for auditors and compliance reporting.
The following fields will be supported in the API, Exports and the custom query box in Explore page(new custom query search terms).The existing CVSS slider will be removed.
- cvss_v2_score
- cvss_v2_exploit_subscore
- cvss_v2_impact_subscore
- cvss_v2_temporal_score
- cvss_v3_score
- cvss_v3_exploit_subscore
- cvss_v3_impact_subscore
- cvss_v3_temporal_score
Additionally, CVSS v2 base score will no longer be rounded to the nearest whole number. CVSS v2 severity and temporal scores will still be rounded to the nearest whole number as they are today.
Lock Header in Explore
Within the Explore Page, customers can now lock the header so you don’t lose action buttons as you scroll. For now, the header is unlocked by default.
API
API Server Name
Customers can now view their API server name at the top of the Settings → API Keys page in Kenna.
Additionally, there is now a simple API Docs link in the sidebar. To use the API docs, customers must still manually type in your base URL and API key.
Bug Fixes
- The Audit Logs Search API endpoint was not returning a consistent amount of data for identical requests.
- For Kenna.AppSec Findings customers, the Reporting Total Risk Score Over Time graph was not using Findings data.
- Within the Bulk Update Assets API Endpoint, users were permitted to edit and/or remove the created_at date field on assets. Now, this field is non editable.
July 2022
General
Export Activity
Kenna users with an Administrator role can now see exports requested by any user within the platform.
API
Solutions in the API
When exporting solutions in the UI, there is a cap on the information exported. In light of this limitation, we expanded the Show Scanner Vulnerability Details API Endpoint to include any available solutions along with the details for a vulnerability. This endpoint will only provide a response for 1 vulnerability ID at a time.
Additional Data Export Status in the API
Within the Check Data Export Status API endpoint, an enqueued status for exports was added to be more consistent with statuses we offer in Export Activity in the user interface. This provides a more granular status, and it is consistent with statuses we offer in Export Activity in the user interface.
July 2022
General
Export Activity
Kenna users with an Administrator role can now see exports requested by any user within the platform.
API
Solutions in the API
When exporting solutions in the UI, there is a cap on the information exported. In light of this limitation, we expanded the Show Scanner Vulnerability Details API Endpoint to include any available solutions along with the details for a vulnerability. This endpoint will only provide a response for 1 vulnerability ID at a time.
Additional Data Export Status in the API
Within the Check Data Export Status API endpoint, an enqueued status for exports was added to be more consistent with statuses we offer in Export Activity in the user interface. This provides a more granular status, and it is consistent with statuses we offer in Export Activity in the user interface.
June 2022
General
High Risk Vulnerability Density Benchmark
Users with access to the Kenna Homepage can now see how many open high-risk vulnerabilities they have on critical assets relative to other companies in their industry. This feature builds on the 2 already existing benchmarks on the Kenna Homepage. Benchmarks in Kenna help customers defend their VM program spend and / or lobby to expand or maintain their budget with data. Metrics are also available via the API.
Vulnerabilities in this benchmark are open and have a Kenna score greater than 66.
Only active assets are considered. You can filter by asset priority. The asset priority buckets are:
- Critical: asset priority 8-10
- Medium: asset priority 5-7
- Low: asset priority 0-4
- All Assets
Kenna.Appsec Custom Fields
Kenna.AppSec users can now create custom fields on the findings level to bring in loads of great metadata. The available data field types are Date, Numeric, Short and Long Strings, Text Dropdown, and attachments. You can read more by checking out our help article Creating a Custom Field in Kenna.AppSec.
API
Kenna.VI API Improvements
- Users can now better refine the data they are requesting via API to return a list of CVEs using a minimum risk score, active internet breach, remote code execution, or whether a CVE is easily exploitable.
- Users can limit vulnerability definitions by the state of the CVE (published, reserved, or rejected).
- Users can define which fields to include in the response for the vulnerability definitions endpoints.
UI Enhancements
Kenna.VM Enhancements
The Kenna.VM UI had a few small enhancements made to improve the user experience and interactions within the graphs and home page.
- Risk meters are now alphabetized on the SLA Setup page.
- Drop-down menus were updated to align styling across graphs.
- Tooltip colors were updated, and tooltips were realigned for uniform appearance across the application.
Bug Fixes
- The number of fixes included in the fixes export did not match the count displayed within the VM Activity page for JSON exports.
- CSV vulnerabilities exports were occasionally failing due to a scroll time out issue.
- For AppSec Findings customers using AppSec Explore, CSV Exports disregarded application filters and included all findings in the export.
- Invalid custom field syntax provided to vulnerabilities bulk update API endpoint will either return either a 422 or 500 code or may silently accept bad data, depending on specific syntax used.
- Ticket creation for both ServiceNow and Jira was failing due to storing incorrectly formatted hostnames in the connector records.
- When a ServiceNow service ticket was successfully created on a vulnerability, there were occasional long delays with ticket information being populated in the Kenna platform.
- ServiceNow Ticketing was also omitting the specified template "caller" value when creating tickets.
- Some users were receiving multiple emails associated with single events in Kenna.
- Veracode applications with quotes in their name caused the Veracode toolkit to fail.
May 2022
Exports
Export Visibility
When an export is requested, users can now access an activity page that details the status of the export. The activity page displays enqueued, in progress, completed or failed exports. This feature is currently behind a feature flag. Please contact your CSM (Customer Success Manager) or Support to enable the feature.
SLA Adherence Report
Kenna believes understanding your patch management health is critical to understanding the risk in your environment. SLA adherence is additional data, that paired with the Kenna Risk Score can help a client understand their risk posture.
This new report on the Kenna Homepage displays the percentage of vulnerabilities that a customer has patched within SLA (due date) in the last rolling week.
- This is an organization-level report, not Risk Meter report.
- Each day has a data point, and each data point is a rolling average of the last 7 days.
- You can filter by vulnerability criticality.
- Metrics are also available in the API.
Kenna Virtual Tunnel Release 1.2
- Consolidated Virtual Tunnel images to allow for a single installer to be used. Users will no longer have to select a particular VT image from multiple options to install from Cisco Software Download.
- Resolved an issue that prevented establishing VPN connections.
- Kenna Support Account is now disabled by default for users to enable as needed.
Bug Fixes
- A backend service for synching tickets was failing which resulted in outdated ticket statuses for many customers in Kenna.
- The Kenna Virtual Tunnel was not successfully creating an openvpn.conf file and therefore was not able to make the tunnel connection.
- AppSec Explore was displaying findings that were associated with inactive assets.
- In AppSec, a user could create multiple applications with the same name. Now, if a user tries to create a new application with an existing application name, we display the following error message: “name must be unique”.
- When a customer clicks to add a new connector and then cancels setup, the Connectors page would occasionally fail to refresh. This refresh issue would retain the setup page on-screen and incorrectly allow the user to populate fields without the ability to save the configuration. When a connector configuration is cancelled, the screen now refreshes as expected
April 2022
General
Tag Management
Asset tags are now kept in sync with customer connector runs.
Kenna imports tags from connectors, and those tags change over time. In the past customers did not have a way to remove the old tags. Kenna only added new tags which caused meta data from old connector runs to become outdated quickly. With this enhancement Kenna removes tags on an asset that were not seen on a connector run.
For more detail please see this help page on Asset Tags.
API Key Management
Administrators can copy an API key when they generate it, but not after they navigate away from the page. Existing keys will continue to work and customer Administrators will continue to be able to revoke or generate new API keys. To learn more about managing API keys, check out this video and our help article on API Key Generation and Permissions.
API
Near Real Time Score for VI+ API
Customers using the VI+ API can now receive risk score updates in near real-time when CVE scores change by at least one point. All CVE scores with at least a one point change can be queried with a single endpoint to provide targeted updates and streamline time to remediation.
Connectors
CrowdStrike
The CrowdStrike connector was released on our new data integration and processing platform which provides:
- Faster and more reliable syncing
- More detailed OS information
- Ability to pull in tags assigned to assets
- Incremental syncing for even faster performance
Bug Fixes
- Changes made on the Edit Asset page were not being saved. Changes to the primary locator is no longer allowed in the UI and must be made at the source before import. This will prevent duplication of assets.
- Certain invalid search queries were not presenting an error message.
- Confusing tooltips were being displayed on scanner vulnerabilities in the UI.
- The Tanium Comply connector had an unhandled exception for a field value.
- The Black Duck connector was stalling runs.
- Very large vulnerability exports were returning 504 errors during retrieval.
- Some SecurityCenter connectors were failing due to an XML parsing error.
- The KDI upload was failing to open vulnerabilities as expected.
- A Jira OAuth issue was preventing JIRA ticket creation.
- AppSec Reporting page had mismatched names and values such as the “Open Findings Count” displaying the Total findings count.
March 2022
General
Changes to User Management Workflow
The user management workflow has been improved to a more intuitive and flexible experience. Changes are demonstrated in this video Admin Settings Menu: Managing Users and Roles and documented on the Role Based Access Control help page.
Kenna Virtual Tunnel Release 1.1.0
This release includes the following changes:
-
Changed base OS from Centos to Rocky Linux.
-
A local service account for doing authenticated security scans is now included with the image and can be initialized with a password by following the command prompts when running the virtual tunnel VM.
-
New option to restart machine.
-
New option to check the local IP address (the bash command ifconfig is invoked).
-
Weekly automatic package updates.
-
Customer restarts trigger any pending kernel patching.
To download the newest version of the virtual tunnel go to Cisco Software Downloads.
Custom Field Improvements
Custom fields have been improved so that fields with a period (.) can now be used to search vulnerabilities as filter parameters and custom fields with underscores (_) are displayed with underscore in all places in the user interface.
API
Tag Source
Tag Source can now be pulled from the API using the List Tags endpoint. This was released in preparation for overall improvements to Tag Management, which were released April 4. Read all about Asset Tags here.
VI+ Download
Download VI+ data (all CVE definitions) with a single step. This replaces the need for several API calls, reduces the time to download the data.
The curl
command:
% curl --request GET \
--url https://api.kennasecurity.com/vulnerability_definitions/vi_data_snapshot \
--header "X-Risk-Token: ${KENNA_API_KEY}" \
--header 'Content-Type: application/gzip' \
--location \
--output vi_data.gzip
% ll vi_data.gzip
-rw-r--r-- 1 babarick staff 47862221 Apr 5 16:30 vi_data.gzip
Support for End Date in Incremental Exports
Kenna now supports an end date for incremental exports. The new parameter is records_updated_until
and is an optional field. It’s effective only when records_updated_since
is present.
Ticketing with the API
Customers with integrated Jira & ServiceNow Ticketing connectors, as well as customers without integrated ticketing connectors, can associate, update and delete the ticket ID, due date, and status on a vulnerability in Kenna via the API.
If a customer has a Jira or ServiceNow ticketing connector integrated in Kenna, and passes in the required fields, we will sync data nightly. For the nightly sync to work a user must pass in External ID and System ID.
Note:
- A single vulnerability can still only have 1 service ticket associated.
- Provide the Vulnerability ID in the call, which can be found in the last digits of the URL on a vulnerability detail page in the UI.
- Use the Create Vulnerability, Update Vulnerability and Bulk Update Vulnerabilities endpoints.
- Under each endpoint, look for and expand the Vulnerability Object and then the Service Ticket Object to find more details.
Please see API documentation for more detail. (Tip: Expand the vulnerability object and then the service ticket object as shown below.)
Bug Fixes
- ServiceNow tickets were not updating Status in Kenna.
- The toolkit Jfrog Connector was producing an error where certain findings lacked a CVE identifier when uploaded via the KDI connector, causing connector run failures.
- Very large CVE exports from the Explore page were resulting in inconsistent sizes, usually exporting less vulnerabilities than shown in the UI.
- Some CSV exports ‘with-details’ were failing outright.
- The toolkit Contrast connector was failing with a 500 error.
- Changes made to the ServiceNow ticketing connector on the settings page were not being reflected in the table used.
- Several specific CVE’s had scores which were stale/not updated.
- There were discrepancies in how certain search queries were handled when grouped in parenthesis and using quotation marks. Now problematic queries that require quotation marks are explicitly rejected.
February 2022
AppSec
Stacks
Stacks is a new feature for AppSec Findings customers which allows users to group and organize their applications and risk groups into single combined views. With this release, we have a new set of APIs that will handle the basic Create, Read, Show and Update functions for users to programmatically interact with Stacks. Read more about Stacks here!
Findings API
Findings are now available on the Kenna API supporting the following options.
-
Show Finding
-
Update Finding
-
Bulk Delete Findings
-
Search Findings
-
Create Finding
Find the docs here https://apidocs.kennasecurity.com/reference/show-finding
Connectors
New Toolkit Connectors
- HCL AppScan - AppScan Enterprise delivers scalable application security testing and risk management capabilities, to help enterprises manage risk and compliance. AppScan enables security, DevOps teams to collaborate, establish policies, and perform testing throughout the application development lifecycle.
- GitHub Code Scanning - Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.
- WhiteSource Scanning - Cover your open source security needs with WhiteSource, a leader in The Forrester Wave™!
Ticketing
Kenna Risk Score filter in the Kenna.VM ServiceNow app
Customers are now able to filter the vulnerabilities they bring into the Kenna.VM ServiceNow app by a minimum Kenna Risk Score. This aligns with Kenna’s Risk based approach of remediating based on risk and not attempting to patch everything.
To add this filter:
-
Open "Kenna Vulnerability Integration" -> "Administration" -> "Kenna Integrations"
-
Open the Vulnerable Item integration and there's a setting on the screen..
-
Find the "Minimum Risk Score" on that screen, and that'll establish a minimum number the incoming Vulnerable Items have to meet.
January 2022 Release Notes
General UI
Benchmarking Calculation Rate
Both the Total Risk Score Over Time Benchmark & the Mean Time to Remediate Benchmark on the Kenna homepage will begin to be calculated daily. This change will increase the frequency of the calculation from weekly to daily, giving clients the most up to date data.
UI Data Export Failure Notification
We have been sending emails to users when a data export is successful but now we also send users an email when it fails.
Connectors
Tenable.io
The Tenable.io API-based connector is now available. Read more about Tenable.io here!
New Toolkit Connectors
- Acunetix - Acunetix 360 is a best-of-breed enterprise web vulnerability solution designed to be a part of complex environments. It provides multiple integrations as well as options to integrate within custom contexts.
- Veracode - Confidently secure apps you build and manage with Veracode. This simple and scalable solution enables you to create more secure software so that you can boost your business and reduce risk without hindering innovation.
- CheckMarx SAST - With Checkmarx SAST™, you can run fast and accurate incremental or full scans whenever you need them. Trust our industry-leading SAST solution to give you the flexibility, accuracy, and coverage to secure your most critical code commits, within your rule sets, at scale.
AppSec
Typeahead Searching for Application Identifiers
The application identifiers search box now uses typeahead searching to suggest possible matches.
Bug Fixes
- Users were able to create multiple applications with the same name using the Kenna API.
- Findings counts for specific applications were not correct in AppSec Explore for those using the findings model.
December 2021 Release Notes
The Kenna API docs were just updated and have a number of new benefits!
- Categories of endpoints are alphabetized for easier searching.
- Each endpoint has its own page, organized into drawers that drop down. No more scrolling through the whole page! When you want to look at another endpoint, you need to click into it.
- System Role Users are able to add their API Key/X-Risk-Token with the "Try It!" button and see working code examples in any number of different codes including curl, Node, Ruby, PHP, Python and more!
- Anyone who has previously bookmarked an old endpoint will be redirected to the top of the new API Docs page.
- This change means we can deliver high quality and timely updates to the API Documentation.
Connectors
New Toolkit Connectors for the AppSec Findings Model
- JFrog Xray Toolkit Connector - Software composition analysis solution that continuously performs vulnerability scanning of open source binaries for security and license compliance risks. See JFRog.
- Netsparker Toolkit Connector - The only tool that found 100% of vulnerabilities w/ 0 false positives in a 3rd-party test. Detect 8,700+ vulnerabilities & risks. Minimize false positives. Streamline remediation. Trusted by 15,145+ users. Flexible & robust API. 2-way integrations. See Netsparker.
- NTT (formerly Whitehat) Sentinel Toolkit Connector - Sentinel Dynamic platform rapidly and accurately finds vulnerabilities in your websites and web applications. This best-in-class SaaS platform is ready to scale to meet any demand. See NTT Sentinel.
- Qualys WAS Toolkit Connector - Qualys Web Application Scanning (WAS) is an all-in-one cloud solution for all your web apps – providing continuous web app discovery, detection of vulnerabilities and misconfigurations, virtual patching, and quarantining. See Qualys WAS.
Ticketing
ServiceNow
ServiceNow has certified the newest release of the Kenna.VM ServiceNow app on Quebec and Rome. This edition adds a filter that allows ingesting of a subset of information based on the Kenna risk score.
Bug Fixes
- Findings counts for specific Apps were not correct in AppSec Explore for those using the findings model.
November 2021 Release Notes
General UI
Hierarchical Risk Meters via API
Hierarchical risk meters can now be created via the API and we have a script for this on our github! The script will take a csv of descendant risk meters and add them to a parent.
Warning Message Before Deleting Users
Last month we released the warning message regarding deletion of shared dashboard views and more details can be found below. This month it was updated so that the message only shows when an admin is attempting to delete a user that actually has shared dashboards.
Connectors
We now have three new Toolkit Connectors:
- BugCrowd - Bugcrowd reduces risk with coverage powered by our crowdsourced cybersecurity platform. Go beyond vulnerability scanners and traditional penetration tests with trusted security expertise that scales — and find critical issues faster.
- Wiz - Wiz scans every resource across your entire cloud stack and multi-cloud environment using a 100% API approach that deploys in minutes.
- Burp Suite - The web vulnerability scanner behind Burp Suite's popularity has more to it than most. Burp Scanner uses PortSwigger's world-leading research to help its users find a wide range of vulnerabilities in web applications, automatically.
Bug Fixes
-
Asset and vulnerability counts were inconsistent in child/descendant risk meters.
-
Nexpose connectors were failing when they saw unmapped vulnerability definitions.
October 2021 Release Notes
General UI
Multiple Roles Per User Increase
Last month, we released Multiple Roles Per User. Users were allowed to assign up to 5 roles per user. Now the limit has been increased to 10 roles per user!
New Warning Message Before Deleting Users
For users that have shared dashboard views, the following warning message will be displayed:
"Warning! Deleting a user will remove all of their Dashboard Views.
Are you sure you want to delete NAME?
This is a permanent action and cannot be undone. If you desire to retain Dashboard Views created and shared by this user, consider resetting their User ID and Password rather than deleting the user. Read more."
Kenna.VI
Kenna.VI+ App in ServiceNow Store
The Kenna.VI+ app is now live on the ServiceNow application store for Quebec and Rome releases.
Bug Fixes
- For VI+ customers, we were returning all fixes associated with a given CVE rather than only returning fixes containing URLs & product information, resulting in unhelpful data.
When attempting to delete a role with no users assigned, an error message was popping up suggesting there were users assigned. - Customers using DUO 2FA were being sent to bad pages.
- Tags containing commas were very difficult to delete.
- The KDI was not accepting multiple WASC IDs per scanner vulnerability, causing the connector run to fail.
- The Nessus API connector was not functioning with the Kenna Agent.
- The Teneble SC connector was not properly logging out at the end of the connector run causing customer to run out of API sessions over time. Now the connector logs out after each run.
- For customers with the "Asynchronous Asset Export" setting turned on, assets were not being exported from child risk meters.
- Some customers using vulnerability-based risk meters were seeing assets appear in groups where no vulnerabilities matched the risk meter filters.
September 2021 Release Notes
General UI
License Usage Page
Customer admins can now check their license usage from the Kenna Platform. The new license page indicates what products customers are licensed for (VM & AppSec) as well as how much of the license is being used. Customers will also be able to see their Organization ID used by Cisco as a company identifier. Navigate to the upper right-hand corner and select the dropdown menu. Once the dropdown appears, click on the sub-menu of "Licenses".
Multiple Roles Per User (MRPU)
MRPU has completed its staged rollout. Previously, a user could only be assigned one roll. This change should reduce the administrative burden in managing roles. Customer admins now have the ability to assign up to five Multiple Roles Per User. Please refer to the help page for detailed examples and explanation.
Alert Options for Subscription Expiration (VM, AppSec, VI, VI+)
Users may now subscribe to receive email or in-app alerts for VM, AppSec, VI and VI+ subscriptions that are about to expire (48 hrs notice) and that are expired.
Kenna.VM
Mac Address Normalization
Mac Address Normalization is now available for existing customers and there will be a separate email to all Admins about getting this turned on. You can read about how it works at the bottom of this article on Understanding Locator Order.
AppSec
Remediation Guidance
Remediation Guidance is now displayed as a default field on the Finding Details page! This information supports remediation efforts. This field maps to the "solution" field on the vuln_def record in the KDI.
AppSec Findings Locator View
AppSec findings now support Locator view on AppSec Explore showing findings for File or URL locators when selected from Summary of Findings. Previously a customer would be re-directed to the Findings detail view when they selected a File or URL locator from the summary of findings view. Now that behavior has changed to direct the customer to the individual findings view showing all findings when a locator is selected in the summary view. See attached screenshots below for selecting the locator from Summary of findings and being directed to the individual findings view showing all findings for that specific selected locator.
Here, the user clicks on the link to DatabaseManagerCommon.java . . .
. . . which brings the user to this detail page showing all findings for that locator.
Ticketing
Kenna.VM in ServiceNow Store
The Kenna.VM App in the ServiceNow store has been certified on the ServiceNow Quebec release.
Bug Fixes
- Read only users were unable to edit dashboard views that they owned.
Asset exports did not have a column for image_id or container_id. - Fix emails were missing a list of affected assets when the "apply to all" button was selected for the search terms to apply to all assets in Explore.
- When using the CSV Vulnerability (with Details) export from the UI, if a given vulnerability had only a single scanner vulnerability open but one (or more) closed scanner vulnerabilities as well, the Details column in the export included details for all of scanner vulnerabilities (open AND closed). Now it will not include close vulnerability details.
- Both Total Risk Score Over Time (TRSOT) and Mean Time to Remediation (MTTR) graphs on the
- Home page lagged one day behind the current date.
- Scanner Vulnerability identifiers were shown in both upper and lowercase in Explore but queries required the lowercase scanner_ids to return results.
- For Exodus Customers: Zero-Day EIP-2013-0021 was removed from the Exodus feed but still existed in Kenna as a zero-day vulnerability definition. The vulnerability definition has been removed.
- Top Fix groups Affected Assets counts were not aligning with the count of assets associated with a fix in a risk meter.
August 2021 Release Notes
Connectors
Improved Connector Run Error Messages
This is an ongoing project where error messages will continue to be improved through iterations of this project. If a connector run fails, users will see more comprehensive error messages designed to reduce frustration, improve resolution time and enable customers to self resolve in as many instances as possible without having to contact support.
Two specific areas have been improved:
-
- Precise & Consistent Descriptions - Error messages are no longer generic and will identify the application that is posting the error and alert the user to the specific problem, rather than a vague generality. Error messages will use consistent verbiage across various connector sources, reducing confusion around the meaning of any given error message.
- Clear Next Steps - The error message will provide clear solution steps and/or exit points. If the next steps involve calling technical support, the word “Kenna” has been removed in order to not confuse customers which may need to call an MSSP.
- Precise & Consistent Descriptions - Error messages are no longer generic and will identify the application that is posting the error and alert the user to the specific problem, rather than a vague generality. Error messages will use consistent verbiage across various connector sources, reducing confusion around the meaning of any given error message.
MAC Address Normalization for New Customers
As of August 11, 2021, we will normalize mac addresses for any newly signed up customer. Conflict between vendors' representations of mac address cause mismatch/duplication of assets. Kenna can now normalize incoming mac addresses and improve deduplication of assets in Kenna. Read more on this at the bottom of this article on Understanding Locator Order.
This release does NOT impact existing customers - existing customers will be included in a phase 2 rollout targeted for September 2021.
Connector-level Custom Ordered Locators for the Crowdstrike Connector
Previously, Custom Ordered Locator configured at the connector-level for the Crowdstrike connector was being ignored. The Crowdstrike connector would always use the Kenna default locator order. Now the Crowdstrike connector uses the following order by default. If the order is changed, the Crowdstrike connector will use the custom order instead.
The Crowdstrike connector default is:
- external_id_locator
- ec2_locator
- netbios_locator
- external_ip_address_locator
- hostname_locator
- url_locator
- file_locator
- fqdn_locator
- ip_address_locator
- database_locator
- application_locator
- mac_address_locator
AppSec
Enhanced Text Searching for AppSec Findings
Previously AppSec findings text search could support only an exact match on the vulnerability ID or full name. Text search in findings now allows users to search on key date ranges, applications, locators and now supports wildcard searches! In order to use this feature, a customer must be using the AppSec findings model. Open the search help box from within the platform to review your search options!
Bug Fixes
- Previously, when the "NOT" modifier ( '-' ) was placed next to a vulnerability search field, the expected behavior was reversed - the field:value pair was included. This fix restored the expected behavior so that now when a '-' is used next to a vulnerability search field, the search excludes said field:value pair.
- The True Risk feature of descendant Risk Meters has been fixed so that the number of vulnerabilities shown on the True Risk page is the same as the number of vulnerabilities shown on the reporting page in the "N Vulnerabilities" link. Additionally, the number of assets on the True Risk page reflects the correct number of assets for the vulnerabilities shown.
- The "Active Assets and Open Vulnerabilities Over Time" graph on the reporting page was including inactive assets for certain risk meters. From the end of June through August customers may see that the "Active Assets and Open Vulnerabilities Over Time" graph has an increase in assets due to inactive assets being included. However, going forward customers will only see active assets included in the "Active Assets and Open Vulnerabilities Over Time" graph.
- Service Now description and short description fields were fixed to properly populate vulnerability information and the integration has been fixed.
- Validation and an error message has been added to the bulk update API endpoint for vulnerabilities to prevent users from updating vulnerabilities with invalid or blank statuses.
- A job that sends emails on newly identified malware was fixed and emails have resumed.
- The fix_title_keyword parameter when used to create a descendant risk meter has been fixed so that descendants inherit this parameter.
July 2021
Feature Releases
Name | Description |
Audit Logs for Toolkit Use |
Customers now have visibility into which task is using the toolkit. The toolkit uses Example: user_agent:Kenna Toolkit - veracode_asset_vulns |
Findings Filter in AppSec Explore |
Findings can now be filtered on created date in AppSec Explore. |
Updated Prisma Connector External ID Locator |
For an asset with either a CONTAINER_ID or IMAGE_ID, the Prisma Connector no longer maps to EXTERNAL_ID automatically. This is a Prisma/Twistlock connector behavior change. On the Asset Detail page, the presentation of fields (EXTERNAL ID, CONTAINER ID, IMAGE ID) has been updated to truncate the ID string and offer a “copy to clipboard” action button to get the full ID string. The reason for this UI change is to better present the very long IDs (often more than 256 characters) within limited horizontal space than to allow for the string to continue off the screen. |
Bug Fixes
- An issue was discovered when clicking the "Search for Scanner IDs" link in the vulnerabilities tab of Explore. If scanner_id contained spaces, a search term with improper syntax was populated.
- Now if the scanner_id displayed in the vulnerabilities tab is a clickable link, it populates a search term with acceptable syntax.
- Email alerts for malware were not sending.
- Clearing data from a field on an asset was not removing the data.
- The KDI was failing all payloads if the only locators specified for an asset were image or container_id.
- The "Reset Filters" button in Explore was removing filters but not search queries. Now both the filters and search box are cleared.
- Invalid queries were being validated and showed an Update/Save button, but no Risk Meter would be created. Now invalid queries cannot be saved.
- Scanner Vulnerability identifiers were shown in both upper and lowercase in Explore but queries required the lowercase scanner_ids to return results. There are now two fields (scanner_id: and scanner_unique_id:) which are case sensitive.
June 2021
Feature | Description |
KDI Mac Address Validation Changes |
We have removed format validations and added a 30-character maximum length validation to the Mac Address field in the KDI. The benefits of these changes are:
|
Search by 'role name' in User Settings UI |
Customers can search by Key Points
|
Handling of older assets not recently seen during Kenna Connector Runs | Assets which are outside of the set retention and purge periods will not be imported during connector runs. You can read more about this in our updated Asset Purge Period Setting article. |
VI+ Updates |
1. Now customers can search for CVEs by Qualys KB Id (QID) to find all associated CVEs.
2. We added a link to the specific source of a given exploit to the "Show Vulnerability Definition" response. |
Prisma Cloud Connector Updates |
1. ALAS Findings Prisma Cloud Connector ALAS (Amazon Linux Advisory Services) findings were previously being presented in Kenna as informationals and the associated CVEs were not being scored. There can be a 1:1 relationship with CVE or a 1:Many relationship with a CVE, similar to QIDs. We now present the proper scoring for the CVEs associated with the ALAS finding. Please note that the Prisma Cloud scanner does not identify which specific CVE is or is not present on the asset, therefore we show all the associated CVEs. 2. Prisma Informationals We added support for Prisma ID Security warnings to the Prisma Cloud Connector so that Kenna brings these in as informationals. Many vulnerabilities are publicly discussed or patched without a CVE ever being assigned to them. While monitoring open source vulnerabilities, the PAN team identifies vulnerabilities you need to be aware of, and assigns PRISMA IDs to them whenever applicable.
|
May 2021
Feature | Description |
Kenna VI+ API Changes:
|
Popular Malware exploitable CVEs were collecting large numbers of malware hashes which could create very large responses when querying the "Show Vulnerability Definitions" API endpoint and sometimes caused 504s. For all CVEs, we removed malware hashes and replaced them with a malware count field in the response to that endpoint. A new "Show Malware Hashes" endpoint was created where you can query those CVEs to get the hashes. |
Home Page Changes
|
All widgets on the Home Page now reflect full customer data regardless of role. This change will not affect System Roles of Admin, Normal, and Read Only. Data made unavailable to a Custom Role will be greyed-out and the user will not have access to click. For example, on the "Today's Risk Meter Scatter Plot" Custom Roles can click on "Not Accessible" to see unaccessible risk meters represented as grey dots. Admins have the ability to enable/disable home page access for any custom access role. A new endpoint was created to Bulk Update Permissions for custom user roles. Further details are available on the Kenna Home Page article. |
New Asset Purge Period Setting |
A new feature is available which will automatically purge inactive assets according to a timeframe selected by the customer administrator. Currently the feature is available to all customers in test and production instances. Customers are required to choose a retention period by July 1st, 2021. If a retention period has not been chosen by July 1st, Kenna Security will default to the following settings:
Further details are available on the Asset Purge Period article. |
Improved Connector Error Messaging 2.0
|
Following last month's release, error messages continue to be improved as an ongoing effort to build a database of potential errors and corresponding comprehensive error messages to display to the customer. Two specific areas have been improved:
|
Client Setting to Increase the Asset Export Limit in the UI |
There is a new client setting called “Async Asset Export” that can be enabled in client environments. When enabled, this setting will increase the UI asset export limit to 500k (from 100k) by changing the export to process in the background and send the user an email to download the file as a GZIP (this is similar to the process for Vulnerability and Fix exports from the UI). This setting is turned off by default. When it is not enabled the UI, asset exports in the client's environment will continue to have the 100k limit and download directly in the browser as a CSV. |
Added Image ID and Container ID to KDI |
For a customer who wishes to use the KDI for a container scanner that doesn't have a connector yet, we added container and image locators in order to map the ingested data for image or container assets. |
April 2021
Feature | Description |
Risk Meters: Dashboard Views and Faster Risk Meter Creation |
Improved Risk Meter Drop down for Dashboard Views Users now see enriched information in the Risk Meter drop down when creating and modifying Dashboard Views.
It is also possible to add the child Risk Meters to Dashboard Views without adding parent Risk Meters. Optimized Risk Meter Creation Risk Meter creation speeds markedly improved in both the UI and API. |
Connectors: Improved Error Messaging |
Improved Connector Run Error Messages Users now see more comprehensive error messages designed to reduce frustration, improve resolution time, and enable self-resolution of issues in as many instances as possible without the need to contact support. From the Connectors page or Home page, you see detailed messages that identify the application that is posting the error and alert the user to the specific problem. The message also provides clear solution steps and/or exit points. Note: The error message indicates if/when users should reach out to support after following the suggested troubleshooting steps. |
Bug Fixes: Unassigned Roles Deletion and Search Queries Streamlined |
Deleting Unassigned Role Unassigned roles that returned an error message when attempting to delete can now be deleted. Search Queries Some search query results were impacted by the order of the query, which returned inconsistent results. Users will now find search queries return the same results regardless of the order of the query. |
March 2021
Feature | Description |
Risk Meters: User Role Creation |
Improved Risk Meter Drop down for User Role Creation Improved the Risk Meter drop down menu for creating or editing User Roles. Now you can use type-ahead in the Search bar. You can click the arrow to expand child hierarchy. |
Exports: Enhancement |
Export Vulnerabilities with Full Solutions from the UI You can now see a column for 'Short Solution' and a column for 'Solution', which has the full scanner solution.
Vulnerability Exports Limit Increase to 500K with Details from the U For the existing vulnerability export with details, an increase in the limit from 100k to 500k vulnerabilities with details was implemented.
Important: These export features must be turned on by request by your customer success team. If you do not engage regularly with a CSM or a CSE, please contact support if you want these turned on. |
Connectors: Prisma Cloud Compute Edition (PCCE) |
Search By Image Ability to search by asset identifier for images ingested from the Prisma Cloud Connector and the containers that are running them. |
UI: Changes to Alternate Fix Button Location and Vuln CSV Export Column |
Alternate Fix Button Location Users do not need to scroll down the page to see the Alternate Fixes Available button in Explore. Vuln CSV Export Column The previously named 'Solution' column has been renamed to 'Short Solution' to better describe the content. The column named 'Solution' now reflects the full scanner solution. Note: If you are using a script that references these column, please take note and make sure you are pulling the data you intend. |
February 2021
Feature | Description |
VM Explore: Search Result |
Search result speed improvement in Risk Meter when using the All Groups drop-down in the top left of the VM Explore page. |
API: Enhancement |
Remote code execution (RCE) added to the Kenna.VM and Kenna.VI+ client-facing API. In addition, Kenna.VI+ API has popular targets added to it. |
Connectors: Prisma Cloud Compute Edition (PCCE) |
Scheduled Scans Scheduled Scan functionality has been added to PCCE connector. Registry/Repo Information Ability to present Registry and Repo Tag information for each of the scanned images. It prepends the word registry or repo to the tag for easier identification as seen in the image below: |
UI: Pop-ups Fix |
Previously, when you reached the bottom and continue scrolling, the content of the pop up did NOT scroll and got cut off. Now, after reaching the bottom of the dropdown you can continue scrolling. |
January 2021
Feature | Description |
Hierarchical Risk Meters: Exports |
Note: Exporting children from the API is not a part of this release, but will be a part of the work to support HRM in the API. |
Audit Logs: GCP |
The Audit Logs feature in GCP has the same functionality as Audit Logs in AWS and allows clients to pull down data regarding user-initiated events that happen in the client’s instance of the Kenna application and the Kenna API. It also allows clients visibility into user behavior in their Kenna instance so they can be responsive to any breaches and/or nefarious behavior. For more information on Audit Logs or how to configure this feature, please refer to the below information: |
Containers: Search Capability |
Ability to search by container ID for clients using Prisma Cloud Compute Connector. |
Q4 2020 Release Notes
Audit Logs
Allows clients to pull down data regarding user-initiated events that happen in the client’s instance of the Kenna application and the Kenna API.
Prisma Cloud Compute Edition (formerly Twistlock)
Kenna released the Prisma Cloud Compute Edition connector on a limited basis. Please note that this is an on prem connector that was formerly known as Twistlock and is not the cloud native offering known as Prisma Cloud Enterprise Edition. This initial connector release focuses on image vulnerabilities and the containers that run them.
Risk Meter Composition Labels
When you select a risk meter in Explore we've added labels to help you easily understand what data and filters are included in the risk meter group. If the risk meter has a custom string search a user will be able to click on it to see what the search entails. Other labels are not clickable.
Custom Messaging at Login Screen
Customers can now add custom messaging to their login screen. Add the custom message in the admin settings section.
Q3 2020 Release Notes
Hierarchical Risk Meters
A Hierarchical Risk Meter enables more intelligent, intuitive visualization of data. Allows for a roll-up and a drill-down approach to your data in Kenna.VM.
Benefits include:
- Avoiding Risk Meter sprawl
- Improved visualization
- A more intuitive way to assign permissions
- Easier long-term maintenance
This release includes support for Hierarchical Risk Meters in the UI. Coming soon is the ability to export to CSV for Child Risk Meters.
- Getting Started with Hierarchical Risk Meters
- Please contact your CS resource or Support to have this enabled.
Incremental Exports
Export your most recently updated data, as opposed to your entire data set. Incremental Exports are the recommended configuration for all customers. https://apidocs.kennasecurity.com/reference#request-data-export
Multiple Asset Inactivity Limits (expanding to a per connector basis)
Customer admin users can now set asset inactivity limit at a connector level, expanding asset inactivity from the previous global only setting.
Setting Asset Inactivity Limits
Roll out of Support for Multiple Identity Providers
Beneficial for any customer that does not have a single centralized platform for SAML.
New Filter for Manually Overridden Assets
Users are now able to filter assets in Explore by those that have been manually overridden. This is related to earlier Q2 Asset Status Transparency release.
Tenable.SC Enhancements
Assets and vulnerabilities created from Tenable SC both use the fallback value of the connector’s run time for the last seen date. Customers also requested that we use the values that are listed in their instance of Tenable SC.
Tenable.IO now supports Incremental Runs
Please talk to your CS team or Support to enable this new capability for your Tenable.io connector.
Assigning Roles to Risk Meters with Duplicate Names
It is now possible to assign a role based on Risk Meter ID rather than just Risk Meter Name to help to differentiate between risk meters with duplicate names.
Turn off Groups in the Explore Sidebar
For customers with a large number of Risk Meters Groups, turn off groups to improve load time of the Explore page. Use the streamlined Risk Meter navigation (detailed in Q2 release notes) instead. Speak to your CS team or Support to disable Groups in the sidebar. Groups in the sidebar will eventually be sunset by Kenna.
AppSec Explore Enhancements
-
Findings filtering by Risk Score in AppSec Explore
- AppSec explore enabled customers are now able to filter findings by Kenna Score. This filter option is available along with other “Findings Filters” on the right hand side of AppSec explore.
-
New Text Search Capability introduced in AppSec explore:
- For those AppSec explore enabled customers you now have the ability to search for findings in a text search box on the individual findings view on AppSec explore. At this time the search criteria supports searching by specific CWE_ID, or CVE_IDs, or an exact findings name.
Export Findings in a CSV format in AppSec Explore
AppSec explore users can now export into a CSV their current view.
KDI Findings Due Date Field
For the KDI Findings model, it now permits a due date field in Explore and the details page.
Q2 2020 Release Notes
Enhanced Performance
Kenna is always looking at ways to optimize performance while continuing to innovate. We are regularly making performance enhancements which improve efficiency for our customers. The latest change increased data export speed from 2x to 5x the previous performance.
Added support for the "Specifics" form within Cherwell ticketing integration
We are now able to add "Cherwell Specifics Field Names" within the Cherwell ticketing integration. This does require configuration by Kenna Support so please contact support or your CSE if you would like to set this up.
Incorporated Mitre’s CWE 4.1 update
MITRE released a new version (4.1) of their CWE data. We now ingest the new data and update our CWE vulnerability definitions appropriately.
Improved the search Help Modal in Explore
We adapted the content from the Zendesk help docs into the help modal within the app. You no longer have to navigate away from the Kenna application in order to get help on search terms!
Added the connector name in failure notification
We used to provide a general failure warning when a connector had an issue, but now we specify which exact connector experienced the issue.
Streamlined Risk Meter navigation
Kenna introduced a new dropdown tool for searching Risk Meters/Groups! This tool can be found in the upper left of the Explore page. You are still be able to view groups in the right-hand panel in Explore but this new control will eventually replace the Groups section in the right-hand search panel.
To activate the search, click on "All Groups" or, if you are already viewing a group, you can click the down arrow next to the group name at the the top left of the Explore page. By default, you will see your first 500 groups alphabetically. As soon as you type any search criteria, best matched groups will start to display.
Created triage workflow in AppSec
AppSec customers now have the ability to set multiple states in the platform as a part of executing a triaging workflow in AppSec explore. To set states, navigate to the finding detail view in AppSec and from the right side (shown below) you can choose from Open, Closed or Risk Accepted status.
Added option in AppSec to filter on Connector Name
AppSec customers have the ability to filter by Connector Name in AppSec Explore’s Individual findings view. This filter option (AppSec_Explore_Enabled) must be turned on in the back end by support or your CSE.
Added option in AppSec to filter on OWASP top ten
Customers can now filter on OWASP Top Ten, located on the right side in the new AppSec Explore view. With this new feature, customers can pinpoint the most commonplace and highest priority application security risks plaguing organizations today! This filter option (AppSec_Explore_Enabled) must be turned on in the back end by support or your CSE.
Added vulnerability “Chatter” to Kenna.VI+ API
Our Kenna.VI+ customers can now find statistics about when there is “chatter” or mention of an exploit somewhere on the Internet. We also provide high-level chatter statistics for a single vulnerability definition by CVE ID. You can find this feature on the Kenna.VI+ endpoint of our API docs page.
Added transparency for manually set asset statuses
Users now have the ability to tell if an asset's status was overridden by a human and the ability to remove that override without contacting support. Prior to this enhancement, there was no way to know that an asset's status was set to inactive or active by a human and users couldn't remove that manual status override without contacting support.
For more information, please see our Kenna Help document on this topic.
Displayed connector name on vulnerability detail
For customers who give specific names to their connectors, on the vulnerability details page, if multiple connectors report on a vulnerability, we now show the connector name rather than the connector type. Being able to distinguish which connectors are reporting on a vulnerability should aid in troubleshooting and closing out those vulnerabilities.
Updated CrowdStrike connector for agent detection regardless of Spotlight
With the updated CrowdStrike connector, we can now detect the presence of all CrowdStrike Falcon agents whether or not the customer is using CrowdStrike Spotlight to import vulnerabilities.
IBM AppScan Renamed to HCL AppScan
Due to a change of company ownership, we've renamed the connector (on connectors page) to reflect the correct name.
Updated the Navigation Bar
We condensed our navigation into a more consistent hierarchy and sitemap structure that follows our product offerings.
Instead of seeing Home | Dashboard | Explore | Connectors | AppSec | Intel | Settings, you will only see VM l AppSec l VI l Connectors. This provides clearer organization and reduction of clutter in navigation. We also translated the navigation bar to updated brand colors. We made the changes so navigation is more concise, and aligns with our product offerings.
Added search capability to the User Roles page
Users are now able to search by user roles and Risk Meter names.
Updated the Nexpose Connector
When a reported vulnerability is present multiple times on a host in a Nexpose file, we now represent all instances of the vulnerability as tabs. There will be several tabs showing all instances (file locations) of vulnerabilities that need patching.
Added threat actor to Kenna.VI+
We added a new field to the Kenna.VI+ (formerly known as the threat / vulnerability API) called “threat actor.” Please see image below. For CVEs where we have intelligence that a threat actor has been referencing the vulnerability we will report the threat actor name and how many times the references have occurred.
Provided the ability to change the SLA Due Date Basis in the UI
SLA due dates can be based on found date, created date, or fix published date on the vulnerability. We moved the ability to change SLA Due Date Basis from a back-end setting to one that users can change themselves in the UI on the SLA Settings page. This removes the need for support or CSE to be involved. SLA due date basis defaults to found date. Changes will only apply to new vulnerabilities; we won’t change any previously set due dates. This is a global setting shared by all SLAs.
Displayed selected columns related to findings in AppSec Explore
We introduced a button to select relevant columns to be displayed in the AppSec Explore individual findings view. A drop down list appears when the “Display Button” on AppSec Explore is selected allowing the user to select necessary columns they want displayed for findings, similar to our VM Explore page. This feature is only available to customers who have the AppSec_Explore_Enabled set to true. This filter option must be turned on in the back end by support or your CSE.
CrowdStrike Spotlight Connector
CrowdStrike Spotlight is the newest connector for 2020 added to our platform. Customers who have Spotlight can now use it to import the vulnerabilities found on their assets. Moreover, we can use the connector to detect the presence of an agent on the asset. PLEASE NOTE: The customer must have Spotlight for this to work. Please see May release notes as well for the latest CrowdStrike update.
Added ability to add User Roles at the time of Risk Meter creation
You can now add user roles at the time of Risk Meter creation rather than having to swivel to the settings page to add permission after the fact.
Added back-end setting to configure page size
Related to paginating, Kenna introduced a back-end client setting to make the page size configurable for Users, User roles, Custom fields, API Keys and Report Subscriptions. Limits are 1 - 10,000.
Displayed additional details on findings detail page
With the introduction of the findings detail page under AppSec Explore, customers have the ability to get the following details: Name, Unique identifier and description of the finding, severity, file name, line of code, project name, and source of the vulnerability amongst others fields sourced from AppSec Scanners. This view is available to only customers who have the AppSec_Explore_Enabled feature set to true. This filter option must be turned on in the back end by support or your CSE.
Added a filter by Status in AppSec Explore
AppSec customers have the ability to filter by the status of a finding in our AppSec Explore views. This is available on the right hand side of the AppSec Explore page.
This is available to customers who have the feature AppSec_Explore_Enabled set to true. This filter option must be turned on in the back end by support or your CSE.
Q1 2020 Release Notes
Launched Risk Based SLAs. Kenna continues to partner with you in your vulnerability management maturity journey. There is crushing demand to patch everything. Set fewer SLAs, but achieve the appropriate level of risk. Remove friction by grounding the conversation in actual data. Get to an acceptable level of risk and hold by using intelligent data driven SLAs.
Introduced list view on the dashboard. A new way to browse your dashboard in a more compact and linear fashion. Use the toggle in the top right to switch your view.
Added CVE score history in the API. API documentation: https://apidocs.kennasecurity.
Pre-NVD chatter was added to the Threat API. Augments our ability to score threats that are not yet published in NVD or scored in CVSS.
Find connector run detail in the API. Rather than go through support, customers can use the connector run ID to query the API for connector run detail. API documentation: https://apidocs.kennasecurity.
Improved the readability of service ticket description. More to come on this topic.
Added support for reset_tags in the Kenna Data Importer (KDI) connector
Kenna Agent Updates:
- Support for the BlackDuck connector
- Support for a local directory connector
- A single instance of the agent can now handle multiple connectors
Added a new bulk export option for fixes
Introduced a better way to edit custom string searches in Explore
Q4 2019 Release Notes
VRM now incorporates the ability to benchmark mean time to remediate vulnerabilities vs other companies in your industry.
Added total mean time to remediate for a given Risk Meter. It was added to the existing Mean Time To Remediate chart in risk meter reporting for additional context beyond severity breakdown.
Removed the Total Ticket Progress Over Time graph from the home page for clients with no ticketing integrations.
Changed 'Solution' field in the API & exports to have more specific data. Note: the file size will grow. This change will not impact the 'solution' field in the CSV export - that will continue to be the fix title + fix URL.
Adjusted Webinspect Connector scores to align with our scoring methodology.
Instituted a change in the Veracode Connector for AppSec. Previously we were only importing the latest findings field – at the behest of several customers we’ve now changed that to "all findings". As a result customers might see an increase in the number of vulnerabilities in their environment, it’s also possible that risk scores might change.
Improved usability of Dashboard Views:
- Client admins can create a global dashboard view
- Client admins can share a dashboard with a role or group of roles
- Client admins can share a dashboard and create global dashboards via the API
- Users are able to choose a default dashboard view
Q3 2019 Release Notes
VMware Partnership announced. Kenna's vulnerability risk intelligence is integrated with VMware AppDefense, a part of the VMware vSphere Platinum offering, to empower virtual administrators with vulnerability risk scoring, context, and prioritized patch recommendations.
Kenna made significant improvements to the underlying Dashboard code which resoluted in improved Dashboard Performance, decreasing page load times and increasing navigation speed for an overall improved customer experience.
Explore page containing a large number of groups will now have much faster load times.
Additional Connector Health Improvements: We’ve added increased specificity to the error message if the connector fails to help diagnose and remediate issues more quickly.
Incorporated underlying improvements to the Application Sort function permit rapid sorting of applications by Highest Risk Vulnerability.
Kenna App in the ServiceNow Store. It will display the Kenna Risk Score for CVEs pulled from Kenna into ServiceNow.
Admin now how the ability to set custom permissions via the API.
Enhancements to Veracode Connector:
- Login with API key, instead of username and password
- Create an asset for each unique URL, associate vulnerabilities to those unique assets
Added Support for JIRA Oauth Authentication.
Added support for IBM Security AppScan Enterprise Connector.
Q2 2019 Release Notes
What a busy quarter! Kenna engineering has been working really hard delivering upgrades all over the app and the API.
API Documentation has been improved and is now easier to navigate and interact with. Check it out here.
AppSec Reporting can be accessed from the AppSec menu, and includes your application risk summary scores and charts.
AppSec API Endpoints were also introduced, so you can add applications and manipulate them from our API.
Kenna Agent is a new alternative for on-prem installed connectors and is available for a limited number of products right now, including Nexpose and Sonatype. Also new is a helpful UI for setting up the Agent (found in the "Add Connectors" setup area). More information on setting up the Agent can be found here.
Connector Health is an addition to the Connectors page that shows whether the most recent connector run was a success or failure, and if it failed what the reason was.
True Risk is an indication of what a Risk Meter's score would be if it included vulnerabilities that have been Risk Accepted. This number will show on any Risk Meter Reporting pages where risk accepted vulnerabilities are present.
Cherwell connector has improved functionality and can now be configured exactly as desired. See this page for how to customize your Cherwell connector.
API Keys are now able to follow a user's permissions - so your read only users can access the API and have read only access. More details on this can be found on the API Keys help page.
Persistent Due Dates are now available as an option on your SLA Policy page. For customers in heavily containerized environments, this can be very useful to track vulnerabilities that are ongoing with spinning down and spinning up new containers.
Netsparker connector has been extended to pull the CWE or WASC identifier, if available.
Qualys connector was updated to distinguish between the Exploitable and Non Exploitable parameter that they have.
Threat Feed API has several additions - we have added the CVSS Temporal scores and now allow you to query it for multiple CVE details at once. It accepts comma separated CVEs (limit of 600 CVEs at a time).
Jira connector assignee list can now be configured to be set to a typeahead field. This is extremely useful for Jira setups with a large number of users. This can be configured at the connector level - reach out to Support if you want to turn this on for your instance!
Q1 2019 Release Notes
Kenna released a major UI update for our Application Risk Module, as well as some smaller improvements for Remedy ticketing users and API users.
Application Risk Module UI Update was launched in January and creates a completely new and custom experience for ARM customers. It allows you to see your applications in a more logical manner and accommodates free text metadata, in addition to reports for each of your applications. More detailed information is available on the ARM help page.
Remedy Ticketing was updated with improvements to templates and ticket creation.
CSV Export now has a column for the associated service ticket number and the service ticket status.
Asset Detail View can now be sorted by Application name.
CVSS v3 scores were added to the UI and can be seen on some vulnerabilities in the Explore view.
API Keys are now contained on a page accessible by Kenna Admins. From Settings page, Kenna Admins can access the API Keys page and see which of their users have API keys and interact with those keys.
There is now the ability to generate a key or revoke a key from a user's User Detail page as well.
Sonatype Connector was extended to allow for customization for which field Kenna pulls in as the Application Name.
Q4 2018 Release Notes
As we close out the year, Kenna pushed some big, exciting features! Thanks for being a customer this year, we hope you enjoy these enhancements to the Kenna experience!
Home Tab was launched to provide you with a more robust at a glance. For more detailed information, see the help page here.
Benchmarking your total risk score is now available for comparing your score with your industries (and other industries in our database). For more detailed information, see the help page here.
API Keys were migrated from one-per-company to a per-user basis. That means that a unique API key can be generated for every individual user that needs one.
Tenable Performance Improvements were made to speed up Tenable connector runs.
New Connectors:
- Kenna Data Importer
- Hackerone (in beta test phase)
- Checkmarx (in beta test phase)
- InsightVM (in beta test phase)
Q3 2018 Release Notes
Q3 saw some exciting improvements to the platform, as well as a new Threat Feed and several new and improved Connectors.
Role Based Access Controls are now available to administrators to create custom permissions for their users from a list of present permission groups. These can be found under User Roles from the Settings menu when selecting "Custom Access".
Custom Field Sort is available now on the Explore page.
Updated Connectors:
- Bugcrowd - now importing remediation advice in the Scanner Fixes field
- WhiteHat - now displaying the Severity field
- OWASP ZAP - improved data import quality
- Qualys - improved data import quality
New Connectors:
- Tanium Comply (in beta test phase)
- Cherwell Ticketing (in beta test phase)
- Acunetix
As always, if you're interested in beta'ing a connector, just contact your Customer Success Engineer or other Kenna Security support person!
New Threat Feed - Proofpoint Emerging Threats Intelligence has been added as a threat feed to Kenna's Predictive Modeling Technology. Your vuln scoring now includes data points from Proofpoint, among other best in class threat feeds.
Q2 2018 Release Notes
- Several API enhancements. See API changelog.
- Application Risk Module launched.
- Exploit Predictions launched.
- AppSec Top Fixes added.
Q1 2018 Release Notes
- Several API enhancements. See API changelog.
- Filter vulnerabilities by running kernel via Qualys connector.
- Custom vulnerability risk score override.
- New BugCrowd connector launched.
- Customize SLA Policies based on found dates, creation dates, or published dates.
- Imperva WAF connector launched.
- WhiteHat Source connector launched.
- OWASP ZAP connector launched.
- BlackHat exploit kits now monitored and tracked.
- Proofpoint Emerging Threats intelligence added.
- New Risk Accepted Over Time chart.
- New False Positive Over Time chart.
Q3/4 2017 Release Notes
- Several API enhancements. See API changelog.
- New CSV Uploader
- Asset details page now filters vulnerabilities by status
Summer 2017 Release Notes
- Several API enhancements. See API changelog.
- Bulk editing of Asset owners in Home.
- Support for Fortify On Demand formats via the Fortify connector.
- New BlackDuck connector launched.
- New Outpost24 Outscan connector in beta.
- Support for custom values in ServiceNow ticketing connector.
- Support for ServiceNow CI ID as an asset identifier in Kenna.
- Support for multiple IP's per asset in ServiceNow CMDB connector.
- Support for new WebInspect format.
- New Malware Exploitable filtering and info on vulnerabilities.
- Support for multiple templates in ServiceNow Ticketing connector.
- Asset operating systems updated by OpenVAS connector.
- Support the tracking of vulnerability statuses of the same vulnerability on multiple ports of a single asset.
Spring 2017 Release Notes
- Several API enhancements. See API changelog.
- Scanner scores are now available in the Vulnerabilities tab on the Home page.
- Dashboard 2.0 is here!
- ServiceNow CMDB Connector beta release. Contact your Customer Success Manager for access.
- Asset IDs added to Top Fixes exports
- New "Include All Assets" filter on the Home page.
Winter 2017 Release Notes
- Number of Fixes added to Risk Meter summaries in dashboard & reports
- Remedy Connector launched for Remedy On Demand and on-premise
- Jira connector now supports Jira 7 and Jira Cloud
- Checkmarx connector launched
- New Alert: Connector Failure
- Notes field now included in CSV exports
Fall 2016 Release Notes
- ServiceNow connector now supports custom tables
- Kenna now supports CWE identifiers in addition to WASC-TC and CVE
- Nexpose and Qualys connectors now create individual entries for "informational" vulnerabilities
- Subscribe to reports
- All file based connectors now support .zip uploads
- SAML support is here!
- Several API enhancements. See API changelog
Summer 2016 Release Notes
- Launched new SLA Settings to automatically set due dates for vulnerabilities.
- Launched new Alerting feature!
- Added separate connector for Qualys WAS
- Auto-tag assets with application name from Qualys WAS
- Search on "vulnerability_found" dates in Home. More search syntax here.
- Link to vulnerabilities list in Home from both Top Fixes Vulns Affected and Fixes tab Vulns Affected
- Added current Risk Meter score, risk reduction score, operating system to Top Fixes CSV
- Display alternative Fixes for a vulnerability from Fixes tab or Top Fixes
- Added ip address restrictions on access of Kenna instances
- Added ability to perform a negative search on fix published date
- Changed Top Fixes CSV export format to one asset/fix per line
- Several API enhancements. See API changelog
- Added D2 Elliot exploits to platform and Easily Exploitable filter
Spring 2016 Release Notes
- Edit Risk Meter Groups criteria using the pencil icon from the Home page
- Several API enhancements. See API changelog
- Edit Risk Meter Group names from the Dashboard using the pencil icon
- Added "Send via Email" to Top Fix Groups
- Added ability to sort Fixes by number of vulnerabilities addressed in Fixes tab
- Added ServiceNow & Jira integrations to Top Fix Groups
- Top Fix Groups: We've added a list of top fixes by risk reduction for each Risk Meter
- Support for Auto-Close of vulnerabilities imported from McAfee VM
- Added a Consequence tab for Fixes to display the potential risk of not fixing a vulnerability
- Support for Qualys hierarchal tags
- Added ability to search on Fix Published dates. Example: fix_published:<2015-11-01
- Accept .fpr file uploads with the Fortify connector
- Display Qualys protocol information along with ports in Asset details page
- CVE description added to the Vulnerabilities API end point
- Include Solution information in ServiceNow tickets
- Re-activate inactive assets that are found by a scanner
- Increased password complexity requirements
Winter 2016 Release Notes
- "grey out" Risk Accepted and False Positives in vulnerability grid on Home
- Vulnerability grid on Home is now sorted by Score (high to low)
- Added several new search functions including: scanner_id, absence of service ticket, and leading wildcards. See doc for more details.
- Added Risk Meter score to Vulnerabilities tab in Home.
- ServiceNow Connector Updates:
- Support for ServiceNow templates
- Populate tickets with Scanner IDs
- Tenable SecurityCenter tags now imported by connector.
- Several API enhancements. See API changelog.
- Role Based Access Control - Details here.
- Reporting 2.0 - Details here.
- Automatically inactivate assets based on "last seen" date using Asset Settings menu.
- New Nessus Importer connector to import scan info without running a new scan.
- Vulnerability due dates associated with individual vulnerabilities.
- Filter for Remote Code Execution vulnerabilities in Home page.
- Added ability to perform a re-scan of a vulnerability using Nexpose connector.
- Added support for Qualys EC2 asset tracking method.
- Added support for Qualys Canadian platform.
Summer 2015 Release Notes
API Updates
There were several updates made to our RESTful API. See API doc for changelog.
Qualys Connector Updates
Ability to pull in PCI flag value of Qualys vulnerabilities and filter on it.
Security Center Connector Updates
Ability to pull in “Risk Accepted” vulnerabilities from Security Center and store them with a Risk Accepted status in Kenna.
UX Updates
Persistent setting preferences in datagrid display (Home page). Ability to hide asset tags when viewing assets and vulnerabilities tabs in Home page.
New Integration
We launched our ServiceNow integration allowing Kenna users to generate and track service tickets directly from Kenna.
Winter 2015 Release Notes
- Added Massive Bulk Edit Operations on Vulnerabilities.
- Added Risk Accepted vulnerability state.
- Added False Positive vulnerability state.
- Discovered dates now displayed in the vulnerabilities table in Home.
- Closed dates now displayed in the vulnerabilities table in Home.
- Ability to filter on vulnerable ports in Home.
- Support for Nessus 6.
- New Dashboard Compare tab displays vulnerabilities trending by operating systems and tags.
- API Updates: There were several updates made to our RESTful API. See API doc for changelog.
Q4 2014 Release Notes
- Add Massive Bulk Edit Operations on Assets.
- New OpenVAS Connector.
- New McAfee Vulnerability Manager Connector.
- Display and sort assets by Risk Meter score.
- Add ability to send Fixes via email.
- New Type Ahead searching of asset tags.
- Zero Day Vulnerability flagging of assets.
- Ability to download fixes to csv.
Summer 2014 Release Notes
New Simplified Changelog Format
- Filter vulnerabilities by locator type.
- Add color scales to Risk Meter hover: Hovering over a Risk Meter exposes the green, yellow, red color scale.
- Beyond Security connector: Kenna now integrates with BeyondSecurity vulnerability scanner.
- Qualys certificate authentication: Qualys connector now works with Qualys certificate authentication.
- Expose references, CVE's and assets for each “fix” in Fixes tab.
- Dell CTU threat data now included and correlated with vulnerabilities.
- Threat Trends: Dashboard now includes ThreatTrends pane including successful exploit and attack data across all of our threat sources.
- Qualys WAS connector: Kenna Qualys connector now pulls associated Web Application Scan data from Qualys.
- Fine grained scan scheduling: When scheduling Nessus scans through Kenna you can specify exact time of scan.
- Individual RM asset scores displayed in asset table: Each asset in asset table includes color coded risk meter score for that asset.
- Filtering of Fixes view: When filtering vulnerabilities or assets, only the Fixes for those vulnerabilities and assets are displayed in Fixes tab.
- Include scanner ID’s in Omniview vulnerability table: ID's from scanner vulnerabilities can be displayed in Vulnerabilities tab.
- TypeAhead suggestions for tags.
- API Updates: There were several updates made to our RESTful API. See API doc for changelog.
March & April '14 Release Notes
Dell SecureWorks Integration
Kenna now offers full integration with Dell SecureWorks. SecureWorks customers have Single Sign On between the Counter Threat Platform and their Kenna instance. All asset information synched in Kenna can be imported into the SecureWorks Counter Threat Platform.
Web Application Attack Correlation
Kenna now tracks web application attacks from over 50,000 web sites and correlates those attacks with your open vulnerabilities in order to prioritize remediation on those that are under a large volume of attack.
Additional Fields Included in Data Exports
We've added additional fields to vulnerability exports. The additional attributes include custom fields, active internet breaches, and easily exploitable vulnerabilities.
API Updates
We continue to add more functionality to our RESTful API. The latest updates allow for automating your vulnerability management program with file upload and connector run capabilities. The majority of API updates were to the Connectors end point. You can find a list of our API updates here.
January & February '14 Release Notes
Deactivate Assets
Kenna now has the ability to deactivate assets within your account. This allows users to filter these deactivated assets out of their asset and vulnerability views and not include any of these stats within your dashboard metrics. Just like tagging and prioritizing, you can deactivate assets in bulk using our bulk editing menu that appears after selecting multiple assets.
IP Address Range Searching
A common operation requested by our users has been searching assets by IP ranges. With this newly added search syntax you can now look for groups of assets by IP range. The search syntax is specific, for example, to search a range from 192.168.1.1. - 192.168.100.100 use the following search: ip_address_locator:[192.168.1.1 TO 192.168.100.100]
User Interface Redesign
Our New User Interface Provides All Data in a Single View.
You've probably noticed this one but we have completely overhauled the user experience. With our new interface we have combined assets, vulnerabilities, and patches into a single, filterable and searchable view. All of the filters in the right hand sidebar will filter your view against all of these and include a Risk Meter score. Creating asset groups and Risk Meters for the dashboard are all within a click of this new omni-view. You can read the full details here.
Perimeter Scanning
With the help of our partners at Qualys, Kenna now offers perimeter vulnerability scanning that is fully integrated within the application. You can kick off perimeters directly from our sign up process or by creating a perimeter scanning connector using the Connectors tab.
December '13 Release Notes
Vulnerable Ports
For several connectors including Nessus and Qualys, Kenna now tracks vulnerable ports. Once a connector run is complete, you can filter your vulnerabilities by vulnerable ports from within the Vulnerabilities tab. This can be helpful in several use cases. One example: If you have multiple web services running on an asset and receive an SSL vulnerability, you can track this vulnerability to the vulnerable service running.
If a vulnerable port is detected, that port will also be added to the asset in the Assets tab as an open port.
Qualys Dynamic Asset Tags
In addition to Qualys Asset groups, Kenna will now automatically create new asset tags when a dynamic asset tag is discovered within Qualys. This will allow users to filter and report on these dynamic asset tags within Kenna, as well as create Asset Groups and associated Risk Meters for their dashboard.
Nexpose Site Tags
Our Rapid7 Nexpose connector will now automatically tag assets with their Nexpose Site Name as they are synched into Kenna. This will allow users to filter and report on these site tags within Kenna, as well as create Asset Groups and associated Risk Meters for their dashboard.
Performance Improvements
We've deployed tremendous performance improvements largely due to our new search and indexing infrastructure. In December we migrated our search and indexing over to Elastic Search primarily for performance reasons. With Elastic Search the Vulnerabilities tab loads on average 50+ times faster than previously and the Assets tab loads on average 30+ times faster than before. The differences are obvious and we think you'll be pleased. We're not done though, watch for more performance increases coming soon to a production environment near you.
Nexpose Auto-Close
On the heels of launching auto-close for Nessus, Kenna now supports auto-close for Nexpose as well. This works for both the Nexpose XML and Nexpose API connectors. Kenna will now monitor the differences in your scan outputs from Nexpose and automatically close vulnerabilities that are no longer detected, making it much easier to track state of your vulnerabilities over time.
Expanded Port Filtering
Last month we began tracking vulnerable ports and allowing users to filter on the top 10 vulnerable ports and top 10 open ports across their environment. This month we expanded the filtering and reporting capabilities to include all vulnerable and open ports.
On-Premise Jira Support
Through our virtual tunnel appliance, we now support on-premise Jira integration with Kenna. You'll need to deploy your virtual tunnel appliance on your network where it will have access to your Jira server and make sure you check the "use Virtual Tunnel" option within your Jira connector configuration. For more information on our Virtual Tunnel appliance please contact support@kennasecurity.com.
More API Improvements
We continue to make enhancements to the API. Some of the recent improvement include a partner API for managing client accounts and SSO integration. For a full least of API features and changes please see our API documentation: https://api.kennasecurity.com.
November '13 Release Notes
Nessus Auto-Close
The latest versions of the Nessus XML and API connectors produce deltas and auto-close vulnerabilities no longer found. The connector analyzes which assets were scanned with which plug-ins to determine whether or not the asset is still vulnerable to specific vulnerabilities. If they are found to have gone away, our connector will now auto-close them in Kenna for centralized tracking throughout the vulnerability lifecycle.
To learn more, see our blog post on Nessus Auto-Close.
October '13 Release Notes
Risk Meter Dashboard
The Risk Meter dashboard provides an at-a-glance view of security risk across organizational assets. With the new dashboard, you can now save a Risk Meter based on asset groups to view at any time within your dashboard page. New asset groups are automatically saved to the dashboard for later viewing. You can also create asset groups directly from the dashboard just by clicking on the New Risk Meter button.
The Risk Meter Dashboard provides this view of security risk across any group of assets.
Asset and Vulnerability Groups
Saved search has been modified to allow for the creation of asset and vulnerability groups. These groups can be created through any of the filters, tags, and searches used in the assets and vulnerabilities tab. All Asset Groups are automatically saved to the Risk Meter Dashboard as noted above.
To save an Asset or Vulnerability group just perform a filter or search against your assets or vulnerabilities and then click Save. You will be prompted to name the asset or vulnerability group. You can then view the group at any time with the link provided in the upper right of the sidebar.
Filter Assets by Connector
You can now filter your assets by connectors. This can be used to quickly tag all assets coming in from a given connector or creating asset groups by connector. You'll find the connector filter in the sidebar of the Assets tab.
Qualys Tag Importing
In addition to Qualys asset groups, Kenna now automatically imports Qualys asset tags and tags those same assets. This allows for greater continuity between your Kenna and Qualys asset structure. This update does not yet include Qualys dynamic tags which will be added in a later release.
More API Improvements
We continue to make enhancements to the API. Some of the recent improvement include a partner API for managing client accounts and SSO integration. For a full least of API features and changes please see our API documentation: https://api.kennasecurity.com.
September '13 Release Notes
Risk Meter
The Risk Meter is an asset-based measure of the security risk a group of assets poses to an organization. Our proprietary algorithm is based on the following signals:
- Adjusted CVSS: We adjust the scores with an algorithm which ensures that CVSS is a better indicator of the probability of a breach.
- Exploit Analytics: Does a vulnerability have known exploits or breaches and are they being observed in the wild? Is this vulnerability a popular target?
- Asset Priority: How critical is the asset to your infrastructure? You can modify this priority in bulk or individually.
The Risk Meter will give you an at-a-glance look at your risk across a select group of assets. As you filter your assets your Risk Meter score is dynamically updated. To view the Risk Meter just navigate to the Assets tab.
Dynamic Patch Reports
As part of the launch of the Risk Meter, we now have a dynamically updated patch report to match each Risk Meter. As you filter or search against your assets, the Risk Meter score will update to reflect those assets and the patch report will include the patches and advisories related to the assets within the current view. The patch report itself is sorted in order of risk reduction prioritizing the patches that will have the greatest effect on your environment.
You can view the new dynamic patch reports within the Assets tab located directly under the Risk Meter.
More API Improvements
We continue to make enhancements to the API. Some of the recent improvement include primary_locator's to asset responses, asset id's to vulnerability responses, definition data to vulnerability responses and much more. For a full least of API features and changes please see: https://api.kennasecurity.com.
Qualys Asset Tag Import
In addition to Qualys asset groups, we now automatically import Qualys asset tags and tag your new assets with those tags. This allows users to maintain a structure they have established within Qualys and then expand on it with additional tags and meta data. The QualysGuard connector will automatically pull in these tags with your new assets.
August '13 Release Notes
Nessus API Connector - Command & Control
We added a connector for Tenable Nessus that takes advantage of the Nessus API. This connector is in addition to both our Nessus XML connector and the Security Center connector.
With this newest connector Kenna users can schedule the importing of vulnerabilities and assets on a daily, weekly or monthly basis. Our Nessus users can also schedule and kick off scans with their Nessus scanner directly from Kenna. By combining this new functionality with our virtual tunnel, you can ensure all of your on-premise scan reports are loaded automatically into your instance of Kenna.
New Asset Filtering & Searching
New facets have been added to the Assets tab. You can now filter your assets by Service Names, Open Ports, Service Protocols, Service Products, Connector Names, and Connector Types.
We recently wrote a blog post on some examples of using the service and port filtering in combination with nmap scans. Check it out and let us know what you think.
Multi-Tag Roles
We received a lot of requests from our users in expanding our role-based access controls to allow for multiple tags to be assigned to a role. Well you asked and we delivered.
With multi-tag roles, you can take advantage of existing structure setup in your scanners to grant access to specific assets as they show up in Kenna to only those who need it. This gives our users the ability slice up their reporting and dashboards by many tags while still managing a smaller amount of roles by grouping tags within them.
Qualys EU Platform Support
Our Qualys connector integration has been extended to support the Qualys EU platform. The connector works just as before but now gives you the option to authenticate to both the US and EU Qualys platforms.
API Improvements
In addition to several performance improvements made to our API we have also added new data such as returning all tags associated with an asset when pulling asset data via the API. You can find more details about these changes and all of our API functionality at api.kennasecurity.com.
Expanded Virtual Tunnel Capabilities
We expanded the connectors our Virtual Tunnel works with to include the new Nessus API connector, the Nexpose API connector, the Jira connector, and the Qualys connector.
Our virtual tunnel is a virtual appliance that allows for connectivity between your Kenna instance and your on premise tools.
Comments
Please sign in to leave a comment.