InsightVM Recent Releases / Apr 28, 2021

Apr 28, 20216.6.80

New

  • New Microsoft Patch Tuesday dashboard: Empower your security teams with this new specialized dashboard template that tracks your environment's exposure to the vulnerabilities disclosed with every Microsoft Patch Tuesday release. Don't forget to check your dashboard template library every month for the latest edition!
  • New dashboard cards: The following new cards are now available to add to your dashboards:
    • Assets by Type - This card features a bar chart that accounts for all the device types (such as "printer" and "server" values returned by the os.type filter parameter) of assets in scope which you can filter as needed. Each bar shows the quantity for each device type in descending order from left to right.
    • Average Days to Remediate by Severity - This card shows the average number of days needed to remediate a given vulnerability for all the vulnerabilities remediated per week within the selected time frame.
    • Number of Unique Vulnerabilities - This card shows you the percentage of unique vulnerabilities that have been found in your environment compared to all the unique vulnerabilities in Rapid7's database.
  • Proof data on cloud-edition vulnerability detail pages: Clicking on an asset row in the Affected Assets table of cloud-edition vulnerability detail pages will now produce a panel that contains proof information for that vulnerability instance.
  • Improved dashboard banner styling: Dashboard banner styling has been polished to promote visual distinction from dashboard cards.
Customer Requested
  • New custom vulnerability check functionality: The Security Console will now automatically load custom vulnerability checks on whichever Scan Engine is in use when the scan starts.

Improved

  • Updated Center for Internet Security (CIS) policies: We updated the following CIS policies:
    • Ubuntu Linux 16.04 LTS, version 2.0.0
    • Kubernetes, version 1.6.1
  • Improved policy assessment performance: Our Windows privilege enumeration process for policy assessments is now more efficient.

Fixed

  • Our Java fingerprinting process now better handles version numbers that contain dashes (-) or underscores (_). This change reduces the likelihood of false positives associated with Java versions that contain these characters.
  • We fixed an issue that prevented AWS assets which required pre-scan verification from being scanned when a blackout was overridden.
  • We fixed an issue that prevented asset detail pages from consistently displaying all discovered services from the last scan.
  • We fixed an issue that prevented scans from starting if the site scope included any assets that had an alternate MAC address that was not associated with an IP address.
  • We fixed an issue that prevented InsightVM from retrieving CyberArk credentials when a scan was paused and then resumed.
  • We fixed an issue that caused vulnerability scans to utilize excessive memory when scanning Windows Domain Controllers.
  • We fixed an issue with CIS Windows benchmarks where the rule "Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'" could give incorrect results due to case sensitivity.
  • We updated our fingerprinting for SolarWinds DameWare Mini Remote Control to reduce false negatives.

Other Changes

  • The log-time-zone set <timezone> console command now only accepts time zones in GMT formats.