runZero release notes

Latest release notes

4.0.241120.0

2024-11-20

  • Tenable merge rules have been refined to reduce duplicate assets.
  • Connection-related error messages for the Active Directory (LDAP) integration have been improved.
  • Fingerprint improvements.

4.0.241118.0

2024-11-18

  • Intune data collection speed has been improved.
  • Qualys integration logging has been improved.
  • A bug occasionally causing unprocessed sample tasks to overload the task queue has been fixed.
  • Fingerprint improvements.

4.0.241114.0

2024-11-14

  • runZero now supports the Hikvision SADP protocol.
  • Microsoft Azure and Intune connections now complete faster.
  • Recent tasks can now be easily reprocessed to take advantage of updates to asset merge logic.
  • An issue that could prevent Shodan devices from being merged into existing assets has been resolved.
  • An issue that could cause explorers to unregister due to operational issues with runZero’s platform has been resolved.
  • An issue that caused api-export events to be logged as api-organization events has been fixed. The api-export events generated between versions 4.0.241022.0 and 4.0.241114.0 were logged as api-organization events.
  • Fingerprint improvements.

4.0.241109.0

2024-11-09

  • A bug that could prevent Qualys jobs from completing in some cases has been resolved.
  • Fingerprint improvements.

4.0.241106.0

2024-11-06

  • An issue that could cause Assets to have duplicate foreign data attribute sets has been resolved.
  • The CLI scanner --output-raw option now produces gzipped output and disables output directory creation.
  • The CLI scanner now supports the link4 and link6 scan targets for local network ranges.
  • The CLI scanner help output now omits redundant host-ping/subnet-ping options.
  • Fingerprint improvements.

4.0.241101.2

2024-11-01

  • A bug that could prevent enumeration of buggy TLS ECDH implementations has been resolved.
  • The scanner now reports SNMP interface aliases in addition to names.

4.0.241101.1

2024-11-01

  • An issue that would prevent assets scanned over certain VPNs from merging correctly has been resolved.

4.0.241101.0

2024-11-01

  • The event details modal now displays links to source and target objects.
  • The events data grid page now includes an Organization column.
  • The Tanium integration now retrieves endpoints’ Custom Tags when available.
  • The switch topology export options have been expanded to include the entire graph.
  • IP address ingestion via the CrowdStrike integration has been improved.
  • The metrics recalculation actions found on the task overview and dashboard have been improved.
  • Fingerprint improvements.

4.0.241029.0

2024-10-29

  • An issue that could cause the GCP integration to attempt to retrieve resources from deleted projects has been resolved.
  • Fingerprinting of Comtrol IO-Link devices is now supported.
  • The FortiGate to FortiManager (FGFM) protocol is now supported for asset discovery.
  • Fingerprint improvements.

4.0.241025.0

2024-10-25

  • Enhanced the task details page view for recurring tasks.
  • Information about whether individual users are required to use SSO is now displayed more clearly.
  • An issue involving processing of UTF-8 BOM sequences in CSV files has been resolved.
  • An issue causing broken links in the Switch Topology report has been resolved.
  • An issue preventing access to the standard query library from the EU region has been resolved.
  • An issue that could cause assets with stale service data to be fingerprinted incorrectly has been resolved.
  • Fingerprint improvements.

4.0.241023.0

2024-10-23

  • Backplane enumeration of OT devices using CIP over EtherNet/IP is now supported.
  • CSV exports can now include Unicode characters.
  • An issue that caused an error after editing organization settings has been fixed.
  • An issue that prevented “SSO Required” login restrictions from being enforced on existing user accounts has been resolved.

4.0.241022.0

2024-10-22

  • runZero now supports the creation of multiple export tokens.
  • Newly created export tokens now show creation information and allow setting a description.
  • Windows binaries are now exclusively signed with our runZero code signing certificate. The old Rumble code signing certificate has been retired.
  • The service inventory view “Summary” column has been renamed “Service response” to better represent the data.
  • A bug involving use of asset tags in alert templates has been fixed.
  • A bug in parsing tags set to have no value has been fixed.
  • A bug causing tags to get dropped from event rule data has been fixed.
  • A bug in formatting tag changes in the event log has been fixed.
  • A bug that prevented very long Explorer names from being fully visible on the Explorer details page has been resolved.
  • A bug impacting fingerprinting when an asset had certain integration sources has been resolved.
  • A bug in asset hostname collection from integration data has been resolved.
  • A bug causing Windows Subsystem for Linux (WSL) guests observed in MS 365 Defender data to be merged with their hosts has been resolved.
  • Merge avoidance logic for integration data has been improved.
  • Merge logic improvements.
  • Fingerprint improvements.

4.0.241016.0

2024-10-16

  • An issue causing current organization to be inconsistent when opening links in the console has been resolved.
  • An issue causing the task card on the Explorer details page to show tasks from other Explorers when multiple Explorers with the same name are present in the organization has been resolved.
  • An issue involving email invites from users with punctuation characters in their names was fixed.
  • An issue that prevented exporting vulnerabilities from the UI when filtering by site has been resolved.
  • An issue that prevented viewing recurring task details when no subtasks existed has been resolved.
  • Fingerprint improvements.

4.0.241015.0

2024-10-15

  • runZero now integrates with NetBox.
  • Added new duration and average duration columns to the Completed and Recurring task list pages. This allows viewing and sorting tasks by duration.
  • Added a quick link to login with SSO for self-hosted installs.
  • The dashboard menu now includes an option to recalculate dashboard metrics.
  • Individual assets can now be refingerprinted using the latest fingerprint database directly from the asset details page.
  • A bug preventing users from being redirected to a newly-created organization or project after creating one has been resolved.
  • A bug preventing the “Switch to” button in the organization table from working has been resolved.
  • An issue causing invalid asset links in the organization comparison report has been resolved.
  • Fingerprint improvements.

4.0.241010.0

2024-10-10

  • An issue that prevented logging in via SSO when a first name or last name was missing has been resolved.
  • An issue that allowed clicking on disabled project settings has been resolved.
  • Fingerprint improvements.

4.0.241009.0

2024-10-09

  • The active console region is now displayed on the login page.
  • Improved memory efficiency when exporting assets to Splunk via the runZero Splunk Add-on (requires v3.1.0 or greater of the add-on).
  • A bug preventing querying for assets with multiple CVE matches from the vulnerability inventory page has been resolved.
  • Explorers older than v4.0 have been phased out and can no longer connect to the console.
  • Fingerprint improvements.

4.0.241003.0

2024-10-03

  • A bug resulting in incorrect Software Inventory population in certain limited situations has been resolved.
  • A bug resulting in incorrect asset Type assertions in limited situations has been resolved.
  • Fingerprinting of Apple macOS from CrowdStrike data has been improved.
  • Merge logic improvements.
  • Fingerprint improvements.

4.0.241001.0

2024-10-01

  • An issue that prevented NOT and OR operators in queries on the site/organization report has been resolved.
  • A bug resulting in incorrect Operating System End of Life (EoL) values for Red Hat Enterprise Linux has been resolved.
  • A bug that could require some users to enter their email address twice on login has been resolved.
  • A new search keyword first_seen_task allows searching for assets first seen by a particular task.
  • The serial number coverage in the asset CSV export was expanded to include additional protocols and devices.
  • Fingerprint improvements.

4.0.240927.0

2024-09-27

  • Explorer TLS settings are now configurable via TLS_VERSION_MIN and TLS_VERSION_MAX parameters.
  • Software and Vulnerability inventory queries can now be saved to the query library.
  • Vulnerability groups now support searching by site ID or site name.
  • A bug that prevented the task status icon and associated error/warning logs from updating when selecting different tasks has been resolved.
  • Merge logic improvements.
  • Fingerprint improvements.

4.0.240926.0

2024-09-26

  • runZero scans now include the CUPS (IPP) Browser protocol as a new probe on UDP/631.
  • A bug that could lead to incorrect matching between Tenable sources has been resolved.
  • Any error messages from the SSO process are now prominently displayed.
  • Fingerprint improvements.

4.0.240925.0

2024-09-25

  • A bug resulting in malformed query when pivoting from grouped vulnerabilities with multiple CVEs has been resolved.
  • A bug that resulted in sending invalid JSON in some events that reference organization.id or site.id has been resolved.
  • A bug that could cause Wiz connections to report that results were not found even when using correct service account credentials has been resolved.
  • Fingerprint improvements.

4.0.240924.1

2024-09-24

  • A bug that could lead to an error message in scan logs from short rpcbind replies has been resolved.
  • The Site ID and Organization ID fields in event messages are now formatted as strings and not byte arrays.

4.0.240924.0

2024-09-24

  • A bug causing single-sign-on to fail with the error “Email address … is already in use” has been resolved.
  • A bug preventing the OS CPE value from being displayed in the Asset inventory has been resolved.
  • The Oracle Solaris Service Tag protocol is now supported for asset discovery.
  • Fingerprint improvements.

4.0.240923.0

2024-09-23

  • Introduced a new login screen.
  • runZero now integrates with Tanium API Gateway.
  • The API now supports the bulk removal of a custom integration source from a list of assets.
  • Begin signing Windows binaries with our new runZero, Inc. code signing certificate. We are currently dual signing with the old and new certificates.
  • The speed of navigating to subsequent pages in inventory tables has been improved.
  • Improved performance of the Wiz integration.
  • Minor UI enhancement to better provide event rule errors via tooltip within table.
  • An issue preventing event channels from displaying in the Channels list if the user who created them no longer exists has been resolved.
  • Upgraded npcap to v1.80.
  • A bug that could prevent Wiz vulnerability data from being processed has been resolved.
  • A bug in UUID handling in event rules was fixed.
  • A bug that prevented importing some Wiz assets that were created more than 180 days ago has been resolved.
  • A bug that resulted in incorrect directory user and group membership counts has been resolved.
  • The Wiz integration now properly syncs when the Wiz Service Account credential is limited to specific projects.
  • Fingerprint improvements.

4.0.240921.0

2024-09-21

  • Merge logic improvements.
  • Fingerprint improvements.

4.0.240919.0

2024-09-19

  • Merge logic improvements.
  • Fingerprint improvements.

4.0.240918.0

2024-09-18

  • A race condition that could lead to incorrect asset matching has been resolved.
  • A bug that could lead to integration attributes not being updated has been resolved.
  • A bug that prevented all-organization admins from managing alerts has been resolved.
  • The PCWORX protocol is now supported.
  • Fingerprint improvements.

4.0.240917.2

2024-09-17

  • An issue that could cause Crowdstrike tasks to fail and retry has been fixed.
  • Fingerprint improvements.

4.0.240917.1

2024-09-17

  • runZero now integrates with Microsoft Endpoint Configuration Manager (MECM).
  • The self-hosted platform now supports ARM64 (aarch64) on Linux.
  • Imported scan data now reports the correct scan times in the task view.
  • CrowdStrike device last seen fields can now be queried as relative timestamps.
  • The performance of the CrowdStrike integration has been improved.
  • A bug that could prevent self-hosted from installing on newer versions of Alma Linux has been resolved.
  • A bug in the display of the access summary of some users has been resolved.
  • A bug that prevented querying directory user and group attributes with relative time queries has been fixed.
  • Fingerprint improvements.

4.0.240910.2

2024-09-10

  • An issue that could prevent login link authentication from working has been resolved.
  • An issue that left temporary files in Explorer temp directories has been resolved.
  • An issue that prevented My Orgs from working with a large number of organizations has been resolved.

4.0.240909.0

2024-09-09

  • The login process has been redesigned for a smoother user experience.
  • An issue that could cause confusing navigation behavior when viewing different organizations in separate browser tabs has been resolved.
  • Merge logic improvements.
  • Fingerprint improvements.

4.0.240907.0

2024-09-07

  • Asset correlation has been improved for Meraki, ChromeOS, and SentinelOne sources.
  • Fingerprint improvements.

4.0.240904.1

2024-09-04

  • An issue that could result in tasks that import software records failing has been fixed.

4.0.240904.0

2024-09-04

  • A bug that could cause daily recurring tasks to incorrectly be scheduled after modification has been resolved.
  • Assets can now be identified using the Automatic Tank Gauge protocol.
  • Fingerprinting of Dell iDRAC devices has been improved.
  • The RFC1918 scan options are now available from the RFC 1918 reports page.
  • Asset merging logic has been improved.
  • Performance of foreign data integrations has been improved.
  • Fingerprint improvements.

4.0.240902.0

2024-09-02

  • An issue that could lead to incorrect correlation due to hardcoded device-side MAC addresses has been resolved.
  • Bogus network responses for PPTP and FTP services are now ignored.
  • Fingerprint improvements.

4.0.240829.0

2024-08-29

  • An issue with certain versions of Chrome that could cause the creation of large numbers of temporary files has been fixed.
  • A bug that could result in setting an incorrect asset Type based on integration data has been resolved.
  • An issue that could cause recurring tasks to create a new subtask when modifying properties other than “Start time” or “Scan frequency” has been resolved.
  • Time and date values in searches now support relative times in more cases.
  • Improved handling of API request retries for integrations.
  • JSON alert templates now render arrays and objects as JSON arrays and JSON objects, without needing to loop through fields or values.
  • Fingerprint improvements.

4.0.240826.0

2024-08-26

  • A bug that could cause custom integration attributes to be deleted during asset merging has been fixed.
  • A bug that could result in large numbers of attributes attached to assets in some situations has been fixed.
  • The performance of the CrowdStrike integration has been improved.
  • Fingerprint improvements.

4.0.240825.1

2024-08-25

  • A bug that could result in integration source attributes not aging out during merges has been resolved.

4.0.240825.0

2024-08-25

  • Scan and passive discovery tasks now complete faster for large sites.
  • CrowdStrike integration tasks now complete faster.
  • Fingerprint improvements.

4.0.240822.0

2024-08-22

  • Operating System End of Life (EoL) coverage has been improved for Cisco IOS XE, IBM AIX, Juniper Junos OS, and Palo Alto Networks PAN-OS.
  • Integration-source asset processing now avoids matching assets with excessive attribute sets.
  • Self-hosted installations now track performance profiles per task automatically.
  • The asset inventory now supports the foreign_attribute_count keyword.
  • Fingerprint improvements.

4.0.240820.0

2024-08-20

  • A new system query for assets past OS Extended End of Life has been added to the library.
  • Passive sampling tasks can now identify Avast, Bitdefender, Carbon Black, ESET, Kaspersky, McAfee, SentinelOne, and Trellix AV/EDR products.
  • The Alerts page has been redesigned for ease of use.
  • Asset merging performance has been improved.
  • Fingerprint improvements.

4.0.240817.0

2024-08-17

  • A bug that could result in bad matches due to blank foreign IDs has been resolved. Assets that had conflicting source data due to blank foreign ID matching will rebuild as part of normal job processing.

4.0.240816.0

2024-08-16

  • The self-hosted installer now supports custom installation and temporary directory paths.
  • The self-hosted installer now supports systems with disabled or restricted sudo.
  • The self-hosted console now supports text-format logging via the LOG_FORMAT=text configuration parameter.
  • Asset merging performance has been improved.
  • Fingerprint improvements.

4.0.240814.0

2024-08-14

  • The Meraki integration now supports filtering the imported assets by organization name and/or ID.
  • The Qualys integration now supports filtering the imported assets by tags.
  • The Operating System icons in the Asset Inventory view have been improved.
  • License utilization is now available as a percentage on the license information page.
  • Directory group CSV exports now include the directory_group_user_count field at the end of the existing column set.
  • The Switch topology report has been redesigned for ease of use.
  • A bug that could cause multi-homed hosts to be missing links in the Switch topology report has been resolved.
  • Fingerprinting logic has been improved so as to better account for certain source combinations.
  • Fingerprint improvements.

4.0.240811.0

2024-08-11

  • A bug that prevented software vendor searches by prefix with wildcards from working was fixed.
  • Fingerprint improvements.

4.0.240809.0

2024-08-09

  • The Alert Templates page has been redesigned for ease of use.
  • A bug which caused valid JSON event rule templates to be rejected has been fixed.
  • A bug causing MAC and IP address mapping information to be dropped from custom integration device data was fixed.
  • Fingerprint improvements.

4.0.240807.0

2024-08-07

  • The Alert Rules page has been redesigned for ease of use.
  • Fingerprint improvements.

4.0.240803.0

2024-08-03

  • Azure and GCP subscription IDs are now also stored in the top-level asset attributes.
  • Fingerprint improvements.

4.0.240802.0

2024-08-02

  • A bug that could prevent the Tenable Security Center from importing data has been resolved.
  • The dashboard now supports filtering trending widgets by a customizable date range.
  • Improved detection of invalid services.
  • Fingerprint improvements.

4.0.240731.1

2024-07-31

  • A bug that could lead to HTTP service data ordering being incorrect has been resolved.

4.0.240731.0

2024-07-31

  • A bug that could reduce performance of large task processing has been resolved.
  • Fingerprint improvements.

4.0.240730.0

2024-07-30

  • Fingerprint improvements.

4.0.240729.1

2024-07-29

  • A bug that could prevent the CrowdStrike integration from running from an Explorer has been resolved.
  • The matching engine for integration-sourced assets is now faster, more accurate, and better at merging related devices.
  • SSH enumeration now results in more consistently-named fields.

4.0.240729.0

2024-07-29

  • The Meraki integration now supports filtering by VLAN and SSID.
  • Fingerprint improvements.

4.0.240727.0

2024-07-27

  • A bug that prevented vulnerability group exports from applying the search filter has been resolved.
  • SSH enumeration now captures all host keys as well as server extensions.
  • Fingerprint improvements.

4.0.240726.0

2024-07-26

  • A bug that prevented checkbox states from persisting in some cases has been resolved.
  • Fingerprint improvements.

4.0.240725.0

2024-07-25

  • Discovery of devices using the TwinCAT ADS protocol is now supported.
  • Asset risk, vulnerability, and outlier fields are now available for use in Event templates.
  • Temporary directory selection for Explorers has been improved.
  • A bug preventing the display of integration data fetch durations has been resolved.
  • Fingerprint improvements.

4.0.240722.0

2024-07-22

  • A bug that could result in vulnerabilites not being calculated when software entries were not present has been fixed.
  • Name-based asset matching has been significantly improved and now uses more sources and trusts PTR records less.
  • Fingerprint improvements.

4.0.240719.0

2024-07-19

  • A bug regarding the Tenable Security Center integration risk filter has been resolved.
  • Merging of VMware assets has been improved.
  • Fingerprint improvements.

4.0.240718.0

2024-07-18

  • A bug that caused the Goals Overview dashboard widget to display an incorrect number of days worth of data instead of the selected timeframe has been resolved.
  • Network topology calculation is now faster and runs as part of the metrics analysis task and not inline with normal task processing.
  • Additional Crowdstrike device data is available for users with access to Crowdstrike’s Discover API.
  • CrowdStrike, InTune, Tenable, and Wiz integrations are now faster at processing large datasets.
  • The Asset ID and Organization ID are now shown on their respective details pages.
  • Fingerprint improvements.

4.0.240716.0

2024-07-16

  • The CLI scanner now correctly supports the --import-pcap option.
  • Hosts with only some of their addresses excluded will now match existing assets during merge.
  • Meraki-connector sourced assets now report the wired-side MAC for better correlation.
  • Fingerprint improvements.

4.0.240715.1

2024-07-15

  • Connectors now use fast-fallback to IPv4 for non-responsive IPv6 endpoints.
  • A performance regression with topology calculation has been resolved.
  • The Tenable connector now supports filtering by source and tag.

4.0.240715.0

2024-07-15

  • Fingerprint improvements.

4.0.240712.0

2024-07-12

  • Performance of the Crowdstrike integration has been improved.
  • A bug that prevented inventory table preferences from persisting throughout the product has been resolved.
  • Fingerprint improvements.

4.0.240707.0

2024-07-07

  • Support for searching for assets and vulnerabilities by VulnCheck KEV membership has been added.
  • The CrowdStrike integration now retrieves more detailed information.
  • An issue that could prevent users with community licenses from initiating hosted scans has been fixed.
  • An issue that could cause VMware guest operating systems to be incorrectly fingerprinted has been fixed.
  • Fingerprint improvements.

4.0.240702.0

2024-07-02

  • An issue that could cause asset type to be set to Desktop incorrectly has been fixed.
  • An issue that could cause certain virtual machine types to not merge properly has been fixed.
  • An issue that could cause certain version comparison queries to not be parsed correctly has been fixed.
  • Fingerprint improvements.

4.0.240628.0

2024-06-28

  • Version fields across the product are now sortable semantically and can be filtered using the operators >, >=, <, <=, =.
  • The Meraki integration now supports filtering on specific networks by name or ID.
  • The scanner now supports the Canon BJNP protocol.
  • Fingerprint improvements.

4.0.240627.0

2024-06-27

  • EPSS scores for vulnerabilities are now searchable with the epss_score keyword.
  • The vulnerability information page now shows more information about CISA KEV membership and EPSS scores for vulnerabilities that have relevant information.
  • The Asset Ownership report now supports up to 15,000 owners at a time.
  • Major performance improvements in vulnerability search.
  • Fingerprint improvements.

4.0.240626.1

2024-06-26

  • The Meraki integration now populates the switch topology report.
  • VMware guests will now link correctly when observed between different ESXi servers and vCenter endpoints.
  • The Intune integration now supports an optional filter for devices.
  • The search option for the Azure AD integration has been deprecated.
  • A bug causing custom widgets to drill down into inventory views with an incorrect alive:t filter despite the query’s configuration has been resolved.
  • Fingerprint improvements.

4.0.240622.0

2024-06-22

  • A bug that could lead to incomplete MSSQL enumeration has been resolved.
  • A bug that could result in the wrong IP address being assigned to a CrowdStrike record has been resolved.
  • Fingerprint improvements.

4.0.240621.0

2024-06-21

  • A bug in the Organization Overview report has been fixed and the report speed was improved.
  • Custom widgets based on queries have been added to the dashboard. Users can create custom widgets from the widget library on the dashboard, or from the query library.
  • Improved discovery and data collection from Microsoft SQL Server endpoints.

4.0.240620.0

2024-06-20

  • Fingerprint improvements.

4.0.240619.2

2024-06-19

  • Improved logging for CrowdStrike connection errors.

4.0.240619.1

2024-06-19

  • A bug that could prevent CrowdStrike credentials from successfully validating has been resolved.
  • Fingerprint improvements.

4.0.240619.0

2024-06-19

  • A bug that could prevent Azure integrations from being created has been resolved.
  • Fingerprint improvements.

4.0.240618.0

2024-06-18

  • Passive traffic sampling is now more accurate at detecting syslog clients.
  • The scanner now supports providing scan options via a JSON formatted configuration file.
  • Fingerprint improvements.

4.0.240616.0

2024-06-16

  • The Export API endpoints now support POST requests with application/x-www-form-urlencoded parameters. This allows for larger search queries and field filters to be specified.
  • Fingerprint improvements.

4.0.240614.0

2024-06-14

  • A bug that could result in stalled scans in some situations has been fixed.
  • x.509 serial number values in tls.serial will no longer have the leading zero removed.
  • Fingerprint improvements.

4.0.240613.0

2024-06-13

  • A bug that could prevent non-Windows installations of the runZero Explorer from restarting has been resolved.
  • A bug that could result in stale MAC addresses accruing on Tenable assets has been resolved.
  • A bug that could result in long timeouts for CrowdStrike tasks with invalid credentials has been resolved.
  • A bug that prevented custom integration attribute links from returning results with mix-cased integration names has been resolved.
  • Fingerprinting for Azure VMs now prefers the Azure HW assertion over other sources.
  • Fingerprint improvements.

4.0.240612.0

2024-06-12

  • A bug that could cause the Meraki integration to error has been resolved.
  • A bug that could cause incorrect data to display on the dashboard’s most and least seen widgets when toggling the view has been resolved.
  • Fingerprint improvements.

4.0.240610.0

2024-06-10

  • A visual bug making some toggles in the UI appear incorrectly has been resolved.
  • A bug that could prevent Intune devices from being synced has been resolved.
  • Fingerprint improvements.

4.0.240607.0

2024-06-07

  • Improved discovery and data collection from Microsoft SQL Server endpoints.
  • Fingerprint improvements.

4.0.240606.1

2024-06-06

  • A bug that could cause the Intune integration to skip syncing certain devices has been resolved.

4.0.240606.0

2024-06-06

  • A bug that could result in new Explorer installations on Windows not including npcap has been resolved.
  • A bug that could result in connector tasks being stuck in “stopping” status has been resolved.
  • Users with no access permissions are no longer allowed to view the account’s superusers.
  • Organization hierarchies are now supported up to four levels deep.
  • Fingerprint improvements.

4.0.240605.0

2024-06-05

  • Support for searching for assets and vulnerabilities by CISA KEV membership has been added.
  • Performance improvements.
  • Fingerprint improvements.

4.0.240603.0

2024-06-03

  • The Defender integration now supports filtering assets that have not been fully onboarded.
  • The Defender integration now supports the Graph API filter parameter when running as a scanner probe.
  • The Events view is no longer limited to the previous 30 days of records.
  • The Explorer now uses consistent file names during the upgrade process.
  • A bug that prevented the Defender and Intune configuration from validating when specifying a new Azure credential has been resolved.
  • Fingerprint improvements.

4.0.240531.0

2024-05-31

  • Discovery of devices using the XDMCP protocol is now supported.
  • A bug that could cause incorrect OS CPE generation has been resolved.
  • OS version information in Fortinet FortiOS CPE values has been improved.
  • Operating System End of Life (EoL) information is now available for Fortinet FortiOS.
  • Asset merge logic has been improved.
  • Fingerprint improvements.

4.0.240530.0

2024-05-30

  • A bug that could show a “user not found” error in API-submitted import jobs has been resolved.
  • Fingerprint improvements.

4.0.240529.1

2024-05-29

  • runZero now integrates with Meraki. This initial support syncs Devices and Clients to your runZero inventory.
  • A bug that could result in an “invalid query” message shown in the self-hosted query library has been resolved.
  • A bug that could result in incorrect display of Punycode-encoded hostnames has been resolved.
  • A bug that could lead to incorrectly assigned MAC addresses due to cross-VLAN mDNS relays in traffic sampling has been resolved.
  • A bug that could lead to invalid MAC address attributes from Defender 365 sources has been resolved.
  • A bug that could lead to runZero scan results being attached to not-onboarded Defender 365 assets instead of onboarded assets has been resolved.
  • A bug that could result in assets being marked as Laptops instead of Desktops has been resolved.
  • A bug that could result in multiple passive sampling tasks being scheduled on the same Explorer has been resolved.
  • Fingerprint improvements.

4.0.240524.0

2024-05-24

  • The dashboard now supports theater/kiosk mode and fullscreen display options.
  • The dashboard widget library now includes a customizable bookmarks widget, that can be used to jump to your favorite reports and views in runZero or to external web sites.
  • A bug that could prevent users with organization-specific roles from editing asset tags has been resolved.
  • Fingerprint improvements.

4.0.240522.0

2024-05-22

  • Performance improvements.
  • Fingerprint improvements.

4.0.240519.0

2024-05-19

  • The domain: scan target keyword now returns substantially more results for most domains.
  • The scanner now treats in-scope addresses found by SNMP as primary addresses.
  • The scanner no longer adds reflected IP addresses in L2TP hostname responses.
  • The scanner no longer merges specific Netgear switches unintentionally.
  • The AzureAD (EntraID) connector now supports the $search and $filter parameters for the Microsoft Graph API.
  • The LDAP connector now syncs additional fields, including employeeID, ms-Mcs-AdmPwdExpirationTime, and ms-LAPS-PasswordExpirationTime.
  • The CrowdStrike connector now provides better OS fingerprinting during multi-source asset processing.
  • The Qualys connector is now more resilient with transient network and service timeouts.
  • The Qualys connector now prioritizes Agent-based operating system fingerprints.
  • The Custom Integration SDK can now ingest ipAddresses, ipAddressesExtra, and macAddresses fields directly without the presence of a NetworkInterface structure.
  • A bug that could prevent the Tenable connector from exporting data has been resolved.
  • A bug that could result in stale asset attributes after passive discovery has been resolved.
  • A bug that could result in stale service summary columns has been resolved.
  • Fingerprint improvements.

4.0.240516.0

2024-05-16

  • Fingerprint improvements.

4.0.240514.0

2024-05-14

  • Filtering of bogus responses, particularly from interception features of Fortinet gear, has been greatly improved.
  • Improved logging for Azure and Intune integrations.
  • Fingerprint improvements.

4.0.240508.0

2024-05-08

  • A bug that could result in unexpected Wiz authentication errors being included in task logs has been resolved.

4.0.240503.0

2024-05-03

  • Creating hosted zone scan tasks via API no longer fails if the site has no non-hosted explorers.
  • Fingerprint improvements.

4.0.240501.0

2024-05-01

  • Fingerprint improvements.

4.0.240429.0

2024-04-29

  • Improved handling of large vulnerability results in the CrowdStrike integration.
  • Fingerprint improvements.

4.0.240425.0

2024-04-25

  • Fingerprint improvements.

4.0.240424.0

2024-04-24

  • Fingerprint improvements.

4.0.240423.0

2024-04-23

  • A bug that prevented SSO users from setting a password when SSO was disabled at the runZero account level has been resolved.
  • Operating System End of Life (EoL) information is now available for SUSE Enterprise Linux and Apple tvOS.
  • Fingerprint improvements.

4.0.240419.0

2024-04-19

  • Fingerprinting of assets based on Microsoft 365 Defender data has been improved.
  • Fingerprint improvements.

4.0.240417.0

2024-04-17

  • Accessibility improvements.
  • A bug that could result in errors when deleting a site has been resolved.
  • A bug that could cause Wiz tasks to error has been resolved.
  • Fingerprint improvements.

4.0.240411.0

2024-04-11

  • runZero customers can now sync asset, software, and vulnerability data from Wiz.
  • Fingerprint improvements.

4.0.240410.0

2024-04-10

  • The runZero dashboard has been improved to better respond to browser window resizing.
  • Fingerprint improvements.

4.0.240408.0

2024-04-08

  • Data collection from slow SSH services has been improved.
  • Fortinet devices are now less likely to cause duplicate assets when traffic is collected using traffic sampling.
  • The runZero Explorer now silently skips non-ethernet-like utun (tunnel) interfaces on macOS.
  • A bug preventing the “User details” page for external users from loading has been resolved.
  • A bug that could lead to errors when changing email address was fixed.
  • A bug that could lead to errors when deleting a user was fixed.
  • Fingerprint improvements.

4.0.240405.0

2024-04-05

  • The profile settings page has been redesigned.
  • Names can now be given to multi-factor authentication tokens when enrolling new tokens.

4.0.240404.0

2024-04-04

  • Fingerprint improvements.

4.0.240403.0

2024-04-03

  • A bug that prevented proper click through from the Query Insights dashboard widget to the appropriate inventory view was fixed.
  • Matching of MAC addresses of Fortinet firewall devices was improved.
  • Fingerprint improvements.

4.0.240402.0

2024-04-02

  • Fingerprint improvements.

4.0.240401.0

2024-04-01

  • The layout of the runZero dashboard is now fully customizable.
  • The runZero dashboard now supports exporting views as CSV and PNG.
  • Fingerprint improvements.

4.0.240331.0

2024-03-31

  • Integration task processing is now much faster for assets with large numbers of MAC addresses.
  • A bug that could result in assets accumulating link-local IPv6 addresses has been resolved.
  • Fingerprint improvements.

4.0.240329.0

2024-03-29

  • The “Contact runZero support” menu has been redesigned.
  • A bug that could cause the services attribute report to fail has been resolved.
  • A bug that could cause hostnames with spaces to be turned into multiple hostnames when imported from the AzureAD connector has been resolved.
  • Improved logging for the Intune integration.
  • UI improvements.
  • Fingerprint improvements.

4.0.240327.0

2024-03-27

  • Tenable connector data processing is now significantly faster for devices with large numbers of MAC addresses.
  • A bug that could result in the self-hosted updater showing a SQL error during startup has been resolved.
  • A bug that could cause scans running on Windows Explorers to accidentially terminate unrelated processes has been resolved.
  • Fingerprint improvements.

4.0.240326.0

2024-03-26

  • The CrowdStrike connector now only imports actively installed software.
  • The CrowdStrike connector now handles large software and vulnerability results reliably.
  • The CrowdStrike connector now better filters system accounts from the lastInteractiveUser attribute.
  • Fingerprint improvements.

4.0.240325.0

2024-03-25

  • Fingerprint improvements.

4.0.240320.0

2024-03-20

  • Fingerprint improvements.

4.0.240318.0

2024-03-18

  • Task ID is now visible when inspecting a task on the task overview page and on the task details page.
  • An issue with calculating mid-scan progress for connector tasks running on Explorers has been resolved.
  • A bug that could cause service start issues after upgrading self-hosted runZero instances has been resolved.
  • Fingerprint improvements.

4.0.240314.0

2024-03-14

  • Colors throughout the product have been tweaked to improve accessibility, legibility, and consistency.
  • Tables in the product can now be configured to prefer a mono-spaced variant of the table font.
  • Tables throughout the product now allow users to choose text casing preference, available via the “Prefs” dropdown.
  • An issue that could prevent updates to Directory Users / Groups has been resolved.
  • A bug that could cause the “concurrency” setting on Explorers to be incorrectly changed when editing an Explorer’s settings has been resolved.
  • Accessibility improvements.
  • Fingerprint improvements.

4.0.240311.0

2024-03-11

  • An issue with processing malformed header data from RTSP responses has been resolved.
  • The runZero scanner now completes faster for local networks.
  • Self-hosted customers can now unbind SSO from a user account using the runzeroctl user reset command.
  • Self-hosted customers can now change the SSO mode using the runzeroctl sso-mode mode command.
  • Accessibility improvements.
  • Fingerprint improvements.

4.0.240308.0

2024-03-08

  • A bug that could cause short keywords to not show any autocomplete suggestions in the query builder has been resolved.
  • Long fields in Nmap XML exports of asset data are no longer truncated.
  • Probing devices using EtherNet/IP is now supported over UDP.
  • Fingerprint improvements.

4.0.240306.0

2024-03-06

  • An issue that could prevent new self hosted installations or updating existing installations has been resolved.
  • Fingerprint improvements.

4.0.240305.1

2024-03-05

  • An issue that could result in incorrect asset merging in certain situations has been resolved.
  • An issue that could result in delayed analysis for busy Organizations has been resolved.
  • Fingerprint improvements.

4.0.240305.0

2024-03-05

  • Fingerprint improvements.

4.0.240304.0

2024-03-04

  • Fingerprint improvements.

4.0.240301.0

2024-03-01

  • A new “serialNumbers” column has been added to the asset CSV export. This field contains serial numbers observed during scanning, along with the protocol used to discover the serial number.
  • An issue that could cause incorrect attack surface assignment to assets discovered by traffic sampling has been fixed.
  • A bug which caused some task errors and warnings to fail to display has been fixed.
  • Fingerprint improvements.

4.0.240228.0

2024-02-28

  • A bug that could prevent sites from being created per project for the Google Cloud Platform integration has been resolved.
  • Fingerprint improvements.

4.0.240226.0

2024-02-26

  • A bug impacting Operating System End of Life (EoL) assertions for certain versions of Microsoft Windows and Linux distributions has been resolved.

4.0.240223.0

2024-02-23

  • A bug that could cause organization statistics to become out of date in organizations with frequent and concurrent tasks has been resolved.
  • Operating System End of Life (EoL) information is now available for Apple iOS and iPadOS as well as CentOS Stream.
  • Operating System Extended End of Life (EoL) generation has been improved.
  • Fingerprint improvements.

4.0.240221.0

2024-02-21

  • The vulnerability inventory is now much faster for large organizations.
  • Fingerprinting of devices via BGP is now supported.
  • Tenable integration performance has been improved.
  • A bug that could cause the asset and service attribute reports to fail has been resolved.
  • A bug causing some credential form fields to disappear when modifying an existing credential has been resolved.
  • An issue with the query format of site-filtered insights has been resolved.
  • Fingerprint improvements.

4.0.240218.0

2024-02-18

  • Software inventory is now calcuated as part of metrics, reducing task processing time.
  • A bug that prevented the Organization picker from working on some pages has been resolved.
  • Saved queries in the search suggestions menu are now ordered by when they were last updated.
  • Improved asset correlation logic for devices with wired and wireless interfaces.
  • Improved OS detection logic when considering multiple data sources.
  • Fingerprint improvements.

4.0.240216.0

2024-02-16

  • Improved correlation behavior for assets with information from NTLMSSP or Qualys.
  • Search query and query builder autocomplete results have been improved for shorter sets of input.
  • A bug preventing the parent-organization-picker from appearing on the organization create and edit pages has been resolved.
  • Fingerprint improvements.

4.0.240214.0

2024-02-14

  • Improved protocol detection during traffic sampling.
  • The alert event type emitted after a client switch has changed from “login” to “client-switched”.
  • The “Site” column has been removed from the software groups table.
  • An issue where the software inventory sometimes failed to update after a task has been resolved.

4.0.240213.0

2024-02-13

  • The Software Inventory is now much faster for large organizations.
  • An issue that could result in stale service attributes persisting through rescans has been resolved.
  • The LOG_FORMAT and LOG_MAX_LENGTH configuration values were renamed to RUNZERO_LOG_FORMAT and RUNZERO_LOG_MAX_LENGTH respectively. The old values will continue to work but are deprecated.
  • The request timeout for the Qualys integration has been decreased.
  • TCP stack based OS fingerprinting has been improved.
  • Fingerprint improvements.

4.0.240208.0

2024-02-08

  • An issue with adding addresses for Custom Integration assets without MACs has been resolved.
  • The request timeout for the Qualys integration has been increased.

4.0.240207.0

2024-02-07

  • Additional data points for result count and sent/received data have been added to the Tasks CSV export.
  • An issue with the display format of site subnet tags on assets has been resolved.

4.0.240206.0

2024-02-06

  • Improved performance on the Software inventory table.
  • Additional fields added to Query Builder autocomplete.
  • An issue that prevented Site Subnet information from exporting with Assets has been resolved.
  • An issue with data missing from the default email template for alerts has been resolved.

4.0.240205.0

2024-02-05

  • Filtering of hostnames collected from TLS X.509 certificates has been improved.
  • An issue that could cause overlapping subnets to apply another Site’s subnet tags has been resolved.
  • An issue that could result in incorrect asset correlation between HP iLOs and their servers has been resolved.
  • Fingerprint improvements.

4.0.240202.0

2024-02-02

  • Performance of Tenable.io connector tasks when only a subset of Severity/Risk values are selected has been improved.
  • An issue that allowed users with the Administrator role to downgrade their own permissions has been resolved.
  • An issue that could prevent Nessus attributes from being fully hydrated by runZero has been resolved.
  • Fingerprint improvements.

4.0.240131.0

2024-01-31

  • Fingerprint improvements.

4.0.240129.0

2024-01-29

  • A query builder is now available, accessible from most datagrids by clicking the “Query builder” button to the right of the search bar.
  • An issue which caused some out-of-date service information to remain on assets has been resolved.
  • An issue which caused service information to be incorrectly removed from assets that were offline during a scan has been resolved.

4.0.240126.0

2024-01-26

  • Discovery of devices using the DNP3 protocol is now supported.
  • Operating System End of Life (EoL) information is now available for Oracle Linux.
  • Page break locations in the overview report have been improved.
  • Operating System End of Life (EoL) generation for Red Hat Enterprise Linux and CentOS Linux has been improved.
  • Assets with no known address are now labeled with “Unknown” for their address rather than “Unscanned”.
  • The bundled npcap driver has been updated to version 1.79.
  • An issue that could prevent last task details from correctly displaying on the Sites datatable has been resolved.
  • An issue that prevented the expansion of dropdown menu sub-menus using keyboard navigation has been resolved.
  • An issue that could result in certain OS fingerprinting data not being updated has been resolved.
  • An issue that could prevent creating new Azure Credentials via the Azure connector configuration page has been resolved.
  • An issue causing Tenable.io integration tasks to import vulnerability data even when no severity or risk levels were selected has been resolved.
  • Fingerprint improvements.

4.0.240124.0

2024-01-24

  • An issue that could result in hidden fields on the SNMP v3 Credentials form has been resolved.
  • Fingerprinting of Red Hat Enterprise Linux derivatives when limited data is available has been improved.
  • Additional fingerprint improvements.

4.0.240122.0

2024-01-22

  • The datagrid search bar has been improved to show recent queries and available queries from the query library.
  • Fingerprinting of Red Hat Enterprise Linux and derivatives from Tenable product data has been improved.

4.0.240119.0

2024-01-19

  • Fixed an issue that prevented the “Edit user permissions” modal from working correctly.
  • Fingerprint improvements.

4.0.240117.0

2024-01-17

  • Fixed an issue where custom integration task data could not be re-imported.
  • Fixed an issue where Nessus imports could fail due to Nessus response size.
  • Fingerprinting of Red Hat Enterprise Linux derivatives such as CentOS, Rocky Linux, and Oracle Linux has been improved.
  • Fingerprint improvements.
  • Accessibility improvements.

4.0.240112.0

2024-01-12

  • Site column has been added to all tasks lists in the task overview.
  • Fingerprint improvements.

4.0.240110.0

2024-01-10

  • The Nmap XML export now uses the minimum and maximum asset last_seen timestamps as the start and stop times.
  • An issue that could prevent stale services from being cleared from updated Assets has been resolved.
  • A resource leak that affects self-hosted customers with transparent huge pages (THP) enabled has been resolved.
  • Fingerprint improvements.

4.0.240109.0

2024-01-09

  • Tenable Security Center tasks now only retrieve records updated since the previous sync.
  • Fingerprint improvements.

4.0.240105.0

2024-01-05

  • A bug that prevented the API for creating passive sampling tasks from working as documented was fixed.
  • A bug that could cause inventory grids to disappear when using Firefox and resizing the window below a certain point has been resolved.
  • Improved error handling for Tenable, Tenable Security Center, and CrowdStrike integrations.
  • Fingerprint improvements.

4.0.240103.0

2024-01-03

  • Improved correlation for assets sourced from the Censys and Shodan integrations.
  • A bug that incorrectly logged certain task failures as ’explorer failed to queue task’ has been resolved.
  • Fingerprint improvements.

4.0.231222.1

2023-12-22

  • A bug that incorrectly set empty private IP ranges instead of default values has been resolved.
  • A bug that prevented stale Azure scale set attributes from being cleared has been resolved.

4.0.231222.0

2023-12-22

  • A bug causing duplicate line items in CSV exports of site configurations has been resolved.
  • Most modal interfaces in the UI can now be dismissed using the escape key.
  • MAC address assignment for certain HP servers with iLO devices has been improved.
  • Fingerprint improvements.

4.0.231220.0

2023-12-20

  • Custom Integration assets now support the inclusion of Service attribute data.
  • Improved correlation for Custom Integration assets.
  • Fixed a bug in the service inventory table which showed incorrect source icons.
  • Fingerprint improvements.

4.0.231218.0

2023-12-18

  • Fixed an issue with third-party services matching on existing runZero services.
  • Fingerprint improvements.

4.0.231215.0

2023-12-15

  • Improved correlation for Tenable sourced assets.
  • A bug that could cause a redirect loop when logging in if the user hasn’t agreed to the latest terms and MFA is required but not set has been resolved.
  • A bug preventing self-hosted customJS from running on all authorized pages has been resolved.
  • Fingerprint improvements.

4.0.231213.0

2023-12-13

  • The memory requirements for Explorers have been updated to bring them in line with documentation.
  • The CVEs column of the Queries datagrid has been made un-sortable.
  • A bug that could cause datagrid tables to become un-sortable if an overlay is shown has been resolved.
  • Fingerprint improvements.

4.0.231211.0

2023-12-11

  • Fingerprint improvements.

4.0.231208.0

2023-12-08

  • A bug that could cause the loading state on datagrids to be incorrect when interrupting a running search has been resolved.
  • Fingerprint improvements.

4.0.231207.0

2023-12-07

  • A bug which could cause tasks to get stuck in “stopping” status was fixed.
  • A bug that could prevent accurate goal progress for goals associated with vulnerability queries has been resolved.
  • Self-hosted customers can now load configuration items from multiple Secrets Manager keys by separating these with commas in the AWS_SECRET_ACCESS_KEY variable.
  • Accessibility improvements.
  • Fingerprint improvements.

4.0.231205.0

2023-12-05

  • A bug that could cause successful tasks to be marked as stale has been resolved.
  • A bug where SNMPv3 authentication was not correctly indicated on an asset has been resolved.
  • Fingerprint improvements.

4.0.231201.1

2023-12-01

  • A bug that could prevent scrollbars from being shown on Datagrids has been resolved.

4.0.231201.0

2023-12-01

  • A bug preventing the arm64 versions of FreeBSD, NetBSD, and OpenBSD Explorers and Scanners from being downloaded has been resolved.
  • The Datagrid page selector has been improved.
  • Datagrid columns can now be manually resized beyond the visible width of the grid.

4.0.231130.0

2023-11-30

  • Added support for discovering assets using the S7 protocol.
  • Passive detection of RDP authentication methods has been improved.
  • Action buttons in the inventory have been redesigned for a better user experience.
  • A bug that could cause inventory tables to display too many pages has been resolved.
  • A bug that could prevent import of Azure AD users and groups has been resolved.
  • Fingerprint improvements.

4.0.231128.0

2023-11-28

  • Improved explorer memory usage in some situations.
  • A bug preventing the appearance of the task failure reason column has been resolved.
  • A bug causing an inaccurate scan progress label has been resolved.
  • A bug where strings with multi-byte unicode characters were measured incorrectly by the Custom Integrations SDK has been resolved.
  • A bug that could cause an inaccurate asset changed count in the task summary view has been resolved.
  • Fingerprint improvements.

4.0.231122.0

2023-11-22

  • A bug that incorrectly omitted the OS EOL for some Linux variants has been fixed.
  • Improved detection of Fortinet devices.
  • Fingerprint improvements.

4.0.231121.0

2023-11-21

  • A bug that prevented editing a credential has been fixed.
  • The asset JSON export now includes extended ownership data under the ‘ownership’ field.
  • Improved fingerprinting of Cisco devices.
  • Fingerprint improvements.

4.0.231120.0

2023-11-20

  • A bug causing the Task Library datagrid to be unusable has been resolved.
  • A bug preventing some buttons from rendering properly has been resolved.
  • A bug preventing the use of the select-all button on some datagrids has been resolved.
  • The self-hosted platform now allows users to override the S3 region and endpoint.
  • Improved Cisco small business device fingerprints.
  • Fingerprint improvements.

4.0.231116.0

2023-11-16

  • The performance of the asset attribute report has been improved for third-party sources.
  • Datagrid column width will now persist when manually resized.
  • Datagrid column width and visibility can now be managed more granularly through two new dropdown menus on all datagrids.
  • Deleting an organization via the API now returns the proper “404” HTTP status code if the organization to be deleted does not exist.
  • Fingerprint improvements.

4.0.231115.0

2023-11-15

  • Detection of bulk responses from Fortinet network filtering products was improved.
  • A bug that prevented asset matching in certain rare cases involving virtual IP addresses or heavy IP reuse has been resolved.
  • A bug preventing the datagrid on the Monitor landing from displaying has been resolved.
  • A bug causing action buttons on the task datagrids to be visually cut off at the top has been resolved.
  • A bug preventing the SSO Group Mapping datagrid from loading has been resolved.
  • Fingerprint improvements.

4.0.231114.0

2023-11-14

  • A bug that could cause explorer binaries to be inadvertently deleted has been fixed.

4.0.231108.1

2023-11-08

  • The AzureAD integration now supports filtering inactive devices.
  • SSO group mapping rules that use a DN containing commas are now supported.
  • The runZero Explorer can clean up stale files in both the legacy Rumble and runZero install locations.

4.0.231108.0

2023-11-08

  • The platform now supports configurable private IP address ranges at the Account and Organization level.
  • Added detection of the ThinPrint protocol.
  • Added support for the legacy ident protocol.
  • Improved scanning of OpenVMS systems.
  • Improved OS fingerprinting of data from custom integrations.
  • Improved detection of embedded Linux devices.
  • A bug that could prevent best-effort parsing of inventory queries with warnings has been resolved.
  • A bug that prevented the rendering of the Asset and Service trend charts on the Dashboard has been resolved.
  • Fingerprint improvements.

4.0.231102.0

2023-11-02

  • A bug that could prevent tasks from processing for large customers has been resolved.

4.0.231101.0

2023-11-01

  • A bug that could result in excessive memory consumption when processing asset modification rules has been resolved.
  • The scanner now supports the IGEL thin client protocol.
  • Fingerprint improvements.

4.0.231031.2

2023-10-31

  • A bug that could prevent retrying http requests has been resolved.

4.0.231031.1

2023-10-31

  • Improved retry handling in third-party connectors.

4.0.231031.0

2023-10-31

  • A bug that could lead to a stall in CrowdStrike connections has been resolved.

4.0.231030.0

2023-10-30

  • The scanner and passive engine now supports the Kasa IoT protocol.
  • The scanner now reports the Shodan-compatible Murmur3 32-bit hash for favicon files.
  • A bug that could prevent users from setting per-organization permissions for the primary organization has been resolved.
  • A bug that could display invalid action buttons for External Users has been resolved.
  • A bug that could cause inactive users to be omitted from the External Users table has been resolved.
  • A bug that could cause the External Users table to omit group permissions from the Org Access summary has been resolved.
  • Performance improvements.
  • Fingerprint improvements.

4.0.231027.1

2023-10-27

  • Fixed an issue where Asset correlations were not being recorded for some existing assets.

4.0.231027.0

2023-10-27

  • Added API endpoints to allow setting asset criticality individually or in bulk.
  • Added support for updating asset criticality via CSV import.
  • A bug that could cause a user’s browser to appear to be stuck in a refresh loop on login has been resolved.
  • Improved correlation between Azure AD, Microsoft Intune, and Microsoft 365 Defender assets.
  • Improved time-based filtering when requesting data from the Tenable Security Center API.
  • Improved reliability of the CrowdStrike connector.
  • Improved reliability of the Microsoft Intune connector.
  • The asset details page has been updated with additional correlation information for attributes, including latest task details.
  • Added support for fingerprinting devices based on the SecuRemote protocol.
  • Improved probing of certain types of printers and print servers.
  • Fingerprint improvements.

4.0.231023.0

2023-10-23

  • A bug that could cause query-reported vulnerabilities to be improperly cleared has been resolved.
  • A bug that could result in invalid Tenable Security Center assets has been resolved.
  • Fingerprint improvements.

4.0.231019.0

2023-10-19

  • Improved Crowdstrike vulnerability request handling.
  • Fingerprint improvements.

4.0.231018.0

2023-10-18

  • Performance improvements.
  • Fingerprint improvements.

4.0.231017.1

2023-10-17

  • A bug that prevent the type keyword from being processed correctly in task search has been resolved.

4.0.231017.0

2023-10-17

  • A button for deleting a single credential from the credentials list was added to each row’s actions column.
  • Improved merge accuracy for externally scanned AWS assets reported by third-party sources.
  • Fingerprint improvements.

4.0.231013.0

2023-10-13

  • The asset inventory now shows the Site as the first column on the left.
  • Performance improvements.

4.0.231012.0

2023-10-12

  • Custom integrations now support the inclusion of vulnerability and software data.
  • Improved merge accuracy for attribute based matching and invalid TLS serial IDs.
  • Improved MAC vendor accuracy for AWS assets reported via CrowdStrike.
  • The attribute_count search term has been added to the asset inventory.
  • Events created by editing alert channels, rules or templates will now correctly trigger the corresponding alert rules.
  • A bug that could display an incorrect resource warning for explorers has been resolved.
  • Updated TLS fingerprinting for new Go versions.
  • Performance improvements.

4.0.231011.0

2023-10-11

  • A bug that could result in a random authorized organization being selected on login has been resolved.
  • Performance improvements.

4.0.231006.0

2023-10-06

  • A low severity security issue with unsafe request binding has been resolved.
  • A bug with mDNS processing that resulted in incorrectly merged assets has been resolved.
  • A bug requiring users to re-input the “Authentication passphrase” and “Privacy passphrase” fields when editing an SNMPv3 credential has been resolved.
  • Improved performance of third-party user and group imports.
  • Long values for asset-level and service-level attributes on the Asset Details page are now truncated for display.
  • The self-hosted platform now supports Amazon Linux 2.
  • The npcap driver has been updated to version 1.77.
  • Improved identification of devices using the Cisco Discovery Protocol.
  • Detection of MAC addresses for CradlePoint devices has been improved.
  • Fingerprint improvements.

4.0.231005.0

2023-10-05

  • A low severity security issue with mass assignment has been resolved.
  • A bug causing a “failed to parse query” error when sorting recurring tasks has been resolved.

4.0.231002.0

2023-10-02

  • Improved merge accuracy for externally scanned AWS assets reported by third-party sources.
  • Fingerprint improvements.

4.0.230928.0

2023-09-28

  • Improved detection of spurious and phantom services generated by some network devices during probing.
  • Fingerprint improvements.

Important security fix:

  • A SQL injection vulnerability was identified and fixed as part of our annual third-party security assessment.

4.0.230927.0

2023-09-27

  • Loading time performance on the Scan and Monitor landing pages has been improved.
  • Added support for asset detection using the OMRON FINS protocol.
  • A bug preventing the self-hosted console from correctly logging certain scan data download errors has been resolved.
  • Fingerprint improvements.

4.0.230925.0

2023-09-25

3.10.230921.0

2023-09-21

  • A bug which caused a continuous page refresh when logging in via SSO has been resolved.

3.10.230920.0

2023-09-20

  • A performance regression when processing third-party assets has been resolved.
  • Improved merging of assets with NetBIOS or SMB services.
  • The tasks CSV export now includes the template_name column.
  • The tasks JSON export and API responses now include the site_name, agent_name, and template_name columns.
  • Fingerprint improvements.

3.10.230918.0

2023-09-18

  • A bug that could prevent new SSO users from authenticating has been resolved.
  • Fingerprint improvements.

3.10.230917.1

2023-09-17

  • A bug that could prevent some Windows-based Explorers from connecting with the same ID has been resolved.
  • Fingerprint improvements.

3.10.230917.0

2023-09-17

  • A bug that could prevent the Explorer from reading the .env configuration file has been resolved.
  • A bug that could prevent Tenable Security Center syncs from completing has been resolved.
  • A bug that could lead to bogus assets appearing in scans through Fortigate proxies has been resolved.
  • A number of small parsing bugs in the protocol parsing engine have been resolved.
  • Passive traffic sampling tasks now set source:sample instead of source:passive for assets.
  • The self-hosted console now uses the “runZero” brand (and runzeroctl command) by default.
  • The self-hosted console now defaults to PostgreSQL 15 and provides an install option to select a version.
  • The Explorer now uses the “runZero” brand by default (and matching filesystem/registry locations).
  • Fingerprint improvements.

3.10.230913.0

2023-09-13

  • Added support for identifying scanners using the eSCL uscan protocol.
  • Custom Integrations now support the “exclude unknown” option.
  • Improved handling of API request retries for the Microsoft Intune integration.
  • Improved detection of spurious services when scanning certain firewalls.
  • The Tenable integration has been updated to reduce the possibility of asset and vulnerability export timeouts.
  • An issue that could result in login errors for invited users using Single Sign-On has been resolved.
  • Fingerprint improvements.

3.10.230911.0

2023-09-11

  • The Tenable integration has been updated to reduce the possibility of vulnerability export timeouts.
  • Fingerprint improvements.

3.10.230908.01

2023-09-08

  • Moved to a new versioning scheme for the Console and Explorers, <major>.<minor>.<yymmdd>.<revision>.
  • Added support for fingerprinting devices with the Voice Services Discovery Protocol (VSDP).
  • Improved fingerprinting of devices using Spotify Connect.
  • Improved detection of BACnet devices.
  • Additional Fingerprint improvements.

3.10.25

2023-09-05

  • A warning is now recorded for scan tasks if a host is ignored for responding on too many ports.
  • The Integrate page now shows active and suggested integrations for the current organization.
  • Fingerprint improvements.

3.10.24

2023-08-30

  • An issue that could result in an empty dashboard until a metrics recalculation was triggered has been resolved.
  • Fingerprint improvements.

3.10.23

2023-08-29

  • An issue that could result in stalled scans has been resolved.

3.10.22

2023-08-29

  • An issue that could result in an empty dashboard when selecting a single site has been resolved.

3.10.21

2023-08-29

  • Discovery of devices using the MODBUS/TCP protocol is now supported.
  • The maximum number of ownership types has been increased from 10 to 25.
  • A bug that could result in duplicate software entries for some sources has been resolved.
  • Improved fingerprinting of devices that provide UPnP information.
  • Additional Fingerprint improvements.

3.10.20

2023-08-25

  • A bug that prevented SNMPv3 credentials from being saved has been resolved.

3.10.19

2023-08-23

  • A bug that could result in an incorrect ts attribute for Azure AD, Google Workspace, and Microsoft Intune has been resolved.
  • Fingerprinting of assets based on Microsoft Intune and Microsoft 365 Defender data has been improved.
  • Discovery of assets via EtherNet/IP probing is now supported.
  • Fingerprint improvements.

3.10.18

2023-08-21

  • Event rules now support conditions for Explorer and task type, where relevant.
  • Recurring tasks now stop with an error if they use a task template that has been deleted.
  • A rotation date for stored credentials is now available through both console and API via a new secret_updated_at field.
  • CrowdStrike and Azure AD assets will no longer be merged if they have a different globally unique ID. This may lead to more offline assets being generated if devices are frequently reimaged and given new GUIDs.
  • A bug preventing some users from being able to manage their user’s group membership has been resolved.
  • A bug in the user permissions display interface has been resolved.
  • A bug that could cause foreign service attributes to be attributed to the wrong source has been resolved.
  • Fingerprint improvements.

3.10.17

2023-08-16

  • The scanner now supports the MQTT protocol.
  • The TCP SYN scanner is now friendlier to stateful firewalls in the network path.
  • Tasks in the stopping state are now included in the Processing section of the Tasks overview.
  • A bug where users logging in for the first time with SSO would not have access to any organizations from the SSO group mappings has been resolved.
  • A bug resulting in incorrect fingerprinting of assets based on AzureAD data has been resolved.
  • A bug that could prevent bogus services from certain firewalls from being completely filtered has been resolved.
  • Fingerprint improvements.

3.10.16

2023-08-14

  • A bug causing tasks in the process of stopping to be seen as dismissible has been resolved, so that only failed and completely stopped tasks can be dismissed.
  • A bug causing pending new tasks to be seen as editable has been resolved, so that only new tasks scheduled to start in the future can be modified.
  • A bug that prevented download commands from being displayed on the redesigned scanner page has been resolved.
  • A bug where existing assets were incorrectly fingerprinted after importing data from Microsoft 365 Defender has been been resolved.
  • A bug causing incorrect assertion of Microsoft Defender for Endpoint in edr.name has been resolved.
  • Error logging for the Shodan integration has been improved.
  • Fingerprint improvements.

3.10.15

2023-08-10

  • The Explorer and scanner download pages have been redesigned for improved UX and performance.
  • The Tenable integration has been updated to reduce the possibility of vulnerability export timeouts.
  • A bug that could cause scan templates to be hidden when configured with invalid permissions has been resolved.

3.10.14

2023-08-09

  • A bug that prevented the scan.explorer_id value from being populated in alert templates has been resolved.
  • A bug that prevented the “Find assets in this site” icon from working properly in some cases has been resolved.
  • A bug that could prevent queries containing mixed-case search terms from returning results has been resolved.
  • A bug that prevented some queries from correctly matching Intune assets has been resolved.
  • The scanner now supports a new syn-reset-sessions option that can be used to reduce session usage in middle boxes.
  • Fingerprint improvements.

3.10.13

2023-08-07

  • A security improvement has been added to clear password reset tokens after a password change or when link-based authentication is requested.
  • A bug that could prevent Intune assets from merging with other sources has been resolved.
  • A bug causing inconsistent navigation for Explorer configuration editing has been resolved.
  • Fingerprint improvements.

3.10.12

2023-08-03

  • A bug that could result in the wrong hostname being used in password reset links has been resolved.
  • A bug that could cause a memory leak in the Explorer between stopped tasks has been resolved.
  • A bug that resulted in the Nmap XML Export having a zero start time has been resolved.
  • Fingerprint improvements.

3.10.11

2023-07-31

  • A bug that could cause some long-running connection tasks to restart repeatedly has been resolved.
  • A bug that could result in invalid Shodan credentials still validating has been resolved.
  • A bug that could lead to improper stale service removal on rescan has been resolved.
  • A bug that could lead to orphaned tasks when an Explorer is removed has been resolved.
  • Fingerprint improvements.

3.10.10

2023-07-27

  • A bug causing the user details page to display permissions incorrectly has been resolved.
  • A bug causing project expiration to be miscalculated has been resolved.

3.10.9

2023-07-26

  • Task name and description can now be modified for tasks created via file imports.
  • Improved automatic asset filtering for certain web proxy assets.
  • Improved performance when deleting large organizations, projects, or sites.
  • The request timeout has been increased for the Microsoft Intune and Azure AD integrations.
  • Fingerprinting of SMB 1 endpoints has been improved.
  • A bug that could result in an unnecessary screenshot warning for connector tasks has been resolved.
  • Additional Fingerprint improvements.

3.10.8

2023-07-24

  • Exports of task data now include timestamps which differentiate time spent acquiring data from time spent processing data.
  • Task processing times are improved.
  • A bug causing app banners to not be visible has been resolved.
  • The api/v1.0/org/sites/{site_id}/import route now returns the proper 400 http status code error when the request body is empty instead of a status code 500.

3.10.7

2023-07-21

  • A bug that could prevent in-scope, unscanned addresses from being cleared on runZero assets has been resolved.
  • A bug causing the datepicker to close when navigating by year has been resolved.

3.10.6

2023-07-19

  • A bug that could prevent import of wireless networks has been resolved.

3.10.5

2023-07-19

  • The asset details screen now has pagination when viewing an asset with more than 30 services.
  • A bug that enabled SNMP credentials when modifying or copying existing scan tasks has been resolved.
  • Fingerprint improvements.

3.10.4

2023-07-18

  • A bug preventing columns from retaining their custom ordering has been resolved.
  • A bug that could limit the available information gathered from NFS servers has been fixed.
  • Fingerprint improvements.

3.10.3

2023-07-17

  • A bug that could cause tasks to be copied with an incorrect discovery scope has been resolved.

3.10.2

2023-07-17

  • On-screen text explaining the interaction between a user’s default organization role and the granted per-org role is clearer.
  • License-based size limits are now applied to file imports.
  • An issue that caused the asset details page to load very slowly has been resolved.
  • A bug that could result in duplicate service warnings has been resolved.
  • A bug that could result in orphaned tasks when removing an explorer has been resolved.
  • A bug which could leave SYN and LAYER2 probes in a perpetual error condition loop has been resolved.
  • A bug that prevented display of the user permissions table in the User Details screen has been resolved.
  • Fingerprint improvements.

3.10.1

2023-07-12

  • An update to the runZero Explorer now logs when the host operating system receives an interrupt or terminate signal, such as when the OS reboots.
  • An update for improved asset matching for tasks importing both scan and third-party data sources has been added.
  • Fingerprint improvements.

3.10.0

2023-07-10

  • An integrations page has been added to improve visibility and simplify configuration.
  • A bug that showed a discrepancy in organization project status date on tooltip hover has been resolved.
  • Fingerprint improvements.

3.9.10

2023-07-06

  • A bug that could cause the MDNS probe to panic in limited scenarios has been resolved.

3.9.9

2023-07-06

  • An issue that could result in the old Explorer details pages being shown has been resolved.
  • A bug preventing Microsoft 365 Defender OAuth Client Credential tokens from accessing Azure government environments has been resolved.
  • A bug that could result in invalid Last Seen values for Rapid7 assets has been resolved.
  • A bug that could lead to stale service entries has been resolved.
  • A bug causing some goals to return an error has been resolved.
  • Fingerprint improvements.

3.9.8

2023-07-05

  • Fingerprint improvements.

3.9.7

2023-07-03

  • Assets with hostnames starting with a numeric prefix are now allowed to merge.
  • Inventory searches using keyword organization properly warn that it cannot be used unless either that specific organization, or the All Organizations option, are chosen from the drop-down in the upper right of the console.
  • An issue that could prevent alert rule actions from modifying asset ownership based on software, service, or vulnerability query results is resolved.
  • An issue where dynamic content did not have the header Cache-Control: no-store has been resolved.
  • Fingerprint improvements.

3.9.6

2023-06-28

  • Improved detection of various printer models.
  • The Explorer Details page has been redesigned.
  • Additional bugfixes and performance improvements.
  • Fingerprint improvements.

3.9.5

2023-06-27

  • Improved database performance for asset, site, and organization delete operations.
  • Improved database performance for outlier and vulnerability processing.
  • Improved database performance for concurrent integration processing.
  • Additional MAC address detection through SSDP and UPnP services.
  • Fingerprint improvements.

3.9.4

2023-06-26

  • Improved operating system and hardware fingerprinting of Palo Alto Networks devices.
  • Trial accounts can now create Custom Integrations.
  • Discovery of SSDP services has been improved.
  • A bug has been fixed that could cause scans to be dropped with “explorer failed to queue task” when the Explorer was already handling the configured maximum number of simultaneous scans.
  • Fingerprint improvements.

3.9.3

2023-06-22

  • A bug causing the task start time to be shown for the scan start time has been resolved.
  • A bug that could prevent the creation of new goals has been resolved.
  • A bug that could prevent those with the ‘annotator’ role from viewing or modifying Asset Ownership has been resolved.
  • Fingerprint improvements.

3.9.2

2023-06-20

  • Improved handling of email send errors.
  • Improved import of assets from Azure Active Directory.
  • Asset correlation has been improved for switches with overlapping MAC addresses.
  • Improved detection of AIX systems.
  • Reduced OS fingerprinting false positives against assets with non-Microsoft SMB stacks.
  • An issue that could prevent navigation to the Account settings page has been resolved.
  • A bug causing JavaScript errors to be thrown when adding or editing Google Workspace connector tasks has been resolved.
  • A bug with thumbprint validation for the LDAP integration has been resolved and the related error messages have been improved.
  • A bug where the link to help for query syntax led to a missing page has been resolved.
  • A bug preventing the Explorer interface and addresses from being populated has been addressed.
  • Fingerprint improvements.

3.9.1

2023-06-14

  • Improved handling of login tokens.

3.9.0

2023-06-13

  • runZero goals is now generally available. With runZero goals, users are able to create and monitor progress toward achieving security initiatives.
  • Improved the goal progress chart display to work in various browser sizes.
  • Goals now shows a pending calculation banner when goal metrics have not been calculated yet.
  • Added source_count and custom_integration_count as searchable fields.
  • Saved queries can now be created for tasks.
  • The search keyword recur_last_task_status is now supported on the task pages.
  • Improved the display of dashboard charts so that no partial rows, other than the last row, are visible to the user regardless of the number of charts displayed.
  • Improved fingerprinting of Fortinet device firmware.
  • Optimized database utilization and improved performance.
  • A bug causing Cisco 8xx Industrial Routers as well as Catalyst 94xx/95xx switches to be incorrectly merged has been fixed.
  • A bug where the autocomplete drop down would not always appear on top of other elements has been resolved.
  • A bug where integration sources in dashboard views are displayed as IDs instead of names has been resolved.
  • Fingerprint improvements.

3.8.14

2023-06-06

  • Improved protocol feature extraction for a variety of protocols.
  • A bug where data grid search text would propagate to other data grids has been resolved.
  • A bug causing some text inputs to display an autocomplete user experience when it was not intended was resolved.
  • Fingerprint improvements.

3.8.13

2023-05-31

  • Non-runZero asset sources can now be removed from assets via the asset details or asset inventory pages.
  • Equivalent emails are now accepted for email updates.
  • Dashboard cards for Asset Source and Custom Integrations should now correctly show only the top 10 counts for each, with a “View more” link added.
  • A bug that could allow merging AWS, Azure, and GCP assets has been resolved.
  • A bug which omitted some SNMPv3 scan attributes has been resolved.
  • A bug which caused some project creations to return a 404 error page has been resolved.
  • A bug causing incorrect HTTP response codes for the /org/metrics/{site_id} API endpoint has been resolved.
  • A bug which cleared the organizations table screen when sorted has been resolved.
  • A bug preventing vulnerabilities from sorting correctly on CVSS columns has been resolved.
  • A bug where scan tasks on hosted zones couldn’t be stopped has been resolved.
  • Fingerprint improvements.

3.8.12

2023-05-24

  • A warning is now displayed if a Query is not attached to a Goal.
  • Users with “Viewer” permission can now see and use the “Sites” page.
  • Improved the normalization of certain service attributes.
  • A bug preventing vulnerabilities from sorting correctly on CVSS columns has been resolved.
  • Fingerprint improvements.

3.8.11

2023-05-22

  • A bug that could result in excessive memory usage has been resolved.

3.8.10

2023-05-22

  • Improved SentinelOne matching to improve asset merging.
  • AWS credential validation now always shows the results for each service.
  • A bug that resulted in certain models of Cisco routers being incorrectly merged has been resolved.
  • A bug in which AWS probes fail when run outside of an AWS EC2 environment has been resolved.
  • A bug which prevented IPv6 UDP SYN scans from working on FreeBSD and OpenBSD systems has been addressed.
  • A bug where autocomplete suggestions would not update consistently has been resolved.
  • A bug causing the “download task button” to show for tasks without a log has been resolved.
  • Fingerprint improvements.

3.8.9

2023-05-19

  • A bug that could cause the SNMP probe to panic in rare scenarios has been resolved.

3.8.8

2023-05-19

  • Improved reliability of scans so they should stall less frequently.
  • A bug that could cause the SNMP probe to stall scans in rare scenarios has been resolved.

3.8.7

2023-05-19

  • The activation email should display properly in a broader range of email clients.
  • A bug that caused scans to take longer than expected or stall in rare scenarios has been resolved.

3.8.6

2023-05-18

  • A bug that could prevent the organization drop down from being clickable has been resolved.

3.8.5

2023-05-17

  • A bug that could prevent the rpcbind probe from completing successfully was resolved.

3.8.4

2023-05-17

  • A bug with copying some connector tasks has been resolved.
  • A bug causing some connectors to be labeled as scans has been resolved.
  • Improved operating system fingerprinting via SNMP Installed Software listing.
  • The status indicator in the explorer datagrid now has text describing the status.
  • Fingerprint improvements.

3.8.3

2023-05-15

  • External Asset Report Include screenshots toggle now requires that Include asset details is checked.
  • External Asset Report now hides the Top certificate authorities section if Include TLS certificate details is not checked.
  • A bug causing the API /org/hosted-zones endpoint to return an empty list of hosted zones has been resolved.
  • A bug that could result in an invalid asset ownership assignment has been resolved.
  • Improved fingerprinting of Brother scanners.

3.8.2

2023-05-12

  • Outlier calculations have been adjusted for performance and now include the TLS stack.
  • Event rules that result in asset modifications now complete faster.
  • The npcap driver has been updated to version 1.75.
  • Added support for legacy Internet time-distribution and traffic testing protocols.
  • A bug that could prevent a RUMBLE_CONSOLE override from working in the Explorer configuration has been resolved.
  • A bug that prevented sites with more than 1000 subnets from being saved has been resolved.
  • A bug that could result in odd dashboard chart behavior has been resolved.
  • A bug that required self-hosted users to configure SMTP before setting up their initial account has been resolved.
  • A bug that caused some scan task errors to be displayed twice has been resolved.
  • Fingerprint improvements.

3.8.1

2023-05-11

  • Improved the ability to fingerprint devices using DLNA.
  • Improved device type identification of Windows Server assets.
  • A bug that could prevent bogus services from certain firewalls from being completely filtered has been resolved.
  • A bug where Asset queries for exact strings was performing a fuzzy search has been fixed.
  • A bug that could cause malformed auto-populated LDAP thumbprints for LDAP credentials has been resolved.
  • A bug that prevented credential validation errors from displaying after verification in the console has been resolved.
  • A bug where searching via clicking on a tag would not return the correct results has been resolved.
  • A bug where multiple subtasks were incorrectly created for the same parent task has been resolved.
  • A bug where filters were not retained when importing a Nessus scan configuration has been resolved.
  • A bug that prevented copying of some connector tasks has been resolved.
  • A bug with linking to the update page on some connector tasks has been resolved.
  • Fingerprint improvements.

3.8.0

2023-05-09

  • Risk and criticality levels can now be assigned to assets through third-party integrations, the asset inventory, and custom rules.
  • runZero Preview Program: Goal tracking helps users with Professional and Enterprise licenses track progress toward completing their security initiatives. Use built-in goals for asset ownership coverage or system queries, or create goals with custom queries to fit your needs.
  • runZero system and custom queries can now be used to create vulnerability records.
  • Passwordless authentication is now available, allowing users to request one-time authentication links via email rather than storing a password. This provides a secure authentication alternative when SSO cannot be configured.
  • Added support for Azure and Intune GCC, GCC High, and DoD environments.
  • Improved compatibility with WireGuard and Tailscale on macOS and *BSD.
  • Added support for searching software attributes.
  • Alert channels now support more than one email address.
  • Asset limit warnings have been updated to be more clear about whether or not scans will be affected.
  • Assets will now be merged based on hostname if no other match method succeeds, as long as the hostname is from a trusted source — currently mDNS, NTLM or NetBIOS.
  • A bug preventing explorer reassigned to a previous organization and picking up assigned tasks has been resolved.
  • A bug causing software search links to navigate to a 404 page has been resolved.
  • A bug causing task-failed events to ignore the site restriction has been resolved.
  • A bug causing the hostname override tag to not update the hostname displayed has been resolved.
  • A bug that prevented clearing Insights from the dashboard has been resolved.
  • A bug where the copy scan button was cut off in the recurring tasks tab has been resolved.

3.7.11

2023-05-03

  • A bug that could result in a panic while performing a scan has been resolved.
  • A bug that could prevent the API from creating valid scan tasks has been resolved.
  • A bug that negatively impacted fingerprinting via TLS certificates has been resolved.
  • A bug preventing TLS negotiation in some cases has been resolved.

3.7.10

2023-05-02

  • A bug that was triggered when submitting Azure credentials for verification with a subscription ID has been resolved.

3.7.9

2023-05-02

  • Credential verification is now allowed only after all required fields have been completed.
  • A bug that could cause deadlocks in the TCP LDAP probe and Active Directory integration has been resolved.
  • A bug that caused an infinite redirect when clicking on site breadcrumbs has been resolved.
  • A bug causing recurring tasks to be incorrectly sorted by start time on the tasks page has been resolved.
  • A bug allowing “Verify & save” on the credentials update page to error has been resolved.
  • A bug where Dell laptops were identified as desktops or servers has been resolved.
  • A bug preventing TLS negotiation in some cases has been resolved.
  • A bug that caused imported queries to be parsed improperly has been resolved.

3.7.8

2023-04-26

  • A bug with the default webhook Slack alert template has been resolved.
  • Improved error message when attempting to delete a scan template twice.
  • Improved fingerprinting of Brother scanners.
  • Fingerprint improvements.

3.7.7

2023-04-24

  • A recent update in Explorer and Scanner behavior which could inadvertently trigger CrowdStrike EDR detection has been disabled.

3.7.6

2023-04-24

  • Grace period for tasks can now be configured from the task template page.
  • Improved asset correlation for multi-source assets.
  • A bug regarding Intune rate limiting and intermittent failures has been resolved.
  • A bug where certain tasks could not be edited has been resolved.
  • A bug regarding erroneously returned results from unscanned runZero assets when searching the asset inventory has been resolved.
  • A bug marking assets “unscanned” has been resolved.
  • Fingerprint improvements.

3.7.5

2023-04-20

  • A bug that resulted in a 500 error when running the asset attribute report has been resolved.
  • Miscellaneous bug fixes.

3.7.4

2023-04-19

  • Public API endpoints to view hosted zones have been added.
  • The API endpoints for managing scan tasks now accept an argument to select a hosted zone.
  • Third-party vulnerability integrations now support a more granular risk filter.
  • Validation for stored queries has been improved to prevent saving queries with warnings or errors.
  • A bug that could prevent custom integration results from merging into existing assets has been resolved.
  • Fingerprint improvements.

3.7.3

2023-04-17

  • Excerpts of task log messages are now available on the task details page for tasks that are in error status.
  • The display of datagrid warning and error messages has been improved.
  • A bug that could cause the save button on the credential edit form to be disabled has been resolved.
  • Fingerprint improvements.

3.7.2

2023-04-13

  • Improved asset processing when FortiGuard endpoints with “Policy Override Authentication” enabled are present.
  • Self-hosted installs now support an option to disable TLS validation between Explorers and the console application.
  • A bug where clicking links on the Query page of a self-hosted instance may return a 500 has been resolved.
  • A bug where clicking links in the Tasks column of the Credentials page would result in an error has been resolved.
  • A bug where paginated results could display Viewing 0 - N for the first page has been resolved to now display Viewing 1 - N.

3.7.1

2023-04-12

  • Third-party integrations now support more granular vulnerability filters.
  • HTTP security headers can now be disabled in self-hosted mode.
  • Crowdstrike will now use Connection IP and Connection MAC for asset matching.
  • The max-repetitions and disable-bulk parameters have been added to SNMP probes.
  • Task failures are now reported in the Task details pane.
  • All queries, including runZero-provided system queries, can now be copied.
  • The configuration for runZero-provided system queries can be modified.
  • A bug that could result in duplicate offline assets has been resolved.
  • A bug that prevented CSV exports of assets when using free text search has been resolved.
  • A bug where the number of hops could be incorrectly set to zero when ARP is present as a service has been resolved.
  • A bug that prevented searching assets using the task search key has been resolved.

3.7.0

2023-04-10

  • Customers with an enterprise license can now create custom integrations and import assets from any external asset data source using the runZero Python SDK.
  • Improved performance and reliability of metrics calculations.
  • Improved performance of the vulnerabilities inventory.
  • AWS permission errors are now more detailed to make troubleshooting easier.
  • A bug where the asset ownership tag was not able to be changed successfully has been resolved.
  • A bug where email addresses were case sensitive on sign in has been resolved.
  • A bug where the “Create Organization” button appeared disabled but was still clickable has been resolved.
  • A bug preventing the Asset Ownership goals toggle from being clickable has been resolved.
  • Upgraded npcap to version 1.73
  • Fingerprint improvements.

3.6.19

2023-04-05

  • Improved performance of the organization details page.
  • A bug preventing asset owners from being updated has been resolved.
  • A bug that could result in inaccurate vulnerability counts for assets has been resolved.
  • A bug that could prevent a subset of vulnerabilities from being saved for multi-source assets has been resolved.
  • A bug that caused errors for Crowdstrike integrations with large amounts of applications has been resolved.
  • Fingerprint improvements.

3.6.18

2023-04-03

  • Addresses bug where recurring tasks that are “Removed” were still showed in the tasks page after the associated site is deleted.
  • Accessibility improvements.
  • Client-side timezone updates.
  • Fingerprint improvements.

3.6.17

2023-04-02

  • API requests to apply tags to one or more assets now complete much faster.
  • The scanner now supports the Steam In-Home Streaming discovery protocol.
  • Attribute reports now group unique values within a single key.
  • The View More link is now accessible for in-progress tasks.
  • Asset owner names now suggest auto-complete options.
  • A bug that could lead to the self-hosted installer not removing temporary files has been resolved.
  • A bug that led to slow SNMP scans of specific Cisco switches has been resolved.
  • Fingerprint improvements.

3.6.16

2023-03-29

  • A bug that prevented access to runZero canned Queries has been resolved.

3.6.15

2023-03-29

Important security fix:

  • A bug that could show cross-tenant Queries and their associated author email addresses was resolved. This issue only applied to the cloud-hosted version of the runZero platform. The affected build was live for slightly more than two hours. Any customers affected by this issue will receive a detailed notice to the email addresses associated with their superuser accounts.

3.6.14

2023-03-29

  • A bug that could prevent updating assets with a large number of vulnerabilities has been resolved.
  • Fingerprint improvements.

3.6.13

2023-03-29

  • Improved reliability of the Tenable integration.
  • A bug that could prevent analysis queries from running for directory users and groups has been resolved* A bug that prevented match counts from being displayed on the queries page has been resolved.
  • Saved queries can now be created for software, vulnerabilities, and screenshots.
  • Fingerprint improvements.

3.6.12

2023-03-28

  • The maximum time to complete an SNMP walk is now configurable.
  • The default maximum time to complete an SNMP walk has been increased to 5 minutes from 1 minute.
  • The maximum results for an SNMP walk have been increased to 8k from 4k.
  • Assets owned by a runZero user will now be displayed on the user details page.
  • A bug which could result in runZero attributes being removed from Offline assets has been resolved.
  • A bug that could prevent subnet stats from being exported has been resolved.
  • The API response for a PUT request to /org/sites now returns the details of the new site.
  • The Reason column in the failed tasks table will now properly persist the hidden state between page loads.
  • Fingerprint improvements.

Note: The upgrade process may take up to an hour for large self-hosted deployments.

3.6.11

2023-03-27

  • A bug that could lead to inaccurate asset correlation has been resolved.

3.6.10

2023-03-27

  • A bug that could prevent validation of hostname scan targets has been resolved.
  • Cisco virtual MAC addresses are now handled more consistently.
  • Increased timeouts for the Tenable integration.
  • Improved reliability of CrowdStrike credentials verification.
  • Datagrids across the UI no longer use the incorrect theme.
  • Task WLAN listing functionality has been improved to enforce a timeout if the underlying utility is slow or unresponsive.
  • Fingerprint improvements.

3.6.9

2023-03-26

  • Fingerprint improvements.

3.6.8

2023-03-23

  • Vulnerability inventory now includes an Exploit status, indicating whether the vulnerability is known exploitable. The Exploit status will only be populated for vulnerabilities imported after this release.
  • A bug that could prevent the dashboard from loading successfully has been resolved.
  • A bug that caused misaligned values when exporting assets to CSV has been resolved.
  • A bug that could cause assets to incorrectly merge has been resolved.
  • Organizations with Parents set prior to 3.6 have had their Parents reset.
  • TLS stack fingerprinting has been improved.
  • Fingerprint improvements.

3.6.7

2023-03-22

  • A bug that could prevent asset modifications triggered by alert rules has been resolved.

3.6.6

2023-03-22

  • Alert rules now support software and vulnerability queries.
  • Asset ownership now supports references to runZero users and groups.

3.6.5

2023-03-22

Important security fix:

  • A bug that could allow an organization admin to see the names of other organizations in the tenant, even without explicit access, has been resolved.

In addition to the security improvement above, this release includes:

  • Asset queries can now surface overlaps in asset names, IP addresses, and MAC addresses across inventory.
  • Behavior around parent/child organizations has been improved.
  • A change to Chrome which caused web screenshots to fail has been addressed.
  • Fingerprint improvements.

3.6.4

2023-03-21

Important security fix:

  • A bug that could expose limited information about an organization to cross-tenant users has been resolved. This issue could have allowed an attacker that guessed the v4 UUID of an organization to view the name, description, and top-level statistics (asset count, service count, task count, etc.) without appropriate authorization. This issue was first present in version 3.6.0.

3.6.3

2023-03-20

  • Attribute searches and reports are now faster in large organizations.
  • It is now possible to download the task log for a failed scan.
  • Hosted scans no longer ignore responses from common firewalls.
  • Daily asset expiration now records an assets-expired event with the count.
  • The task-failed event now includes information about the associated Explorer.
  • Scans can now configure specific probes for Subnet and Host pings.
  • Validation warnings for internal IPs when using LDAP and InsightVM integrations has been improved.
  • Filtering of non-unique MAC addresses has been improved to better support Cisco virtual MAC addresses.
  • Fingerprint improvements.

3.6.2

2023-03-16

  • A bug that caused misaligned values when exporting assets to CSV has been resolved.
  • A bug that could cause the SSO page to render off screen has been resolved.
  • Enterprise customers can now scan all ports and up to a /8 at a time using the hosted scan engines.
  • The AWS integration now supports the GovCloud partition for assumed roles.
  • Fingerprint improvements.

3.6.1

2023-03-15

  • Improved quality of errors reported by the CLI Scanner.
  • Improved user experience of user management.
  • Improved user experience of organization management.
  • A race condition that could occur during self-hosted installation has been resolved.
  • A bug that could prevent some CrowdStrike software from importing successfully has been resolved.
  • Packets sent/received are now visible from the tasks preview.
  • A bug that could cause the Tenable connector to fail intermittently for some customers has been resolved.
  • A bug that could cause task details not to render on the task overview screen has been resolved.
  • A bug that could prevent organization administrators from creating new projects has been resolved.
  • Fingerprint improvements.

3.6.0

2023-03-13

This release is a roll-up of the 3.5.x updates in addition to the following changes.

  • Organizational hierarchies are available allowing for permissions to be inherited by child organizations based on an established parent.
  • Generation of operating system CPEs has been significantly improved.
  • Fingerprinting of operating systems imported from the Active Directory and VMware integrations have been significantly improved.
  • Asset rescanning now provides the option of including/excluding extra addresses in the scan.
  • License warnings can now be hidden by user role.
  • Credentials no longer require thumbprints to be provided.
  • Asset ownership detection for the Active Directory integration has been improved.
  • A bug that could cause paused tasks to fail when unpaused has been resolved.
  • A bug that could cause large Qualys imports to fail has been resolved.
  • A bug that could cause incorrect credential values to show on the credential edit screen has been resolved.
  • Fingerprint improvements.

3.5.10

2023-03-10

  • A bug that could cause a browser crash in the latest release of Chromium-based browsers on MacOS has been circumvented.

3.5.9

2023-03-08

  • A bug that could cause CrowdStrike tasks to fail when missing software permissions has been resolved.
  • A bug that could prevent bogus services from certain firewalls from being completely filtered has been resolved.
  • Accessibility improvements.
  • Fingerprint improvements.

3.5.8

2023-03-07

  • Services, Screenshots, and Software inventory pages now include associated site subnet tags.
  • IP addresses reported by CrowdStrike are now considered primary addresses, and will be used for asset correlation.
  • CrowdStrike credential verification is now separated by service.
  • A bug that could prevent the creation of CrowdStrike assets with software entries containing Unicode escape sequences has been resolved.
  • A bug which prevented Chrome on Android users from navigating and submitting the activation form has been resolved.

3.5.7

2023-03-06

  • The CrowdStrike connector can now import software data through Falcon Discover.
  • Improved error validation for email addresses when setting up an email alert channel.
  • A bug where firewalls and similar devices responding to many non-asset IP addresses during scanning would lead to unexpected assets in the inventory has been resolved.
  • A bug preventing the active scans dashboard widget from navigating to the associated task has been resolved.
  • A bug preventing site subnet tags from appearing in the dashboard Asset tags widget has been resolved.
  • Fingerprint improvements.

3.5.6

2023-03-01

  • A bug that could prevent the VMWare connector task page from loading has been resolved.
  • A bug that could cause duplicate MSDefender attributes on an asset has been resolved.
  • Fingerprint improvements.

3.5.5

2023-02-28

  • Stability and performance of VMware asset correlation has been improved.
  • VMware assets are now merged across sites.
  • SNMP protocol versions are now tracked at the asset level.
  • SNMP services will now keep track of how they authenticated and which protocols were used.
  • The Microsoft Intune integration has been improved to better handle Intune API rate limiting.
  • Hostname extraction from malformed subjectAlternativeNames on TLS certificates has been improved.
  • Site scopes with subnets ending in /32 (for IPv4) and /128 (for IPv6) are no longer parsed to single IPs and will appear as CIDR entries in the subnets list.
  • A bug that could prevent the creation of VMware assets has been resolved.
  • Accessibility improvements.
  • Fingerprint improvements.

3.5.4

2023-02-22

  • A bug that could cause inaccurate asset counts in the Organization Overview report has been resolved.
  • A bug that could cause site imports to fail when missing optional fields has been resolved.
  • Fingerprint improvements.

3.5.3

2023-02-21

  • A new canned query for OpenSSH 9.1 servers which contain a memory double-free vulnerability has been added.
  • Performance of the Microsoft Active Directory (LDAP), Azure AD, and Google Workspace integrations has been improved.
  • IP addresses reported by Tenable are now considered primary IP addresses, consistent with the Rapid7 and Qualys integrations.
  • A bug causing the dashboard asset trends graph tooltips to appear away from the graph has been resolved.
  • A bug causing task page inspection cards to automatically collapse has been resolved.
  • A bug that could result in a buildup of frequently recurring tasks has been resolved.
  • A bug that could cause extremely large tasks to remain queued for processing indefinitely has been resolved.
  • A bug that could prevent export of service attribute reports has been resolved.
  • A bug preventing license requirement indicators from being visible on some pages has been resolved.
  • A bug preventing saving credentials due to bad org-access settings has been resolved.
  • A bug preventing recalculation of the next scheduled run time for a scan has been resolved.
  • Fingerprint improvements.

3.5.2

2023-02-14

  • The scanner now supports identifying RDP authentication methods, including legacy and NLA, supported by target hosts.
  • The scanner now supports the ability to decode ISAKMP/IKEv2 replies.
  • A bug that prevented OS fingerprinting and information extraction over RDP has been resolved.
  • A bug preventing users from copying or editing connector and analysis tasks has been resolved.
  • A bug causing new recurring tasks to display an incorrect first run date has been resolved.
  • Several minor bug fixes and UX improvements have been made to the redesigned task page.
  • Several minor bug fixes have been made to the redesigned task library page.

3.5.1

2023-02-13

  • A bug that could prevent automatic metric calculations from completing has been resolved.
  • A bug that could prevent stale assets from being automatically removed on subsequent task runs has been resolved.
  • Several minor bug fixes and UX improvements have been made to the redesigned task page.

3.5.0

2023-02-13

This release is a roll-up of the 3.4.x updates in addition to the following changes.

  • The Asset Ownership feature allows you to manage asset owners across your asset inventory.
  • The task page has been redesigned for improved user experience.
  • A new canned query for VMware ESXi servers that could be targets of the ongoing ESXiArgs ransomware campaign has been added.
  • The scanner now parses running processes and services from checkmk.
  • Stability and performance of third-party asset correlation has been improved.
  • Fingerprint improvements.

3.4.23

2023-02-07

  • A new canned query for Lexmark printers which may be vulnerable to CVE-2023-23560 has been added.
  • The Qualys integration has been improved to better handle Qualys API rate limiting.
  • Dashboard performance has been improved.
  • The Service attributes report performance has been improved.
  • A bug that could cause early removal of Tenable assets has been resolved.
  • A bug that could cause attribute reports to export incorrect data has been resolved.
  • A bug that may prevent the mDNS probe from completing has been resolved.
  • The scanner now supports the CoAP protocol over UDP.
  • The scanner interface selection logic has been improved.
  • Fingerprint improvements.

3.4.22

2023-02-01

  • The scanner now supports the Minecraft Bedrock protocol.
  • Public API endpoints to export directory users and groups have been added.
  • The Last checkin column on the Registered Explorers table has been renamed to Online status.
  • Task details pages now include a Created by column.
  • A bug that would allow you to save an invalid URL in credential forms has been resolved.
  • A bug that could prevent creation of new self-hosted clients has been resolved.
  • A bug that could result in a 500 error on the dashboard when selecting a site with no existing metrics has been resolved.
  • Fingerprint improvements.

3.4.21

2023-01-27

  • The consistency of matching based on asset attributes has been improved.
  • The ability to capture Telnet banners has been improved.
  • A bug that could prevent updating payment information has been resolved.
  • A bug that could prevent searching for tasks associated with deleted sites has been resolved.
  • A bug that reported an incorrect match.probe for Qualys assets has been resolved.
  • Fingerprint improvements.

3.4.20

2023-01-25

  • Dashboard performance has been improved.
  • The Qualys integration has been improved to better handle Qualys API rate limiting.
  • A new canned query for surfacing cloud compute assets with GPU hardware has been added.
  • The scanner now supports the NDMP protocol.
  • A bug that could display an incorrect value for Explorer architecture in the console has been resolved.
  • Fingerprint improvements.

3.4.19

2023-01-18

  • A bug that could cause the asset CSV export to fail for some users has been resolved.

3.4.18

2023-01-18

  • runZero Preview Program: the Asset Ownership feature lets you manage asset owners across your asset inventory.
  • The scanner now supports the Munin protocol.
  • Fingerprint improvements.

3.4.17

2023-01-17

  • A bug that could intermittently prevent scan completion when scanning IPv6 endpoints with the mDNS probe enabled has been resolved.

3.4.16

2023-01-11

  • Queries now include an option to limit results to only live assets.
  • A bug that prevented highlighting outlier attributes on the asset details page has been resolved.
  • Fingerprint improvements.

3.4.15

2023-01-10

  • The InsightVM connector now supports longer timeouts for large sites and slower consoles.
  • The CrowdStrike connector now avoids asset duplication when processing large datasets.
  • The CrowdStrike connector now handles larger datasets with lower resource usage.
  • Asset matching based on attributes is more consistent across lossy networks.
  • Excluded scan targets are now no longer matched or marked as offline.
  • Site imports now automatically trim trailing whitespace from CIDRs.
  • The scanner now supports the MySQL X protocol.
  • Fingerprint improvements.

3.4.14

2023-01-09

  • A bug that could lead to duplicate assets from CrowdStrike has been resolved.

3.4.13

2023-01-07

  • A bug that could prevent very large CrowdStrike syncs from completing has been resolved.

3.4.12

2023-01-05

  • A bug that could prevent the creation of new offline assets has been resolved.
  • A bug that could cause large InsightVM imports to fail has been resolved.
  • A bug that could cause paused tasks to fail when unpaused has been resolved.

3.4.11

2023-01-05

  • Credentials can now be edited after being saved.
  • Credentials can now be verified against services to provide visibility into upstream configuration issues.
  • The Subnet utilization report is now more performant, includes subnets by site, and includes assets outside the scope of a defined site subnet.
  • Asset inventory searches with the mac keyword has been improved to support the Cisco MAC address format and additional delimiter characters.
  • Filtering of non-unique MAC addresses has been improved, including improvements for Fortinet virtual adapters, Juniper switches, and Project Calico virtual interfaces.
  • A bug that could cause CrowdStrike vulnerability imports to fail due to session expiration has been resolved.
  • A bug that could cause assets to be duplicated has been resolved.
  • A bug that could cause RDNS results to mark assets as online has been resolved.
  • Added support for L2TP, Dahua DHIP, KXNnet, Webmin, and Playstation UDP protocols.
  • Fingerprint improvements.

3.4.10

2022-12-23

  • Fingerprint improvements.

3.4.9

2022-12-22

  • A bug that could cause the CrowdStrike connector to fail when missing Spotlight permissions has been resolved.
  • Fingerprint improvements.

3.4.8

2022-12-21

  • A bug that could prevent manually merging some assets has been resolved.
  • A bug that could cause incorrect project expiration information has been resolved.
  • Improved fingerprinting of Huawei, Hikvision, Fortinet, and WatchGuard devices over SNMP.
  • Fingerprint improvements.

3.4.7

2022-12-19

  • Service exports now include a service_id field.
  • A bug that could cause an excess of temporary files in self-hosted installations has been resolved.
  • A bug that could prevent asset attribute imports from reporting all results has been resolved.
  • Fingerprint improvements.

3.4.6

2022-12-19

  • The dashboard now loads faster for customers with many sites and subnets.

3.4.5

2022-12-18

  • New scans and recurring scans can now be saved even when the current license has been exceeded.
  • Confirmation dialogs for removal actions are now more consistent across the product interface.
  • Modifications to recurring scans with a past start date will no longer immediately launch a task.
  • A bug that prevented the latest Windows Explorers from embedding npcap has been resolved.
  • Fingerprint improvements.

3.4.4

2022-12-16

  • Self-hosted installations of runZero now support inclusion of custom JavaScript in UI web pages.
  • Amazon Web Service account IDs are now visible in a new per-asset attribute.
  • Support for importing Nessus files without vulnerability details has been improved.
  • The organization and client switching dropdown menus can now be filtered if there are more than 5 organizations or clients.
  • A bug causing the scan setup page to scroll to the right during the product tour has been resolved.
  • A bug where integrations using the Microsoft Graph API may have their token expire between paged responses has been resolved.
  • Improved mDNS service discovery.
  • Fingerprint improvements.

3.4.3

2022-12-14

  • A bug that could lead to asset duplication when importing from Tenable, InsightVM, and Qualys has been resolved.
  • Fingerprint improvements.

3.4.2

2022-12-13

  • Registered API clients now show the user that created them.
  • Microsoft 365 Defender tasks now report details on failed upstream API calls.
  • The help text on Google Workspace credentials has been improved.
  • The formatting of dashboard category reports has been improved.
  • A bug that could prevent successful import from Shodan has been resolved.
  • A bug that prevented InsightVM connector options from persisting correctly has been resolved.
  • Fingerprint improvements.

3.4.1

2022-12-12

  • A bug that could result in incorrect processing of wireless entries has been resolved.
  • Fingerprint improvements.

3.4.0

2022-12-12

This release is a roll-up of the 3.3.x updates in addition to the following changes.

  • A new canned query for Cisco 7800/8800 series IP phones which may be vulnerable to CVE-2022-20968 has been added.
  • The AWS integration now includes an option to automatically remove assets no longer reported by AWS.
  • OAuth 2.0 client credentials can now be used to authenticate with runZero APIs.
  • The edr.name asset attribute is now updated to show when a runZero scan no longer detects the EDR agent.
  • Tasks can now be stopped during data gathering and processing phases.
  • The site import and export CSV format has been simplified.
  • The performance of connector task processing has been improved.
  • The performance of tables in the Site comparison report, analysis report results, and SSO group mappings has been improved.
  • The fingerprinting coverage of Google Workspace assets has been improved.
  • Additional Fingerprint improvements.

3.3.8

2022-12-07

Important security fix:

  • A bug that could show cross-tenant “no access” role users in the Your team > Current organization view was resolved. This issue only applied to the cloud-hosted version of the runZero platform. The affected build was live for slightly more than two hours. Any customers affected by this issue will receive a detailed notice to the email addresses associated with their superuser accounts.

3.3.7

2022-12-07

  • A bug that could prevent an Explorer from running scans with specific network configurations has been resolved.

3.3.6

2022-12-07

  • The CrowdStrike integration now imports vulnerabilities when CrowdStrike Spotlight is enabled for the API key.
  • An option to disable the creation of new assets from third-party integrations has been added.
  • The performance of the task overview page load time has been improved.
  • The consistency in asset terminology has been improved.
  • The site import CSV format has been improved.
  • Third-party integrations merge assets more consistently.
  • The CLI Scanner --api-url parameter handling has been improved.
  • The DELETE API method for bulk asset deletion has been deprecated.
  • A public API endpoint to check the platform health has been added.
  • OS EOL dates are now reported for Windows 11.
  • Fingerprinting of HomeKit devices has been improved.
  • A new canned query for MegaRAC BMC firmware has been added.
  • A bug that could cause recurring tasks to backup has been resolved.
  • A bug in the Organization asset export API has been resolved.
  • Fingerprint improvements.

3.3.5

2022-11-30

  • The import time for third-party data sources was improved.
  • A bug that caused the License information page to display an incorrect project asset count was resolved.

3.3.4

2022-11-28

  • A bug that could delay concurrent task processing has been resolved.

3.3.3

2022-11-28

  • An issue that could cause the command-line scanner to skip LDAP enumeration has been resolved with the --ldap-thumbprints flag.
  • The scheduler will now delay recurring tasks if the previously completed task has not yet started processing.
  • The backend now processes concurrent tasks for separate sites within the same organization when possible.
  • Self-hosted customers can configure concurrent task processing with the RUNZERO_CRUNCHER_INSTANCES option.
  • Third-party integrations now merge more accurately when using IP addresses as the match key.
  • Microsoft Intune and Azure Active Directory assets are now fingerprinted more accurately.
  • VMware ESXi instances now display OS end-of-life dates based on version.
  • Fingerprint improvements.

3.3.2

2022-11-21

  • A bug that could prevent tag searches from completing when thousands of tags are in use has been resolved.
  • The scanner now supports a configurable ToS/Traffic Class field in the advanced configuration.
  • Additional operating system and hardware icons are available in the inventory view.
  • Explorer and CLI Scanner binaries are now approximately 5MB smaller.
  • New LDAP credentials now auto-populate the discovered port.
  • Printer detection has been improved.
  • Fingerprint improvements.

3.3.1

2022-11-20

  • The Microsoft Defender integration now merges assets more comprehensively.
  • The AWS EC2 integration now provides an option to include Stopped instances.
  • A bug that could result in partial import of GCP CloudSQL assets was resolved.
  • The “All Organizations” view now more accurately handles limited user permissions.
  • Searching and sorting is faster when using the asset first seen and last seen columns.
  • A bug that could lead to duplicate vulnerabilities when an import was restarted has been resolved.
  • Fingerprint improvements.

3.3.0

2022-11-14

This release is a roll-up of the 3.2.x updates in addition to the following changes.

  • runZero Professional and Enterprise customers can now sync assets from Google Workspace.
  • runZero Platform customers can now sync users and groups from Google Workspace.
  • User interface tables were revamped for Organizations, Sites, Explorers, and Teams.
  • The “All Organizations” view is now available to restricted users with a filtered scope.
  • Live validation is no longer required for Qualys VMDR and InsightVM credentials.
  • Fingerprint improvements.

3.2.11

2022-11-08

  • The subnet utilization report now supports filtering by site.
  • CSV export of assets now includes the same hostname information as the inventory view.
  • Up-to-date ARM64 builds of the standalone scanner are now available.
  • The account API endpoint for creating organizations now accepts the argument types documented.
  • Merging two assets now correctly updates the date of the newest MAC address for the resulting asset.
  • Disabling all scan probes now disables the SNMP probe.
  • A bug that could prevent the use of third-party credentials when using TLS thumbprints or the insecure connection option with a public URL has been resolved.
  • Fingerprint improvements.

3.2.10

2022-11-04

  • Service Provider information is now displayed with a default domain before SSO settings are configured.
  • Improved performance when scanning from macOS hosts that have certain EDR solutions installed.
  • A bug which sometimes prevented GCP imports from completing has been fixed.
  • Improved TLS fingerprinting.
  • Fingerprint improvements.

3.2.9

2022-11-03

  • The AWS integration now includes an option to delete AWS-only assets that were not seen in the most recent import.
  • The Qualys integration now includes an option to import unscanned assets and is disabled by default.
  • Processing speed for large Qualys imports has been improved.
  • Explorers are now ordered alphabetically on the scan configuration and connector configuration pages.
  • A bug in how Service Inventory searches were launched from the Asset details page had been resolved.
  • Tanium agent detection now sets the edr.name attribute.
  • Improved fingerprinting of OpenSSL, GnuTLS, and Windows TLS stacks.

3.2.8

2022-11-01

  • A bug that could prevent TLS probes from completing has been resolved.

3.2.7

2022-11-01

  • A new tls.stack attribute that tracks the TLS software provider and version has been added for assets and services.
  • A new canned query for OpenSSL 3.0.x with client certificate authentication has been added.
  • Improved performance of Intune integration when importing a large number of users and devices.
  • runZero users logging in via SSO are now presented with the terms and conditions acceptance dialogue.
  • A bug that could prevent updating site metrics has been resolved.
  • Improved fingerprinting of OpenSSL versions.
  • Apple ecosystem OS Fingerprint improvements.

3.2.6

2022-10-30

  • The scanner now reports OpenSSL versions via TLS fingerprinting.
  • The scanner now reports Tanium agent instances on the network.
  • The scanner now reports additional detail for SSLv3 services.
  • A bug that could prevent the Intune integration from completing long-running tasks has been resolved.
  • A bug that could prevent the GCP integration from returning all assets has been resolved.
  • A bug that could result in a recurring integration running again before the previous task finished has been resolved.
  • Fingerprint improvements.

3.2.5

2022-10-26

  • GCP credentials can now be configured to import assets from multiple projects.
  • A bug that could prevent importing assets from Microsoft Intune has been resolved.
  • A bug that could prevent importing assets from Microsoft 365 Defender has been resolved.

3.2.4

2022-10-24

  • Scan task processing speed has been improved for SaaS and self-hosted customers.
  • The baseline memory usage of Explorers has been reduced.
  • A bug that could prevent importing assets from Microsoft 365 Defender has been resolved.
  • A bug that could cause broken asset links has been resolved.
  • Fingerprint improvements.

3.2.3

2022-10-20

  • Error handling of misconfigured fingerprints has been improved to reduce Explorer and scanner crashes.

3.2.2

2022-10-20

  • The search keywords has_os_eol and has_os_eol_extended are now supported on the Assets and Vulnerabilities inventory pages.
  • A bug that could cause missing service data for services with conflicting virtual hosts has been resolved.
  • A bug that could cause inaccurate user counts for imported directory groups has been resolved.
  • A bug that affected tooltip display has been resolved.
  • A bug that prevented “open in new tab” navigation using middle/right click has been resolved.
  • Fingerprint improvements.

3.2.1

2022-10-18

  • The error message indicating that an AWS integration credential has insufficient permissions has been improved.
  • The “last seen” link to the most recent scan details has been restored on the asset details page.
  • A bug that could prevent Azure AD imports has been resolved.

3.2.0

2022-10-17

This release is a roll-up of the 3.1.x updates in addition to the following changes.

Important security fixes:

  • Three stored cross-site scripting vulnerabilities were identified and fixed as part of our annual third-party security assessment.

In addition to the security improvement above, this release includes:

  • runZero Platform customers can now sync assets from Microsoft 365 Defender.
  • runZero Platform customers can now sync assets from Microsoft Intune.
  • The Azure AD integration now imports additional assets and no longer requires a Microsoft Intune license.
  • The Azure AD integration can now be configured to optionally import assets, users, and groups.
  • The Active Directory integration service options have been adjusted for consistency.
  • Directory users and groups can now be included in custom queries.
  • The Organization Overview report now contains summary information for directory users and groups when present.
  • SNMPv2 options have been moved to the Probes tab (now labeled Probes and SNMP).
  • The toggle switch to use or not use SNMP now correctly reflects whether it is overridden by the “Use defaults” option on the Probes tab.
  • The asset details pages have been redesigned for improved performance.
  • The asset details pages now include a “last loaded” time indicator and the ability to refresh the page data.
  • Recent users from Microsoft Intune, SentinelOne, and CrowdStrike are now included on the asset details page.
  • Alert notifications, user invitations, and password reset emails are now sent from the runzero.com domain name instead of rumble.run.
  • The rumblectl utility now has a diagnostics command to run or save a diagnostic script for self-hosted customers to collect information for runZero support.
  • A bug that could prevent repeated import of task data that includes directory users and groups has been resolved.
  • A bug that caused subnet sampling and screenshots to be enabled for all scan tasks has been resolved.
  • Fingerprint improvements.

3.1.13

2022-10-11

  • Inventory pages now offer “all” and “none” column visibility selection options.
  • Fingerprint improvements for Fortinet products that may be affected by CVE-2022-40684.

3.1.12

2022-10-07

  • The Tenable.io integration now supports a configurable API URL.
  • The Active Directory integration now supports optional import of assets, users, and groups.
  • The minimum TLS version supported by new Active Directory credentials has been increased from TLS 1.0 to TLS 1.2, with a configurable option to support older TLS versions.
  • A bug that could prevent modifying the maximum concurrent scans setting was resolved.
  • A bug that could result in an inaccurate task count on the credentials page was resolved.
  • A bug that could result in inaccurate searches by credential on the tasks page was resolved.
  • A bug that could result in inaccurate reporting of credential reuse was resolved.
  • A bug that could cause certain browser extensions to prevent configuring scans was resolved.

3.1.11

2022-10-06

  • A bug that could prevent reuse of SNMP credentials for recurring scans was resolved.

3.1.10

2022-10-03

This release contains important security fixes:

  • A bug that could lead to stored cross-site scripting in the scan templates view was fixed. This issue could be exploited by an authenticated, but unprivileged user to take over the session of another authenticated user.
  • A bug that could lead to stored cross-site scripting in the SSO group mappings view was fixed. This issue could be exploited by an authenticated superuser to take over the session of another authenticated user.

3.1.9

2022-09-30

  • A bug that could prevent initializing a scan in some cases was resolved.

3.1.8

2022-09-30

This release contains an important security fix:

  • A bug that could lead to stored cross-site scripting in the team view was fixed. This issue could be exploited by an authenticated, but unprivileged user to take over the session of another authenticated user.

In addition to the security improvement above, this release included a separate bug fix:

  • A bug that prevented recurring scans from being saved in some cases was resolved.

3.1.7

2022-09-29

  • The search keyword os_eol_expired is now supported on the Assets inventory.
  • The handling of Qualys concurrency and rate limiting has been improved.
  • The rumblectl command can now be used with self-hosted deployments to configure additional superusers.
  • A bug that prevented the first_seen timestamp from being set has been fixed.
  • A bug that could cause large Qualys imports to fail has been resolved.
  • A bug that prevented import of Azure AD users and groups when missing an active Intune license has been resolved.
  • A bug that could result in partial import of Azure AD users and groups has been resolved.
  • A bug which prevented the report.changed value from working in notification rule templates has been fixed.
  • A bug that prevented the use of client tokens to authenticate to the API has been fixed.
  • Fingerprint improvements.

3.1.6

2022-09-27

  • Email notifications are now enabled for non-recurring Organization Overview reports.
  • Relative time searches now accept negative numbers.
  • Scan tasks and templates now allow empty SNMPv1 and SNMPv2 community strings.
  • Credential validation has been improved to prevent common misconfigurations.
  • Support for Explorer hosts running virtual machines has been improved.
  • MAC vendor display behavior on inventory datagrids has been improved.
  • Tooltips on datatable icons have been improved.
  • A bug that could cause insight queries for hosted zones to fail has been resolved.
  • A bug in the Shodan integration asset-mode query has been resolved.
  • A bug that could cause MAC vendor names to be cut off in datagrids has been resolved.

3.1.5

2022-09-22

  • The task change report schema has been updated to support changes to directory users and groups.
  • Error messages related to API tokens have been improved.
  • A bug that could result in missing Shodan services has been resolved.
  • A bug that incorrectly imported Active Directory Managed Service accounts as assets has been resolved.
  • Fingerprint improvements.

3.1.4

2022-09-19

  • Improved performance of asset exports with many subnets.
  • Asset exports now filter subnet results to those containing the assets’ addresses.
  • Improved LDAP connector and probe logging.
  • Added group_count keyword to Users search.
  • Improved grouping of inputs in connector forms.
  • A bug that could cause the Switch Topology report to not show all switches in certain situations has been resolved.
  • A bug that could result in a 500 error when exporting assets from sites with many assets and/or subnets has been resolved.
  • A bug that could result in UI elements becoming unresponsive has been resolved.
  • Fingerprint improvements.

3.1.3

2022-09-14

  • A bug that could prevent some service values from being saved has been resolved.

3.1.2

2022-09-14

  • Improved loading times of the directory groups inventory page.
  • A bug that could result in all subnet tags being applied to exported assets has been resolved.
  • A bug that could result in missing Shodan services has been resolved.
  • A bug that could cause Azure AD imports to fail for certain configurations has been resolved.
  • A bug that could cause excessive export sizes has been resolved.
  • A bug that could obscure task errors from the task log has been resolved.
  • Fingerprint improvements.

3.1.1

2022-09-13

  • Improved loading times of the inventory screens, including multi-page selection.
  • Search keyword has_group is now supported on the Users page.
  • Fingerprint improvements.

3.1.0

2022-09-12

This release is a roll-up of the 3.0.x updates in addition to the following changes.

  • runZero Platform customers can now sync assets from Shodan.
  • runZero Platform customers can now sync assets from Azure Active Directory.
  • runZero Platform customers can now sync assets from Microsoft Active Directory via LDAP.
  • Connector tasks now can optionally be run from an Explorer on a customer’s network.
  • The Events datatable has been redesigned and is now more performant.
  • The Qualys integration now provides a more descriptive error message when rate-limited by the Qualys API.
  • Network File System (NFS) protocol detection on TCP ports has been improved.
  • A bug that prevented editing certain probe options when configuring a scan has been resolved.
  • Fingerprint improvements.

3.0.24

2022-09-10

  • A bug that could cause the browser to freeze when viewing assets with many attributes has been resolved.
  • Fingerprint improvements.

3.0.23

2022-09-08

  • Web screenshots are now limited to a maximum of 16 concurrent processes.
  • Web screenshots will now run concurrently on arm64 macOS systems.
  • Improved error handling for the GCP integration.
  • Improved parsing of input hostnames.
  • A bug that could prevent rendering dashboard insights has been resolved.

3.0.21

2022-09-07

  • Dashboard insights have been limited to a maximum of three rows.
  • Fingerprint improvements.

3.0.20

2022-09-07

  • A bug that could result in minimal assets being skipped has been resolved.

3.0.19

2022-09-07

  • A bug that could result in the wrong insight counts on the dashboard has been resolved.
  • Fingerprint improvements.

3.0.18

2022-09-06

  • A bug that could cause attributes and screenshots to be removed from offline assets has been resolved.
  • Fingerprint improvements.

3.0.17

2022-09-02

  • Fingerprint improvements.

3.0.16

2022-09-02

  • Fingerprint improvements.

3.0.15

2022-09-01

  • A bug that prevented using certain organization and export tokens has been resolved.
  • Fingerprint improvements.

3.0.14

2022-08-31

  • A new optional filter has been added to the CrowdStrike connector.
  • The performance of the Qualys connector has been improved.
  • Event details have been added to alert templates by default.
  • A bug that caused the token to be missing from password reset emails has been resolved.
  • Fingerprint improvements.

3.0.12

2022-08-29

  • Task statistics for asset counts are now included in CSV exports and can be used in task searches.
  • The license-limit-exceeded event has been added to alert when the live asset count exceeds an accounts license.
  • The ldap.notes service attribute has been added for providing user-friendly representations of well-known discovered LDAP OIDs.
  • A bug that could cause query timeouts has been resolved.
  • A bug that could cause large Qualys imports to timeout has been resolved.
  • Fingerprint improvements.

3.0.11

2022-08-24

  • A bug that prevented Qualys from being fully imported from large sites has been resolved.
  • A bug that led to slow exports and job processing has been resolved.
  • Fingerprint improvements.

3.0.10

2022-08-22

  • The Tenable integration now excludes terminated and deleted assets.
  • A bug that affected formatting of _asset.match values has been resolved.
  • A bug that caused internal tasks for metrics calculation to generate scan-completed events has been resolved.
  • A bug that prevented reports for specific asset attributes has been resolved.

3.0.9

2022-08-19

  • Dashboard metrics now account for unscanned assets imported from third-party integrations.
  • Internal recurring tasks for metrics calculation no longer show in the recurring task count.
  • Fingerprint improvements.

3.0.8

2022-08-19

  • A bug that could prevent exporting asset attributes has been resolved.
  • Fingerprint improvements.

3.0.7

2022-08-17

  • A bug that could prevent CrowdStrike tasks from processing has been resolved.

3.0.6

2022-08-17

  • Processing performance for foreign asset data has been improved.
  • A bug that could prevent the generation of some asset attribute reports has been resolved.
  • Fingerprint improvements, including AIX OS and vCenter, Avaya, and Proofpoint appliances.

3.0.5

2022-08-12

  • A bug that could cause offline self-hosted platform updates to fail has been resolved.
  • The timeout for Qualys connection tasks has been increased from 60 seconds to 5 minutes.
  • Fingerprint improvements.

3.0.4

2022-08-11

  • A notice was added to the MFA page to inform users that they can continue to use the old rumble.run domain until they re-enroll their authenticators for the new runzero.com domain.
  • Font rendering in Safari browsers now matches Firefox and Chrome.
  • UI improvements were made to the queries table.
  • A bug that could prevent exporting selected assets and asset search results has been resolved.
  • A bug that could prevent starter accounts from setting up recurring tasks has been resolved.
  • A bug affecting organization selection when a default organization is set has been resolved.
  • A bug that could cause SSH probes to occasionally deadlock has been resolved.

3.0.3

2022-08-09

  • Fingerprint improvements.

3.0.2

2022-08-09

  • A bug that prevented WebAuthn from registering correctly on console.runzero.com has been resolved.
  • A bug that could cause the topology in the asset details page to be mangled has been resolved.

3.0.1

2022-08-08

  • Inventory searches now support “runZero” as an asset source type.
  • A bug that could affect the default probes selector functionality has been resolved.

3.0.0

2022-08-08

This release is a roll-up of the 2.15.x updates in addition to the following changes.

  • Rumble is now runZero and the product UX has been updated to match.
  • runZero Platform customers can now sync asset and vulnerability data from Qualys VMDR.
  • The Queries datatable has been redesigned and is now more performant.
  • The Software and Vulnerabilities datatables now have a “view more details” button.
  • Users can now specify a Default Organization in the profile settings page.
  • Outlier calculations and insight queries now automatically run as daily analysis tasks.
  • Outlier calculations and insight queries can be regenerated on demand using the Metrics menu on the Tasks overview page.
  • Merging assets with foreign attributes from the same source now retains all sets of foreign attributes.
  • Software entries imported from SentinelOne and Tenable now report their service addresses.
  • A custom query to find DrayTek Vigor routers has been added.
  • The Asset and Service attributes reports can now be filtered by Site.
  • The Organization API now supports asset merging.
  • The services view is now up to 40% faster for organizations with large numbers of assets.
  • A bug in the AWS Configuration UI causing the “Lambda instances” option to not persist has been resolved.
  • A bug that could prevent external users from being directed to their main SSO login page has been resolved.
  • Operating system fingerprinting has been improved for cloud assets (AWS, Azure, and GCP).
  • Fingerprint improvements.

2.15.11

2022-08-01

  • A bug which could cause stale software entries to be retained has been fixed.
  • A bug in the Insights table which could render very large buttons has been fixed.
  • Improved hostname-based merging for Rapid7 imports.
  • Improved fingerprints for some FortiNet, FrontRow, and Synology assets.

2.15.10

2022-07-29

  • API keys are now shown hidden by default and can be copied to the clipboard through a click.
  • The Route Pathing report is now more performant and aborts early in out-of-memory scenarios.
  • A bug that could lead to a 500 error when accessing the users endpoint of the organization API has been resolved.
  • A bug that could cause tooltips to persist on the screen has been resolved.
  • Printer detection has been improved.
  • Fingerprint improvements.

2.15.9

2022-07-28

  • A bug that could cause the vulnerabilities table to appear empty when sorted by the details column has been fixed.
  • The scanner now fingerprints and reports a much wider range of ePO/McAfee Agent services.
  • Fingerprint improvements.

2.15.8

2022-07-26

  • A bug that could cause the HTTP probe to abort early has been resolved.

2.15.7

2022-07-26

  • Improved support for processing very large Rapid7 imports.
  • Software will now be populated from Rapid7 imports.
  • OS fingerprinting will now use Rapid7 fingerprints, when Rapid7 is the only data source.
  • Rapid7 foreign attributes have been adjusted for clarity.
  • Services will now be populated from Censys.
  • Vulnerability details are now available on the Vulnerability Inventory screen.
  • Improved ability to extract Microsoft Windows information from web services.
  • Improved ability to extract information from NetBIOS, including new detection of Domain Controller roles.
  • Hosted Zone scan limits have been increased.
  • The runZero Explorer now logs configuration file loading and reports any syntax errors.
  • The asset tag update and bulk asset tag update APIs now work as documented.
  • Fixed a bug which prevented all org admins from deleting other users.
  • The User Last Activity date now shows the correct date.
  • Fingerprint improvements.

2.15.6

2022-07-21

  • Processing speed for large Nexpose and Tenable imports has been improved.
  • Hostname identification from LDAP responses has been improved.
  • Filtering of non-unique MAC addresses has been improved.
  • Inconsistent SNMP data handling has been improved for certain classes of devices.
  • A bug that could prevent connector tasks from running in parallel while connecting to third-party APIs has been resolved.
  • A bug that prevented organization administrators from deleting other users has been resolved.
  • A bug affecting inventory multi-select operations has been resolved.
  • A bug preventing inventory column selection has been resolved.
  • A bug that could indefinitely stall a task has been resolved.
  • Fingerprint improvements.

2.15.5

2022-07-18

  • Improved support for processing very large scans.
  • Improved performance of the software and vulnerabilities tables.
  • Fingerprint improvements.

Note: The upgrade process may take up to an hour for large self-hosted deployments.

2.15.4

2022-07-14

  • The API now returns all attributes, sources, and subnets for a single asset.
  • The runZero Explorer now runs as a delayed auto start process on Windows to increase reliability after reboots.
  • The Organization Overview report now includes navigation links to return to the top of the report.
  • A bug affecting license warning banners has been fixed.
  • A bug affecting macOS Explorer upgrades on M1 systems has been fixed.
  • A bug that prevented importing VMware assets has been fixed.
  • Fingerprint improvements.

2.15.3

2022-07-13

  • The InsightVM integration now supports larger imports.
  • When a templated task fails due to an Explorer being unavailable, copying the failed task now retains the connection to the template.
  • A bug in the Overview report which showed blank addresses for Unscanned assets has been resolved.
  • A bug that caused scan copies to get assigned to a different site has been resolved.
  • A bug that prevented OS icons from showing on inventory tables has been resolved.

2.15.2

2022-07-12

  • Click-to-copy functionality has been restored for MAC addresses displayed on inventory pages.
  • Asset export query errors now return HTTP 400 status code with descriptive bodies.
  • A bug that prevented copying or updating Nessus connector tasks has been resolved.
  • Fingerprint improvements.

2.15.1

2022-07-12

  • A bug that could lead to an error in the External Asset Report when no assets were present has been resolved.
  • A bug that could cause the Export API to return a 500 instead of 400 for invalid queries has been resolved.
  • A bug that caused some Explorer updates to fail on Windows has been resolved.

2.15.0

2022-07-11

This release is a roll-up of the 2.14.x updates in addition to the following changes.

  • Rumble Enterprise customers can now sync asset and vulnerability data from the InsightVM API and upload data from Nexpose XML Export files.
  • Rumble Enterprise customers can now sync asset, software, and vulnerability data from the Nessus Professional API.
  • Rumble Enterprise customers can now generate an External Asset report.
  • Scan scopes can now be populated using external domains and IP addresses.
  • All inventory tables have been redesigned and are now more performant when displaying a large number of assets.
  • Integration tasks have been renamed from “Import” to “Connector” and can now run in parallel while connecting to third-party APIs.
  • New reports for software and vulnerabilities have been added.
  • The self-hosted platform’s web server HTTP timeouts can now be configured using environment variables.
  • A bug that affected JSON exports of task information has been resolved.
  • Fingerprint improvements.

2.14.11

2022-07-06

  • A bug that delayed task processing when many vulnerability records were present has been resolved.

2.14.10

2022-07-01

  • An API endpoint was added for Nessus imports.
  • The scan engine now sets additional attributes for TLS certificates.
  • The site edit page is now much faster for sites with large numbers of subnets.
  • A bug has been fixed that prevented assets missing certain date/time fields from being imported from a Nessus file.
  • If the start time of a recurring task is changed, the change now saves successfully and queues an immediate run if appropriate.
  • Date range queries now work on Tenable / Nessus attributes. (Note that this requires a re-import of the appropriate data.)
  • A bug has been fixed that prevented using boolean search terms with the Vulnerabilities table.
  • A bug has been fixed that prevented some customers from importing assets from SentinelOne.
  • Censys Search data processed using file import is now handled correctly.
  • Fingerprints were updated for KVMs, routers, IP cameras, and other general network management equipment.
  • Links to query language documentation have been updated throughout the product.

2.14.9

2022-06-27

  • Improved merging of AWS, Azure, and GCP assets imported from Tenable.io.
  • A bug was fixed with SentinelOne credential creation.
  • A bug was fixed which could result in an incorrect agent ID or template ID being written to tasks when they were updated via API.
  • A bug was fixed which prevented the asset route pathing report from rendering the source name properly in the report heading

2.14.8

2022-06-24

  • A bug that prevented customer address information from being validated has been resolved.
  • A bug that prevented SSO settings from being updated correctly has been resolved.

2.14.7

2022-06-24

  • The self-hosted platform install now supports Rocky Linux.
  • A bug in the scan engine that could lead to unexpected printer output has been resolved.
  • A bug in the e-commerce checkout with non-US addresses has been resolved.
  • Fingerprints were updated for Nokia SR OS and Cisco RV routers.

2.14.6

2022-06-23

  • The Account API now supports scan template management.
  • The scan engine discovers additional services, including Elasticsearch, Logstash, and Prometheus.
  • Fingerprints were updated for various operating systems and for products by Aruba Networks, Axis, MikroTik, and Nokia.
  • Query “address” keywords now support CIDR notation.

2.14.5

2022-06-16

  • The scan engine now sets additional attributes for TLS certificates.
  • SSO configuration now skips IdP-provided encryption certificates during setup.
  • Explorer initialization speed has been optimized.
  • A bug that could cause the Explorer service to timeout on startup has been resolved.
  • Explorers deployed on macOS can now be transferred between organizations successfully.
  • A bug has been fixed that could occasionally cause site deletion to trigger creation of an unnecessary site.
  • Last activity dates of users are now shown in the same time zone as the account creation date.
  • Fingerprint improvements.

2.14.4

2022-06-15

  • The Tenable integration now includes an option to import unscanned assets and is disabled by default.
  • The logic for merging Tenable/Nessus assets into the Rumble inventory has been improved.
  • The accuracy of first_seen and last_seen dates has been improved for Nessus imports.
  • The Tenable integration now provides more informative error messages for task failures due to invalid API keys and missing permissions.
  • New software and vulnerabilities reports have been added.
  • A preview of software and vulnerability attributes is now displayed when hovering over the Click To Copy button on the Asset details page.
  • The performance of the vulnerabilities table has been improved.
  • The scan engine now flags TLS services with self-signed certificates and untrusted CAs.
  • CSV exports of asset information now include OS EOL and extended OS EOL dates.
  • Credentials limited to specific organizations can no longer be created by an administrator without access to the organizations.
  • Improved fingerprinting of Tenable/Nessus assets imported with a severity setting of low or higher.
  • Fingerprint improvements.

2.14.3

2022-06-10

  • Rumble Enterprise customers can now search inventory by hosted zone.
  • A fingerprint for the Cockpit application has been added and includes additional Linux OS fingerprinting capability.
  • Fingerprints were updated for various operating systems and for products by 2N, Grandstream, Huawei, and Wago.
  • A bug that caused software and vulnerabilities to be ignored when manually merging assets has been fixed.
  • A bug that could prevent task configuration from showing the list of available Explorers has been fixed.
  • A bug that could prevent using the console to contact support has been fixed.
  • A bug that prevented filtering some Fortinet Web Filter replies has been fixed.
  • Additional Fingerprint improvements.

2.14.2

2022-06-07

  • Additional validation for scan targets has been added to hosted scans.
  • Additional validation for Tenable.io credentials has been added.
  • Asset inventory column selection and ordering now persist between queries.
  • Connector tasks now obey the start time set when they are created.
  • A bug that could cause hosted scans to timeout after an hour has been resolved.
  • A bug that prevented viewing third-party attributes for assets without Rumble attributes has been resolved.
  • A bug that affected the first seen and last seen dates for assets imported from Tenable.io and Nessus has been resolved.
  • A bug that persisted a task’s error message when copying the task has been resolved.
  • Fingerprint improvements.

2.14.1

2022-06-06

  • A bug that could prevent the Tenable connector from importing large sites has been resolved.

2.14.0

2022-06-06

This release is a roll-up of the 2.13.x updates in addition to the following changes.

  • Rumble Enterprise customers can now run scans using Rumble-hosted Explorers.
  • Rumble Enterprise customers can now sync asset, software, and vulnerability data from the Tenable.io API and upload data from Nessus scan files.
  • The Azure integration can now import Azure Function Apps.
  • The ServiceNow integration can now export asset subnet tags.
  • Fingerprint improvements.

2.13.7

2022-05-27

  • The size limit for cloud-hosted scans has been increased from 6GiB to 10GiB.
  • A bug that prevented searching software by version has been fixed.
  • A bug that presented input fields for unselected credential types has been fixed.
  • Fingerprint improvements.

2.13.6

2022-05-24

  • Scans can now specify asn4:<id> and country4:<2-letter ISO code> in the scan and site scope and exclusion fields.
  • Bogus results caused by firewall interference are now automatically ignored in more cases.
  • Single organization administrators can now manage non-global credentials for their organization.
  • The Organization Overview report now includes asset tags when available.
  • Fingerprint improvements.

2.13.5

2022-05-19

  • A bug that prevented the self-hosted installer from completing has been resolved.

2.13.4

2022-05-19

  • The Censys integration now reports the observed_at, extended_service_name, perspective_id, and source_ip for all services.
  • Fingerprint improvements.

2.13.3

2022-05-13

  • The size limit for cloud-hosted scans has been increased from 4GiB to 6GiB.
  • Fingerprint improvements.

2.13.2

2022-05-11

  • A bug affecting some users of scan templates has been fixed to ensure the scan configuration is followed.
  • A bug preventing the “TLS serial numbers” report from properly running has been fixed.
  • Fingerprint improvements.

2.13.1

2022-05-09

  • A bug that could lead to event processing terminating early has been resolved.

2.13.0

2022-05-09

This release is a roll-up of the 2.12.x updates in addition to the following changes.

  • Asset information can now be viewed in aggregate across all organizations in the dashboard and asset inventory.
  • The AWS integration now imports Lambda instances.
  • The Azure integration now imports load balancers and AzureSQL instances.
  • The GCP integration now imports load balancers and CloudSQL instances.
  • Self-hosted installations now use an in-process task scheduler instead of system cronjobs for maintenance tasks.
  • Fingerprint improvements.

2.12.12

2022-05-03

  • A bug that could cause the service to reload during task processing has been resolved.
  • Fingerprint improvements.

2.12.11

2022-05-02

  • Software associated with assets is now tracked in the Rumble inventory.
  • Rumble Enterprise customers can now sync asset and software data from the SentinelOne API.
  • The AWS integration now imports RDS instances.
  • The Azure integration now imports scale set virtual machines.
  • AWS credentials enabling STS assume role workflows are simplified to only require a role name.
  • Credential access can now be toggled to allow or disallow all organizations during credential creation.
  • An intermittent issue that caused some external invitation emails to be missing activation codes has been fixed.
  • A performance issue that could cause long load times for the credentials page has been fixed.
  • A bug that could prevent group members from being displayed on an organization’s users page has been fixed.
  • Fingerprint improvements.

2.12.10

2022-04-19

  • Tags can now be applied, updated, and deleted in bulk using the API.
  • Speed of the RFC 1918 Coverage Report has been greatly improved.
  • Fingerprint improvements.

2.12.9

2022-04-18

  • Assets with external IP addresses will now be tagged with their geographic location and ASN when available.
  • The CrowdStrike and Miradore integrations can now be run as scan probes from the console and scanner CLI.
  • A bug that could prevent deleting services from the services inventory has been resolved.
  • A bug where certain analysis tasks could error when an asset-query-results rule is enabled has been resolved.
  • Fingerprint improvements.

2.12.8

2022-04-14

  • A bug that prevented new CrowdStrike credentials from being stored has been fixed.

2.12.7

2022-04-14

  • The Organization Overview report can now be generated and emailed to desired recipients on a recurring schedule.
  • The organization users table now displays effective access for each user.
  • A bug that could prevent adding users to groups has been fixed.
  • Fingerprint improvements.

2.12.6

2022-04-12

  • A bug that caused VMware instances with non-unique UUIDs to be handled incorrectly has been fixed.
  • A bug that allowed IPs not in the scan scope to be used as primary addresses has been fixed.
  • A bug that reported Windows OSes incorrectly for VMware has been fixed.
  • The CrowdStrike integration now generates downloadable task data that can be used for importing CrowdStrike assets.
  • Added ability to truncate syslog to a specified line length.
  • Fingerprint improvements.

2.12.5

2022-04-08

  • The scan configuration site scope warning now accurately reflects the site default scope.
  • A bug that prevented searching for bssid wireless values has been fixed.
  • Fingerprint improvements.

2.12.4

2022-04-07

  • The Scan menu now provides an option to run a new scan using an existing template.
  • The Alert Rules form now handles very long queries in the Test Query action.
  • A bug that led to incorrect dashboard stats for multi-site organizations has been fixed.
  • A bug that caused reports for certain AWS attributes to show empty results has been fixed.
  • A bug that caused stale SNMP credentials to stay associated with an asset has been fixed.
  • The self-hosted rumblectl update command now also applies content updates.
  • Fingerprint improvements.

2.12.3

2022-04-06

  • The AWS connector now tags each instance with the associated AWS account email.
  • The CrowdStrike connector now handles API service outages more gracefully.
  • A bug that prevented the Organization Overview report from being visible in Rumble Professional has been fixed.
  • A bug that led to the scan engine logging a debug message related to LDAP has been fixed.
  • A bug that led to visual errors on the asset details screen has been resolved.
  • Fingerprint improvements.

2.12.2

2022-04-05

  • The Scan menu now links to Scan Template selection with a search interface.
  • The individual probe options in the Scan Config screen are now consistently sorted.
  • A bug that could lead to partial stats being shown in the dashboard for multi-site organizations has been resolved.
  • A bug that could prevent content self-hosted content updates from working when /opt was on a different file system from /tmp has been fixed.
  • A bug that could lead to duplicate pre-built queries in self-hosted installations has been resolved.
  • Fingerprint improvements.

2.12.1

2022-04-05

  • A bug that could prevent scan templates from being saved has been resolved.
  • Fingerprint improvements.

2.12.0

2022-04-04

This release is a roll-up of the 2.11.x updates in addition to the following changes.

  • A new print-friendly Organization Overview report is now available.
  • A new integration with the Google Cloud Platform is now available.
  • External users may be invited to the cloud console.
  • Scans templates are now available.
  • Self-hosted instances now sync pre-built queries from the cloud.
  • The scan engine now supports the Kerberos and LDAP protocols.
  • Fingerprint improvements.

2.11.16

2022-03-29

  • A bug that prevented exact = attribute matches from working has been resolved.

2.11.15

2022-03-28

  • The self-hosted platform now supports scan imports larger than 4GiB.

2.11.14

2022-03-28

  • The inventory search now supports a wider range of UTF-8 input for search patterns.
  • The API now handles temporary maintenance-related errors more consistently.
  • Fingerprint improvements.

2.11.13

2022-03-25

  • Long-running export requests now timeout after 90 minutes, from 30 minutes, for large organizations.
  • Fingerprint improvements.

2.11.12

2022-03-22

  • Fingerprint improvements.

2.11.11

2022-03-20

  • The update process for Explorers on the Windows platform is now more resilient to EDR/AV interference.

2.11.10

2022-03-19

  • Fingerprint improvements.

2.11.9

2022-03-17

  • A bug that could lead to some metric queries timing out has been resolved.

2.11.8

2022-03-17

  • A bug that could lead to concurrent task processing in the same organization has been resolved.
  • Fingerprint improvements.

2.11.7

2022-03-16

  • A bug that could lead to timeouts with large CrowdStrike imports has been resolved.

2.11.6

2022-03-16

  • Fingerprint improvements.

2.11.5

2022-03-15

  • The self-hosted CLI now supports setting the superuser role and resetting MFA.
  • The scan engine now detects the Veeam Distribution Service API.
  • A bug that prevented {{organization.name}} from being used in certain organization alert templates has been resolved.
  • A bug that prevented login events from being displayed in the Events view has been resolved.
  • A bug that prevented sso-login events from being recorded when the connection was terminated mid-event has been resolved.
  • A bug that allowed update requests to interrupt scans has been resolved.
  • Incorrect outlier search result links have been fixed.

2.11.4

2022-03-11

  • Alert rule queries now take into account assets found through integrations.
  • The console now correctly filters bogus ARP replies over a reasonable threshold.

2.11.3

2022-03-11

  • The self-hosted rumblectl set-role command now also supports setting the superuser role.
  • The self-hosted rumblectl reset command now also resets the MFA token.
  • The Asset CSV import now supports cell widths of up to 16,384 characters (from 1,024).
  • A bug that prevented the self-hosted server from restarting in out-of-memory conditions has been resolved.
  • A bug that caused the Network Switch report to sometimes show a 500 error has been resolved.
  • Fingerprint improvements.

2.11.2

2022-03-10

  • The response time when exporting assets via the API has been improved.
  • The Asset inventory now displays the subnet tag descriptions on hover of subnet tags.
  • The Network Switch report can now be launched from the reports page.
  • Autocompletion of search keywords has been added for Sites and Queries.
  • A bug that caused the SNMP probe to default to community strings “public,private” when no communities were provided has been resolved.
  • A bug that prevented some third-party connectors from recording a task-completed event has been resolved.
  • A bug that caused self-hosted Explorer and Scanner offline updates to fail has been resolved.
  • Fingerprint improvements.

2.11.1

2022-03-08

  • The SSO group mapping form now displays a relevant error when the groups list is empty or no group has been selected.
  • The group column in the user table was not meant to be sortable and this has been fixed.
  • The group mappings tab no longer shows when a user has SSO disabled.
  • A bug that prevented service_ports_tcp and service_ports_udp search keywords from working as intended has been resolved.
  • The dashboard has been updated to display a helpful tooltip icon on the RTT latency chart that defines certain terms and metrics.
  • A regression in the VMware connector has been resolved.
  • Fingerprint improvements.

2.11.0

2022-03-07

This release is a roll-up of the 2.10.x updates in addition to the following changes.

  • The dashboard has been updated and now shows both most and least seen values for most stats.
  • The dashboard now has CSV exports for all stats and links to deeper views of each given stat.
  • The AWS and Azure integrations are now available to Professional Edition customers.
  • The Azure integration can now run from the console, Explorer, or scanner as a probe.
  • The Azure integration now identifies VM operating system information using disk image fingerprints.
  • The Azure integration now tracks the clientID, tenantID, and subscriptionID as attributes for each asset.
  • The Azure integration now creates a site per subscription ID.
  • The AWS integration now creates a site per account in addition to the existing site per VPC capability.
  • The AWS integration now supports using a provided session token.
  • The AWS integration now tracks the account name as an attribute for each asset.
  • The Account API now supports group management.
  • Asset outliers are now tracked in the inventory and within the asset details page.
  • Enterprise Edition customers can now access the Outlier Summary and Specific Outlier reports.
  • Enterprise Edition customers can now map users to groups based on SAML attribute rules.
  • The Explorer console URL can now be set through the RUMBLE_CONSOLE environment variable.
  • The web console now flags under-resourced Explorers in the Deploy view.
  • The web console now allows admins to force user logouts from the Team page.
  • The web console now allows limited administrators to view users and create new projects.
  • The scan engine now spends less time on per-VLAN SNMP enumeration when the device does not support it.
  • The scan engine now supports full SNMP v1 enumeration using non-bulk lookups, if necessary.
  • The scan engine is now much more conservative on a wider range of ICS ports.
  • The scan engine is now much more friendly to fragile Lantronix devices.
  • The scan engine now supports the Lantronix device discovery protocol.
  • The scan engine now detects the Java Debug Wire Protocol (JDWP).
  • The scan engine now detects and uses Qualys Cloud Agent correlation IDs.
  • The scan engine now reports more information from NTP services.
  • The self-hosted platform now supports a generate-certificate command.
  • A bug that could lead to stale asset attributes remaining across scans has been resolved.
  • A bug that could prevent the host-ping feature from finding all hosts has been resolved.
  • A bug that led to broken search links in the task details page has been resolved.
  • Fingerprint improvements.

2.10.6

2022-02-24

  • A bug that prevented CIDR addresses in the default scan scope of a Site from being used has been fixed.
  • Fingerprint improvements.

2.10.5

2022-02-22

  • Asset correlation has been improved for a variety of corner cases, including Cisco Nexus switches.
  • A bug that caused stale IPv6 addresses and UDP services to remain between scans has been resolved.
  • A bug that prevented single-org admins from seeing users on the team page has been resolved.
  • Fingerprint improvements.

2.10.4

2022-02-17

  • OS EOL dates are now reported for Red Hat Enterprise Linux, Fedora, and CentOS.
  • Fingerprint improvements.

2.10.3

2022-02-15

  • The asset route pathing report is out of beta.
  • Fingerprint improvements.

2.10.2

2022-02-11

  • The Account API now supports group management through new endpoints.
  • Asset and service search now supports new keywords for matching primary and secondary addresses.
  • The dashboard now tracks how many assets have been seen in the last 30 days across all sources.
  • The AWS integration now supports using a provided session token.
  • The asset route pathing report is now more accurate.
  • A bug that prevented some AWS asset attributes from being populated has been resolved.
  • A bug that mangled UTF-8 characters in the subject and message body of e-mail notifications has been fixed.
  • Fingerprint improvements.

2.10.1

2022-02-07

  • A bug in the HTTP scanner that could prevent images from being captured correctly has been resolved.

2.10.0

2022-02-07

This release contains an important security fix:

  • A security issue has been resolved in the SSO SAML handler. This issue was found during internal review and could be abused to trigger a denial of service or limited leak of application internal data by an unauthenticated attacker.

This release is a roll-up of the 2.9.x updates in addition to the following changes.

  • The team page now supports user groups, providing more options when managing permissions/roles across your users.
  • IPv6 support now includes link-local asset discovery and PTR lookups for the DNS/mDNS probes.
  • AWS assets can now be synced from the standalone scanner, as a scan probe in the console, or imported from previous AWS connector tasks.
  • A bug where invited users skipped the initial SSO login when joining an organization with required SSO settings has been resolved.
  • A bug that prevented public IP addresses from populating an AWS asset’s IPv4 attribute has been fixed.
  • A bug where stale reverse DNS attributes could persist on rescanned assets has been resolved.
  • A bug where the services in an asset view were not properly sorted has been resolved.
  • The queries page now displays an Updated column containing the last-modified date and time for each query
  • The queries page now supports query execution across all assets, regardless of alive status.
  • Asset subnet tags are now included in JSON and XML asset exports.
  • Fingerprint improvements.

2.9.14

2022-01-28

  • HP iLOs will no longer be merged into their host assets when they share a MAC address.
  • A bug that prevented services from displaying after a third-party import has been resolved.
  • A bug that prevented Asset Modify rules from updating the HW field has been resolved.
  • A bug that could cause the CLI scanner to stack trace has been resolved.
  • The CLI Scanner censys-db sub-command now requires less memory.
  • Fingerprint improvements.

2.9.13

2022-01-27

  • Censys Avro files can now be converted to a database for faster lookups.
  • Fingerprint improvements.

2.9.12

2022-01-25

  • A regression that could lead to login errors after bulk permission updates has been fixed.
  • A regression that removed the service names from the asset details page has been fixed.
  • AWS internal hostnames are now reported in the asset name list.
  • Fingerprint improvements.

2.9.11

2022-01-24

  • Nmap XML exports are now much faster.
  • Fingerprint improvements.

2.9.10

2022-01-20

  • The scan engine now limits the SNMP enumeration speed to the Max Host Rate, reducing CPU usage on older switches.
  • The scan engine now ignores additional cases of FortiGate HTTP interception.
  • Fingerprint improvements.

2.9.9

2022-01-18

  • The scan engine now accepts IPv6 addresses and resolves AAAA records for hostnames.
  • The scan engine now skips protocol probes on TCP port 9106.
  • A bug that prevented uploading very large scans has been fixed.
  • Fingerprint improvements.

2.9.8

2022-01-14

  • Added an option to export only selected assets, services, or wireless.
  • Added a “Every N Hours” recurring task frequency option.
  • Autocompletion of search keywords has been added for Organizations, Tasks, and Events.
  • AWS and Azure connectors no longer set asset alive status and no longer are counted as offline or back online in the change report.
  • Rules now show when they were last processed, whether they triggered their action, and any error that occurred as a result.
  • The coverage report can be filtered by site.
  • A bug that could allow duplicate CrowdStrike assets after an import has been fixed. Any resulting duplicates are eliminated on the next CrowdStrike task run.
  • A bug which could lead to stalled rule processing has been fixed.
  • A bug that prevented importing operating system information from CrowdStrike for some Linux devices has been fixed.
  • A bug where scanning of some Lexmark printers interfered with the printer’s job queue has been fixed.
  • Fingerprint improvements.

2.9.7

2022-01-10

  • The scanner now supports configuration of reverse DNS timeouts and the SSH username.
  • Scan tags can now be provided for scan import tasks.
  • The closedPortsMap field has been removed from JSON exports.
  • CrowdStrike connector tasks now move preexisting CrowdStrike-sourced assets into matching scanned assets across sites.
  • A bug where task progress (on hover) could exceed 100% has been fixed.
  • A bug that caused the Azure integration to occasionally skip public IPs has been fixed.
  • A bug that caused a CrowdStrike connector task to send an API request exceeding length limits in specific instances has been fixed.
  • Fingerprint improvements.

2.9.6

2021-12-23

  • A bug that could lead to some events being processed incorrectly has been resolved.
  • Event templates now truncate results correctly.

2.9.5

2021-12-22

  • A scan engine bug that could lead to an “invalid exclusions” error has been resolved.

2.9.4

2021-12-21

  • The Query search now supports result count selection and remembers the setting between views.
  • The scan engine now correctly excludes broadcast addresses from the scan scope.
  • The Azure connector now ignores canceled subscriptions automatically.
  • The hostname selection logic has been improved for Canon printers.
  • The Explorer service now starts up slightly faster on Windows.
  • The Censys AVRO importer is now 4 to 8 times faster.
  • Fingerprint improvements.

2.9.3

2021-12-15

  • The CrowdStrike integration has been updated to improve correlation with existing assets.

2.9.2

2021-12-13

  • A bug that prevented some AWS organizations from working with STS AssumeRole has been fixed.
  • A bug that persisted service products after asset changes has been fixed.
  • A bug that hid the Task Change Report has been fixed.
  • Improved product detection for Logstash and Neo4J.
  • Fingerprint improvements.

2.9.1

2021-12-08

  • The CrowdStrike integration now uses the Scroll API to better support large organizations.

2.9.0

2021-12-06

This release is a roll-up of the 2.8.x updates in addition to the following changes.

  • The new Site Comparison report shows differences in assets between two sites, which can be in different organizations.
  • The team page now supports bulk user import and bulk permission management.
  • The layer 2 topology report has been updated with a search filter, site filter, and visual improvements.
  • The network bridges report has been updated with a site filter and visual improvements.
  • A bug that caused the has_public search filter to flag certain IPv6 addresses has been fixed.
  • A bug that caused project deletion to create new, blank organizations has been fixed.
  • A bug that caused Censys imports to mark other assets as offline has been fixed.
  • The bundled npcap version has been upgraded to 1.60.
  • Fingerprint improvements.

2.8.14

2021-12-03

  • A bug that prevented scans from running when non-loopback 127.x networks were present has been fixed.

2.8.13

2021-11-24

  • A regression in the TLS version enumeration has been fixed.
  • Teredo addresses are no longer considered public IPs.
  • Improved detection of Chromebooks and ChromeOS.
  • Fingerprint improvements.

2.8.12

2021-11-21

  • The self-hosted platform now supports internal proxies for external API connections.
  • The self-hosted platform now supports internal webhook destinations for alerts.

2.8.11

2021-11-19

  • The annotator role is now available.
  • Fingerprint improvements.

2.8.10

2021-11-18

  • A bug that prevented the Azure connector from working in self-hosted mode has been resolved.
  • The last hop calculation for the TCP traceroute is now more accurate.
  • Fingerprint improvements.

2.8.9

2021-11-16

  • Credentials can now be configured for single IP addresses and IP ranges in addition to CIDRs.
  • The scan engine now performs a light traceroute when an open TCP port is found.
  • The scan engine now tests for IP forwarding during scans of link-local targets.
  • The scan engine now includes Rumble/2 in HTTP user-agent strings.
  • The scan engine now limits ARP traffic to the Max Host Rate.
  • The OS EOL date for Windows Server 2019 (1809) has been updated.
  • Fingerprint improvements.

2.8.8

2021-11-12

  • The self-hosted platform now supports custom CSP headers to support external resources.
  • Tags with the case-insensitive key of “name” are now treated as additional hostnames.
  • Tags containing spaces are now consistently handled by conversion to underscore.
  • Meraki DNS interception is now ignored in a wider variety of configurations.
  • The CrowdStrike integration now tracks the last 10 recent logins per asset.
  • A regression in the Apple macOS end of life calculation has been fixed.
  • A few missing icons have been restored to the inventory view.
  • A panic in the FreeBSD scan processing chain has been fixed.
  • Direct print services on 9002 are no longer fingerprinted.
  • TLS versions are now consistently formatted.
  • Fingerprint improvements.

2.8.7

2021-11-07

  • A bug that caused daily scans to be scheduled incorrectly in UTC forward time zones has been resolved.
  • The self-hosted platform now respects proxy settings for external data sources (CrowdStrike, etc.).
  • Improved tvOS and Crestron fingerprints.
  • Additional UPnP fingerprints.

2.8.6

2021-11-06

  • Improved tvOS, homepodOS, and bridgeOS fingerprints.

2.8.5

2021-11-06

  • The self-hosted installer now supports manual database configuration.
  • The self-hosted platform now includes a database verify subcommand.
  • Improved iOS device identification.
  • Fingerprint improvements.

2.8.4

2021-11-05

  • The VMware probe now handles vCenter instances configured with multiple datacenters.
  • A race condition that could lead to Explorer updates mid-scan has been resolved.
  • The RDP TLS fingerprint will no longer break matching during asset correlation.
  • Stopped scans now indicate which user stopped them in the error message.
  • Active probes are now disable for some Lantronix and Rockwell PLC ports.
  • Fingerprint improvements.

2.8.3

2021-11-04

  • SAML SSO now specifies that the required NameID Format is unspecified, for Azure AD compatibility.
  • S3 storage operations which fail are retried.
  • A bug in Azure credential validation is fixed.
  • Additional detail has been added to the field help on the scan form.

2.8.2

2021-11-02

  • Recurring tasks no longer schedule jobs when the previous job is still queued.
  • A bug that caused VMware-based OS detection to fail has been resolved.
  • Fingerprint improvements.

2.8.1

2021-11-02

  • A bug that caused out-of-scope assets to be marked as offline during scans has been resolved.

2.8.0

2021-11-01

This release is a roll-up of the 2.7.x updates in addition to the following changes.

  • Support for Censys Search API and Censys Data imports (Enterprise).
  • Fingerprint improvements.

2.7.11

2021-10-27

  • An issue with Windows Explorer updates has been resolved.

2.7.10

2021-10-24

  • An issue with restrictive umasks on the self-hosted platform has been resolved.
  • Support for VMware vCenter/ESXi virtual machine discovery (Enterprise).
  • Asset merging from third-party data sources has been improved.
  • TLS fingerprints are now reported as SHA256 hashes (base64).
  • Credentials for SNMP v2/v3 and VMware can be managed globally.
  • Serial numbers from A10 devices are now collected via SNMP.
  • The SNMP v3 probe now supports multiple credentials.
  • Scan configuration now has a Credentials tab.
  • Detailed task logs can be downloaded.
  • Light UX improvements and bug fixes.
  • Fingerprint improvements.

2.7.9

2021-10-21

  • A permissions issue with the self-hosted platform has been resolved.

2.7.8

2021-10-15

  • The runZero Explorer on Windows now explicitly sets the service to automatic start.
  • RFC 1918 scans can be launched from the main Scan menu.
  • Fingerprint improvements.

2.7.7

2021-10-15

  • Credential validation issues with Azure now log detailed errors.
  • The self-hosted platform now supports Debian 9.
  • Fingerprint improvements.

2.7.6

2021-10-13

  • A bug that led to an application error during Azure connector configuration has been resolved.
  • Fingerprint improvements.

2.7.5

2021-10-13

  • A bug that prevented certain AWS and Azure assets from being imported has been resolved.
  • Fingerprint improvements.

2.7.4

2021-10-08

  • The self-hosted platform now supports Oracle Linux 7 and 8.
  • Fingerprint improvements.

2.7.3

2021-10-07

  • The AWS integration is now much faster for large numbers of accounts.

2.7.2

2021-10-06

  • A bug that made it difficult to update existing Azure tasks has been resolved.

2.7.1

2021-10-05

  • A bug that prevented the date picker from showing arrow icons has been resolved.
  • A bug that made it difficult to update existing AWS tasks has been resolved.
  • The sidebar is now collapsible using the chevron icon at the top.
  • The “Processing” link states are now handled more consistently.

2.7.0

2021-10-05

This release is a roll-up of the 2.6.x updates in addition to the following changes.

Integrations

  • The Azure VM connector now supports multi-subscription and multi-directory access.
  • The AWS EC2 connector now supports ELB load balancers as importable assets.
  • Connector credentials are now automatically validated on save.
  • The Splunk add-on now supports self-hosted console endpoints.
  • The Splunk add-on now optionally imports asset services.
  • The Splunk add-on has been updated to use jQuery 3.5.0.
  • CrowdStrike asset merging has been improved.

Self-hosting

  • The self-hosted installer now includes the Explorer and scanner binaries.
  • The self-hosted console now supports detailed TLS configuration.
  • The self-hosted console now runs as an isolated subprocess.
  • The self-hosted console no longer enforces API rate limits.

User experience

  • Asset and service trends are now shown on the dashboard.
  • The Scan configuration view has been overhauled and simplified.
  • Imported scans are now tracked for the RFC 1918 coverage report.
  • The Services inventory now supports new address-related search keywords.
  • The Assets and Services inventory now support wildcard searches of hostnames with anchored patterns.
  • The Screenshot inventory is now faster and shows the correct total count.
  • A bug in the RFC 1918 coverage report that could lead to skipped IPs was fixed.

Authentication

  • Users with standard accounts that authenticate using SSO are now converted into SSO-only accounts.
  • SSO is supported for multiple domains using IdP or SP initiated authentication.
  • The MFA challenge now provides a Retry button for browsers that require user interaction (Safari).
  • The MFA enrollment now supports token or platform authentication mode as separate options.
  • Admin users can now set the first and last names of other users.
  • The Explorers, scanners, MSI wrapper, and verifier are now signed using a new EV certificate.

Scanner and fingerprinting

  • Subnet ping and host ping are now included in the Professional tier.
  • OS EOL tracking is now enabled for Windows 10 and APC firmware.
  • Windows 10 and Server 2019 OS versions are now tracked by range.
  • The Explorer and CLI scanner now detect and report an error when run within the WSL/WSL2 environments.
  • The CLI scanner upgrade now supports the –force option.
  • The scan engine now detects Bitdefender remotely.
  • A regression in the ARP probe on newer Windows builds has been resolved.
  • Fingerprint improvements

2.6.4

2021-09-16

  • The scan engine now detects Azure’s OMI WSMAN implementation.
  • Fingerprint improvements.

2.6.3

2021-09-16

  • The scan engine now detects WSMAN, ADB, and InfluxDB services.
  • Fingerprint improvements.

2.6.2

2021-09-14

  • A regression in SMB v1 detection has been resolved.
  • Fingerprint improvements.

2.6.1

2021-09-08

  • A bug that prevented some Azure VMs from being imported has been fixed.

2.6.0

2021-09-07

  • Rumble Enterprise customers can now sync virtual machine inventory from the Microsoft Azure cloud.
  • The CrowdStrike connector has been overhauled to improve asset merging and avoid duplicates.
  • OS end-of-life dates for Windows, macOS, Ubuntu, Debian, and iLO assets are now tracked.
  • The self-hosted version of Rumble now supports offline mode & offline updates.
  • The self-hosted version of Rumble now supports RHEL 7 in offline mode.
  • The scan engine now surfaces NFS exports via discovered mountd services.
  • The scan engine now returns details for discovered PPTP services.
  • The dashboard loads faster for large organizations.
  • The UI now includes new, custom icons.
  • Fingerprint improvements.

2.5.8

2021-08-30

  • Stale asset expiration now applies to third-party sourced assets.
  • The scan engine now reports PPTP services.
  • Fingerprint improvements.

2.5.7

2021-08-27

  • The CrowdStrike connector has been overhauled to improve merging and avoid duplicates.
  • The scan engine now reports NFS exports.
  • Fingerprint improvements.

2.5.6

2021-08-23

  • The scan engine now implements the Cisco layer 2 traceroute protocol thanks to Chris Marget’s cisco-l2t project.
  • TCP port 1720 is no longer included in the defaults. This may be re-enabled once H.323 is fully implemented.
  • The scan engine now handles mangled SNMP responses better.
  • The HTTP/2 protocol is now reported at the asset level.
  • Fingerprint improvements.

2.5.5

2021-08-19

  • A regression in the service attribute report has been fixed.
  • The scan engine now reports additional SSH attributes.

2.5.4

2021-08-19

  • The Explorer and scanner now support the Windows arm64 platform.
  • A scan engine hang in the DCERPC probe has been resolved.
  • Fingerprint improvements

2.5.3

2021-08-18

  • Third-party data source attributes are now included in all exports.
  • Third-party attributes now use the @source.type syntax for search.
  • The Merge feature in the asset inventory is now more consistent.
  • Large target exclusion lists are now supported for sites and scans.
  • Unresolvable hostname excludes are now ignored automatically.
  • The scan engine now records more information from McAfee ePO agents.
  • Fingerprint improvements

2.5.2

2021-08-12

  • Automatic queries are now available to Professional users as well as Enterprise.
  • A bug that led to some Windows desktops having the wrong type has been fixed.
  • CrowdStrike assets are now matched more accurately against Rumble assets.
  • The scanner now skips active protocol detection on port 9999.
  • Fingerprint improvements

2.5.1

2021-08-05

  • The default TCP port list now includes more SolarWinds products as well as port 7676 for JMS/IMBroker.
  • The estimated runtime for scans now takes into account the TCP port list (and excludes).
  • Juniper switch fingerprinting now uses a Juniper-specific OID instead of sysDesc.
  • Additional bogus SIP ALG services are now ignored by the runZero scanner.
  • A bug that prevented offline-agent events from being generated in certain situations has been resolved.
  • A bug that could result in Explorers not reconnecting properly after an update has been resolved.
  • A bug that showed an incorrect bandwidth calculation in the task view has been resolved.
  • A bug that led to an error on CSV export with mixed-source assets has been resolved.
  • Fingerprint improvements.

2.5.0

2021-08-03

  • Rumble Enterprise customers can now sync AWS EC2 assets across accounts using STS roles.
  • Rumble Enterprise customers can now sync asset data from the CrowdStrike Falcon API.
  • The scan engine now better differentiates between Windows workstation and server variants.
  • The scan engine now detects various asset attributes and services using DCERPC.
  • The scan engine now detects multi-homed assets using DCERPC.
  • The dashboard can now show stats across all sites or just a specific site.
  • The new Unmapped MAC report highlights unscanned assets by switch port.
  • The Reports page has been improved with a new layout and inline search.
  • The Queries tab has been moved to a new navigation item.
  • Fingerprint improvements.

2.4.4

2021-07-26

  • The superuser role is now available as a default permission for SSO users.
  • The scan engine now gathers data from the Windows DCERPC endpoint mapper.
  • Fingerprint improvements.

2.4.3

2021-07-18

  • Fingerprint improvements.

2.4.2

2021-07-14

  • Limited layer-2 topology graphs derived from ARP data are now available for environments using Fortinet switches.
  • The Topology and Network Bridges graphs can now be exported as PNG images.

2.4.1

2021-07-13

  • This build fixes a bug in the Go runtime that could allow a remote attacker to cause a recoverable panic in the Rumble services and scan engine (CVE-2021-34558).

2.4.0

2021-07-13

  • Rumble Enterprise customers can now sync asset data from Amazon Web Services EC2 and Miradore MDM data sources.
  • Rumble Enterprise customers can now self-host the platform on RHEL and CentOS distributions.
  • Credentials are now managed at the account level with per-organization access.
  • The Rumble self-hosted CLI offers new features and a better user experience.
  • Fingerprint improvements.

2.3.5

2021-07-04

  • A bug that prevented Explorer upgrades and scan stop requests from processing while a scan was active has been fixed.
  • A bug that led to the subnet ping mode missing subnets during large scans cases has been fixed.
  • A bug that led to an Explorer showing as offline unexpectedly has been fixed.
  • Fingerprint improvements.

2.3.4

2021-06-26

  • A regression in the Screenshots inventory tab has been fixed.
  • Fingerprint improvements.

2.3.3

2021-06-24

  • Tabs, fonts, and styles have seen a light update.
  • A number of small UX bugs were addressed.
  • Fingerprint improvements.

2.3.2

2021-06-16

  • The RFC 1918 coverage report now supports a starting date that can be used to exclude older scans.
  • The Your team page is now searchable, sortable, and supports bulk user actions.
  • Fingerprint improvements.

2.3.1

2021-06-09

  • A bug that prevented single-organization users from viewing sites and tasks has been fixed.
  • A bug that led to offline assets not actually being marked as offline has been fixed.
  • A bug that could prevent full enumeration of Cisco Catalyst switches has been fixed.
  • Fingerprint improvements.

2.3.0

2021-06-08

  • The new RFC 1918 coverage report highlights unscanned address space and hinted ranges.
  • SNMP v3 enumeration of Cisco Catalyst switches now handles per-vlan port mappings.
  • Fingerprint improvements.

2.2.5

2021-05-29

  • Tags are now always displayed with = instead of : to match the search engine syntax.
  • The Subnet Ping and Host Ping modes are now more reliable on large scans.
  • Fingerprint improvements.

2.2.4

2021-05-26

  • A bug that led to a stack trace in the rumblectl command for self-hosted mode has been fixed.
  • Fingerprint improvements.

2.2.3

2021-05-17

  • The self-hosted platform now removes older scanner/Explorer binaries during updates.
  • The scan engine now pulls layer-2 information from Force-10 switches.
  • The scan engine now ignores CheckPoint SMTP and SIP interception.
  • The scan engine now extracts hostnames from Zyxel switches.
  • An invalid fingerprint for Cisco IP phones has been fixed.
  • Multiple notifications can now trigger from a single event.
  • Agent fields are now included in the scan-started event.
  • Fingerprint improvements.

2.2.2

2021-05-16

  • The scan engine now extracts additional information from Zyxel switches.
  • The Explorers page now supports sorting, searching, and tagging.
  • Fingerprint improvements.

2.2.1

2021-05-14

  • The scan confirmation dialog now warns when a mix of public and private IPs are in the scope.
  • The SNMP v3 probe now supports sha224, sha256, sha384, and sha512 authentication.
  • The SNMP v3 probe now supports aes192, aes256, aes192c, and aes256c encryption.
  • The self-hosted platform now includes a CLI to manage user accounts.
  • Fingerprint improvements.

2.2.0

2021-05-11

Rumble 2.2.0 is a roll-up of previous 2.1.x releases along with some additional changes and features.

Web console

  • Enterprise customers can now export an HP iLO report which includes serial numbers, physical hardware information, and other fields useful for warranty tracking and server inventory.
  • Virtual machines now indicate the virtualization vendor in the asset hardware field and can be searched and filtered by vendor.
  • Virtual machines are now labeled with an icon in the asset view, and router icons are displayed with the other icons.
  • Virtual machine and legacy MAC prefixes are no longer used for age calculation, as they gave inaccurate results.
  • A new report for virtual machine vendors has been added.
  • Vendors in the NDAA Section 889 report have been expanded to include Aztech and subsidiaries.
  • The Name tag can be used to set a preferred hostname for any asset.
  • Tags in inventory views can now be clicked to search the inventory.
  • The alert notification templates can now include information about the name and internal IP address of the Explorer which carried out a scan.
  • The alert rules list now shows which rules are currently enabled.
  • Confirmation dialogs now require a typed response for destructive actions.
  • Page layout has been improved for browser window widths between 920 and 1200 pixels.
  • If a scan results in too many changes to list in the task report, the report now explains this.
  • Progress bars now use standard meter elements for smoother updating and better accessibility.
  • Icons and screenshots are now lazy-loaded to speed up initial page rendering.
  • Task duration is now rounded up to the nearest minute.

Explorer and scan engine

  • A better hostname is chosen for each asset by default.
  • VLANs are now tracked on each asset where possible.
  • Minecraft servers are now identified on the network.
  • HP iLO scans now return additional information.
  • Virtual machine hardware is reported if a better fingerprint is not available.
  • Pulse Secure VPN devices running newer firmware are now identified correctly.
  • Additional CA roots can be set via the RUMBLE_TLS_ADDITIONAL_ROOTCA variable.
  • Fingerprint improvements.

Self-hosted platform

  • Self-hosted installations now sync license changes during updates.
  • Email validation is relaxed for the self-hosted platform.
  • Install instructions now use curl instead of wget for improved robustness.

Bug fixes

  • The last seen date for assets is now only updated when they have at least one open port and are therefore “alive”.
  • The estimated scan times in recurring task exports are now accurate when default ports are used.
  • A problem with password reset requests for accounts with no last name has been resolved.
  • A possible scan stall issue caused by endpoint software on macOS has been resolved.
  • A memory and CPU leak in the runZero Explorer has been resolved.
  • User name validation now works correctly when editing user preferences.
  • An issue with user invitations for SSO accounts has been resolved

2.1.7

2021-05-03

  • The web console now includes a new HP iLO CSV export for warranty tracking (Enterprise).
  • Virtual machine and legacy MAC address prefixes are no longer used for age calculation.
  • Self-hosted installations now sync license changes during updates.
  • Virtual machines are now represented in the asset HW field.
  • VLANs are now tracked on each asset, where possible.
  • Tags are now clickable and lead to inventory searches.
  • Fingerprint improvements.

2.1.6

2021-04-28

  • Rumble Scans on macOS no longer stall when ICMP scans are blocked by endpoint software.
  • The web console now better supports browser widths between 920 and 1200 pixels.
  • An issue with user invitations from an SSO account has been resolved.

2.1.5

2021-04-27

  • The runZero Explorer and runZero Scanner now collect additional information from HP iLO nodes.
  • Fingerprint improvements.

2.1.4

2021-04-26

  • A memory and goroutine leak in the the runZero Explorer and runZero Scanner has been fixed.
  • Fingerprint improvements.

2.1.3

2021-04-23

  • The runZero Explorer and runZero Scanner now avoid probes on vendor-specific SunRPC services.
  • The latest firmware of Pulse Secure VPNs is now fingerprinted correctly again.
  • An issue with the confirmation dialogs on Chrome has been resolved.
  • The dashboard now defines next steps for new organizations.
  • The bundled npcap version has been upgraded to 1.31.
  • Fingerprint improvements.

2.1.2

2021-04-19

  • The runZero Explorer and runZero Scanner now detect the Minecraft service.
  • Confirmation dialogs now require a typed response for permanent actions.
  • Small bugs have been fixed in the default notification templates.
  • Fingerprint improvements.

2.1.1

2021-04-14

  • This update disables automatic npcap upgrades while we investigate a stall issue.

2.1.0

2021-04-13

Rumble 2.1.0 is a roll-up of previous 2.0.x releases along with some additional changes and features.

Web console

  • Custom notification templates are now available and can be configured as Text, HTML, and JSON formats.
  • Webhook notification channels can now include arbitrary HTTP headers for authentication.
  • Tasks can now be exported as CSV and JSON from the Recurring and Search tabs of the task view.
  • Tags be removed in bulk by specifying -tag in the inventory Tag dialog.
  • Asset CSV bulk imports now ignore cases where there are extra fields.
  • Specific TCP ports can now be excluded from the scan configuration.
  • User invitation links can now be copied to the clipboard.
  • UX tooltips are now easier to read across all platforms.
  • Alert management is no longer organization-specific.
  • Exports with complex queries are now much faster.

Integrations

  • Device serial numbers can now be exported in Cisco Smart Net Total Care format for warranty checks.
  • The Splunk add-on now supports proxy server configuration in version 1.0.11.

Explorer

  • The Explorer now rejects scans tasks when there is not enough free disk space for the scan results.
  • The Explorer now falls back to the install directory for temporary files if needed.
  • The Explorer now tries to upgrade the npcap driver automatically on Windows.

Scanner

  • AWS EC2 metadata is used to enrich scan results if the ec2:DescribeInstances permission is available.
  • SNMP v2 enumeration of ports and vlan membership now uses community indexing automatically.
  • Chromium installations using Snap packages are no longer used for web screenshots.
  • An overly aggressive mDNS fingerprint for LG webOS has been fixed.
  • EC2 instances now report the instance type as the hardware field.
  • Additional bogus SIP helper responses are now ignored.
  • LPD fingerprinting is now limited to a status request.
  • Fingerprint improvements.

Events

  • A single event will only trigger a single notification per unique notification channel.
  • The agent-removed event is now generated for all web console agent removal actions.
  • The offline-agent event no longer includes recently removed or forgotten agents.
  • The task-failed event now includes the full organization and site name in the details.
  • The task-failed event is now generated for agent restarts and timeouts.

Self-hosted platform

  • SMTP configuration now supports additional TLS settings.
  • SMTP errors are now logged to syslog correctly.
  • Initial auto configuration is more complete.

2.0.14

2021-04-06

  • The runZero Explorer and runZero Scanner will now gather AWS EC2 instance metadata where possible.
  • Fingerprint improvements.

2.0.13

2021-04-05

  • The runZero Explorer will now fallback to the install directory for temporary files.
  • Fingerprint improvements.

2.0.12

2021-04-03

  • Exports are now faster across the board, with major speedups for those using deep search queries.
  • The Rumble Verifier has been updated and now supports 2.x macOS binaries.
  • Various bugs related to the new tooltip implementation have been resolved.
  • Chromium will no longer be used for screenshots when installed via Snap.
  • Additional bogus SIP helper responses are now automatically ignored.
  • Self-hosted installs now log SMTP-related errors.
  • Fingerprint improvements.

2.0.11

2021-04-01

  • Fingerprint improvements.

2.0.10

2021-03-30

  • The runZero Explorer and runZero Scanner now collect additional Cisco-specific SNMP OIDs.
  • The Cisco Serial Number export is now available for all licensed clients.
  • Fingerprint improvements.

2.0.9

2021-03-30

  • The runZero Explorer and runZero Scanner no longer stall in a rare case when enumerating SNMP endpoints.
  • Fingerprint improvements.

2.0.8

2021-03-29

  • The runZero Explorer now automatically cleans temporary files left by interrupted scans.
  • The runZero Explorer now prepends “rumble-” to all temporary files.

2.0.7

2021-03-28

  • The runZero Explorer out of disk space error has been improved for legibility.

2.0.6

2021-03-28

  • The runZero Explorer now performs a disk space check before running a new scan.
  • The runZero Explorer now reports disk related errors more reliably.
  • Asset CSV imports are now accepted where the records have extra fields.
  • Fingerprint improvements.

2.0.5

2021-03-26

  • The runZero Explorer and runZero Scanner now better support enumeration of Catalyst switches.
  • Administrators can copy the invite link for direct sharing with team members.
  • Issues with image links on the self-hosted version have been resolved.

2.0.4

2021-03-26

  • The runZero Explorer and runZero Scanner now handle the LPD protocol more carefully.
  • Fingerprint improvements.

2.0.3

2021-03-23

  • The runZero Explorer no longer reports an intermittent “no child processes” message on installation.
  • The runZero Explorer and runZero Scanner now always return wireless results when iwlist is present.
  • The web console now generates agent-removed events for each agent, including for bulk actions.
  • The web console now generates task-failed events for agent restarts and timeouts.

2.0.2

2021-03-21

  • The runZero Explorer now logs connectivity issues with the websocket protocol in more detail.
  • The self-hosted Rumble platform now supports better automatic configuration.
  • Fingerprint improvements.

2.0.1

2021-03-20

  • A bug that resulted in deleted event rules being processed has been resolved.
  • A bug that could lead to scan stalls in Subnet Ping mode has been resolved.
  • Fingerprint improvements.

2.0.0

2021-03-16

Rumble 2.0 is a roll-up of the 1.16.x releases, along with the following changes:

Web console

  • The new Rules Engine supports advanced alerts and automated asset updates.
  • Organization-level Alerts are now managed at the global level.
  • The Explore menu item has been renamed to Reports.
  • The interface received light cosmetic updates.

Deployment

  • runZero Explorers are now runZero Explorers to better indicate their function.
  • runZero Explorers and runZero Scanners moved to the Deploy menu.
  • Self-hosting of the full platform is now available.

REST API

  • The Account API now provides organization, user, and event management.
  • Support for ServiceNow ® ITOM integration via three new API endpoints.

Scan engine

  • Microsoft Exchange and Outlook Web Access detection has improved.
  • A stall bug in the subnet and host ping modes has been fixed.
  • The number of bogus results ignored is now reported.
  • The npcap driver has been upgraded to v1.20.
  • Fingerprint improvements.

1.16.6

2021-03-06

  • Layer-2 topology reports now display the best matching port and not all ports where an asset was seen.
  • The runZero Explorer and runZero Scanner now handle subnet and host ping modes faster and more accurately.
  • The runZero Scanner now processes gzip-compressed imports faster.
  • Fingerprint improvements.

1.16.5

2021-02-27

  • Assets that were previously identified with through a TCP RST, but otherwise had no services, have been removed from the platform.
  • The runZero Explorer and runZero Scanner now collect more data about exposed SSH authentication methods.
  • A regression related to asset tracking based on the TCP/IP fingerprint has been resolved.
  • Fingerprint improvements.

1.16.4

2021-02-26

  • The Rumble scan engine now ignores assets where all TCP ports are closed and no other services are available. This reduces the reporting of bogus hosts when scanning through certain firewalls.
  • The task summary and task details now report how many assets were ignored due to having no valid services. This highlights how much network interference may be present.
  • The macOS binaries have moved to a new code signing process. Agents for macOS that have been offline for some time may require a manual update.
  • The live asset count and project asset count was calculated incorrectly for users with deleted organizations. This has been corrected.
  • Search queries that contained string matches against <% and %> now work as expected.
  • Fingerprint improvements.

1.16.3

2021-02-25

  • Fingerprint improvements.

1.16.2

2021-02-24

  • runZero Explorers can now have tags applied in the per-agent settings page.
  • Events are now regularly generated for offline agents.
  • Fingerprint improvements.

1.16.1

2021-02-21

  • The Rumble scan engine now supports a maximum TTL for all scan traffic.
  • The Rumble scan engine now supports subnet ping and host ping modes.
  • The Rumble scan engine now distributes scan traffic more evenly across subnets.
  • The Rumble scan engine now reports and tracks closed TCP ports.
  • The Rumble scan engine now reports additional ICMP fields.
  • The Rumble scan engine now auto-scales the group size.
  • Apple macOS is now partially supported on ARM systems.
  • Fingerprint improvements.

1.16.0

2021-02-09

  • This includes a roll-up of all 1.15.x point releases.
  • VMware ESXi versions are now reported correctly.
  • Fingerprint improvements.

1.15.6

2021-01-31

  • The Inventory Search, Exports, and Reports are now significantly faster for large organizations.
  • Fingerprint improvements.

1.15.5

2021-01-28

  • The Agents page will now flag any Windows Agents with an obsolete version of Npcap installed.
  • Fingerprint improvements.

1.15.4

2021-01-26

  • Fingerprint improvements.

1.15.3

2021-01-23

  • The runZero Scanner and runZero Explorer now gather serial numbers from SNMP devices.
  • The 169.254.0.0/16 subnet is no longer ignored when processing scan results.
  • The runZero Scanner and runZero Explorer now detect the TeamViewer protocol.
  • Partial site scans now consider ARP cache data from the entire site.
  • The runZero Scanner now supports importing gzip-compressed scan data.
  • The runZero Scanner and runZero Explorer now detect the CheckMK service.
  • Fingerprint improvements.

1.15.2

2021-01-19

  • The dashboard now links to the top 5,000 results for asset types and service details.
  • Rumble-provided queries can now be saved as per-account copies and modified.
  • Partial site scans will now use ARP cache entries from the rest of the site.
  • Fingerprint improvements.

1.15.1

2021-01-16

  • This resolves an issue with the Crestron probe that could cause concurrent scans on the same agent to hang.
  • Fingerprint improvements.

1.15.0

2021-01-12

  • This is a roll-up of all 1.14.x point releases.
  • Fingerprint improvements.

1.14.9

2021-01-10

  • The runZero Explorer and runZero Scanner now support the Crestron discovery protocol.
  • The runZero Explorer and runZero Scanner now capture TLS fields from PostgreSQL services.
  • Fingerprint improvements.

1.14.8

2021-01-06

  • runZero Explorer proxy usage has been improved to handle additional corner cases.
  • Fingerprint improvements.

1.14.7

2021-01-05

  • runZero Explorer and runZero Scanner updates now use any proxies configured in the environment.
  • Web screenshots now ignore any proxies configured in the environment.
  • Fingerprint improvements.

1.14.6

2021-01-04

  • A minor memory leak in the runZero Explorer and runZero Scanner’s HTTP2 probe has been resolved.
  • Web screenshots now ignore any proxy configured for the runZero Explorer communication.
  • Web screenshots no longer leave zombies in additional environments.
  • Fingerprint improvements.

1.14.5

2020-12-28

  • A memory leak in the runZero Explorer and runZero Scanner has been resolved.
  • Web screenshots no longer leave zombies in environments without init.
  • Fingerprint improvements.

1.14.4

2020-12-24

  • Services with empty virtual hosts will be consolidated into the first non-empty virtual host service where applicable.
  • Subtasks created by a recurring scan will now carry the “defaults” parameters forward.
  • Fingerprint improvements.

1.14.3

2020-12-19

  • A memory leak in the runZero Explorer and runZero Scanner has been resolved.

1.14.2

2020-12-17

  • The runZero Explorer and runZero Scanner runtime has been upgraded.
  • The runZero Explorer and runZero Scanner now use npcap 1.10.
  • The site scan API now handles custom probe configurations.
  • The task stop API documentation has been updated.
  • Fingerprint improvements.

1.14.1

2020-12-14

  • Agents can now be automatically assigned to their connected sites from the Manage menu.
  • Scan tasks configured through the API now handle the probes parameter correctly.
  • PAN-OS virtual MACs are now ignored for asset correlation.
  • Scan task parameters are now consistently normalized.
  • Fingerprint improvements.

1.14.0

2020-12-08

  • SNMP System Description fingerprints now take precedence over SSH-based OS matches.
  • Fingerprint improvements.

1.13.11

2020-12-02

  • A bug that caused certain API calls to return a 500 instead of a 400 error when called with a non-JSON content type has been resolved.
  • Bogus services caused by captive portals, honeypots, and certain firewalls are now automatically ignored.
  • Fingerprint improvements.

1.13.10

2020-12-01

  • Agent to cloud communication is now limited to the console.rumble.run hostname.
  • The breadcrumbs are now navigable across the product user interface.
  • Fingerprint improvements.

1.13.9

2020-11-25

  • Inventory search boxes now have autocompletion for search keywords (name:, hardware: and so on). Completion can be triggered via keyboard (tab, enter) or mouse.
  • The documentation for search queries has been updated and cleaned up.
  • Tag editing dialogs now autocomplete from your top 50 most used tags.
  • Some search keywords have been updated to be more consistent.

1.13.8

2020-11-23

  • Fingerprint improvements.

1.13.7

2020-11-20

  • The fingerprinting engine was updated to support more precise device detection.
  • Support for new mDNS fingerprints, including M1-based Apple devices.
  • Various security fixes to address findings from an ongoing audit.
  • Fingerprint improvements.

1.13.6

2020-11-19

  • The task details page now shows the scan speed in the upper left section.
  • Fingerprint improvements.

1.13.5

2020-11-13

  • The runZero Explorer and Scanner have been updated to work with macOS Big Sur.

1.13.4

2020-11-12

  • The runZero Explorer, Scanner, and Console now use the latest Go runtime.
  • Fingerprint improvements.

1.13.3

2020-11-10

  • Assets with both SMB v1 and v2 enabled are now fingerprinted more consistently.
  • The BACnet probe now supports multiple ports per scan.
  • Fingerprint improvements.

1.13.2

2020-11-08

  • Session and login timeouts can now be configured from the Account Settings page.
  • The Subnet Grid report is now faster and supports RTT, TTL, and Age color modes.
  • Fingerprint improvements.

1.13.1

2020-11-05

  • The new Account Settings page allows MFA to be enforced and provides the ability to block Support access.
  • Fingerprint improvements.

1.13.0

2020-11-03

  • This is a roll-up of all 1.12.x point releases.
  • Fingerprint improvements.

1.12.9

2020-10-25

  • The runZero Scanner and runZero Explorer now decompress non-negotiated gzip responses from HTTP services.
  • Fingerprint improvements.

1.12.8

2020-10-25

  • The Subnet Utilization report now sorts networks by density more accurately.
  • The Subnet Grid report is now slightly faster with large networks.
  • Asset correlation now ignores bogus replies for SMB and RDP.
  • Fingerprint improvements.

1.12.7

2020-10-24

  • The Team page now contains a tab showing which users have access to the active organization.
  • Users with per-organization admin roles are now able to manage user accounts.
  • Fingerprint improvements.

1.12.6

2020-10-22

  • Users with the “No Access” permission are now able to manage their own account settings.
  • Users can now have a Billing role that is limited to license and entity management.

1.12.5

2020-10-21

  • Inventory searches with the haspublic keyword now handle multi-homed systems correctly.
  • Inventory searches for full and partial IPv4 addresses are now treated as host queries.
  • The Subnet Utilization percentage is now calculated correctly for sites with non-default masks.
  • Asset tags set from the Inventory page are now additive and will be merged into existing tags.
  • Asset tags are now shown on the overview page.
  • Small improvements to the Task Search page.

1.12.4

2020-10-21

  • The runZero Scanner and runZero Explorer now handle an even wider range of SNMP devices when polling the ARP cache.
  • Fingerprint improvements.

1.12.3

2020-10-20

  • The runZero Scanner and runZero Explorer now handle a wider range of SNMP devices when polling the ARP cache.
  • Fingerprint improvements.

1.12.2

2020-10-17

  • The runZero Scanner terminal UI has been cleaned up and generally improved.
  • Fingerprint improvements.

1.12.1

2020-10-15

  • The runZero Scanner and runZero Explorer now deduplicate overlapping target network ranges.
  • Fingerprint improvements.

1.12.0

2020-10-13

  • This is a roll-up of all 1.11.x point releases.

1.11.9

2020-10-11

  • The runZero Scanner can now automatically update when run with the upgrade argument.
  • The runZero Explorer can be installed via a static MSI wrapper.
  • Fingerprint improvements.

1.11.8

2020-10-04

  • The scan engine is now more consistent through the addition of UDP retries and by pre-warming the ARP cache for each target group.
  • Fingerprint improvements.

1.11.7

2020-09-28

  • The runZero Explorer and runZero Scanner now include npcap version 1.0.
  • Fingerprint improvements.

1.11.6

2020-09-23

  • Users with the the Viewer role are now restricted to the Dashboard, Inventory, Explore, and Agents screens.
  • Fingerprint improvements.

1.11.5

2020-09-21

  • A regression in the license expiration tracking of the runZero Scanner has been resolved.
  • Fingerprint improvements.

1.11.4

2020-09-18

  • Fingerprint improvements.

1.11.3

2020-09-13

  • Fingerprint improvements.

1.11.2

2020-09-11

  • Organizations can now be converted to Projects from the settings page.
  • The top-level organization navigation has been updated.

1.11.1

2020-09-09

  • Accounts with a default organization role of “user”, but a per-organization role of “none” were inadvertently prevented from accessing certain features.
  • An intermittent crash in the runZero Explorer was identified and resolved.

1.11.0

2020-09-09

  • This is a roll-up of all 1.10.x point releases.

1.10.8

2020-09-08

  • Projects are now available as temporary, self-deleting organizations. These are useful for one-off scans and exploring historical data.
  • Web screenshots now try additional Chrome locations on the Windows platform.
  • Over 10,000 new SNMP fingerprints have been added.
  • Small bugfixes and cosmetic improvements.
  • Additional Fingerprint improvements.

1.10.7

2020-09-01

  • Web screenshots now retry on timeouts and choose the best quality image automatically.
  • Web screenshots now use more concurrent Chrome processes on x86 systems, based on available memory.
  • The runZero Explorer and runZero Scanner now track CPU and memory usage across the life of a scan.
  • Fingerprint improvements.

1.10.6

2020-08-22

  • The runZero Explorer, runZero Scanner, and runZero Console now compress raw scan by default. The scan.rumble output from the scanner has been renamed to scan.rumble.gz. The web console and API can import both compressed and uncompressed versions of this data. Existing scan data will be migrated to the compressed form automatically. This change helps with bandwidth usage by agents and speeds up large imports over the network.
  • The Tasks view now links to the inventory search for each associated site.
  • The status of agent-run scans is now updated more frequently.

1.10.5

2020-08-21

  • The completed task list now shows the task runtime in the information column.
  • The task views now also link to the inventory view of each site.
  • Fingerprint improvements.

1.10.4

2020-08-17

  • A regression in the runZero Scanner that prevented API uploads from succeeding has been resolved.
  • Fingerprint improvements.

1.10.3

2020-08-14

  • Small bug fixes and dependency updates across the platform.
  • Fingerprint improvements.

1.10.2

2020-08-12

  • Site exports and imports now include the registered subnets.
  • Bulk asset updates are now possible by importing a modified CSV export from the Inventory screen.

1.10.1

2020-08-11

  • A bug that made it difficult to query subnet tags with multiple subnets per tag has been resolved.
  • Fingerprint improvements.

1.10.0

2020-08-04

  • The console user interface received a light update around colors and styles.
  • Event logs are now available in the console.
  • Fingerprint improvements.

1.9.10

2020-08-03

  • A bug that prevented Scan Tags from being shown in the Scan Configuration form has been resolved.
  • The DNS and mDNS probes now always report the protocol, even for error responses.
  • Fingerprint improvements.

1.9.9

2020-08-02

  • Site scopes now automatically convert CIDR input into registered subnets.
  • Scan tasks can now have their Scope and Excludes pinned to their associated site using the string “defaults”.
  • Scan tasks can now be pinned to the default TCP service list using the string “defaults”.
  • A bug that caused non-Windows SMB-enabled services to be identified as Windows has been resolved.
  • A bug that caused SMB v1 to be reported incorrectly as been resolved.
  • Fingerprint improvements.

1.9.8

2020-07-29

  • A bug that prevented the Delete and Merge buttons in the Service Inventory toolbar from working has been resolved.
  • A bug that led to the wrong title being shown in the FTP Service Attribute report has been resolved.
  • Fingerprint improvements.

1.9.7

2020-07-22

  • A bug that prevented the Inventory Import action from recognizing valid scan data has been resolved.
  • The runZero Explorer and runZero Scanner are now much more reliable for lossy network environments.

1.9.6

2020-07-21

  • The TCP probes have been updated to be less bursty. This resolves an issue where scans consisting of mostly HTTP services can timeout and lose valid responses.
  • The TCP fingerprinter now handles unexpected termination more gracefully. This improves the reliability of AWS ELB scans and should help with a reliability across a range of services.

1.9.5

2020-07-20

  • All paid plans now support Continuous recurring scans. These scans will run back-to-back and can simplify continuous monitoring. An agent running continuous scans will not run additional scans unless the Concurrency setting is increased beyond 1.
  • Out-of-date agents will be upgraded prior to new scans being run. For the few agents where upgrades are impossible (read-only partitions, network filters, etc), this can delay each scheduled scan by up to five minutes.

1.9.4

2020-07-18

  • The runZero Explorer and runZero Scanner now include a TLS CA root bundle to work around connectivity issues on older platforms. Bundle selection can be controlled via the environment.
  • Fingerprint improvements.

1.9.3

2020-07-16

  • The web screenshot features now tries even harder to prevent orphaned Chrome.exe processes.
  • The runZero Explorer now removes all agent-related files on uninstall.
  • runZero Explorers can now be reassigned to other organizations.

1.9.2

2020-07-12

  • The Export API now supports an optional fields parameter that determines which fields are exported in JSON/JSONL exports. The fields parameter is supported for Assets, Services, Wireless, and Sites.

1.9.1

2020-07-09

  • A bug in the scan engine that could cause scans to hang when probing unresponsive SSH daemons has been resolved.
  • A bug in the scan engine that could result in SMBv1 being reported erroneously on some NAS devices has been resolved.

1.9.0

2020-07-06

  • A bug in the TFTP probe that could lead to missing results in some cases has been fixed.
  • The SNMP probe now gathers the route table from many types of switches and routers.
  • TCP SYN scans of non-local targets now try harder when there is congestion.
  • Fingerprint matches that include a hardware version are now given priority.
  • Fingerprint matches for SSH daemons now support more platforms.
  • The permanent organization and permanent site can now be deleted/recreated.
  • The Scan Configuration page now shows a notice when input validation failed.
  • The Scan Configuration now shows SNMP parameters at the top of the form.
  • The Network Bridges report now links all external IPs to an internet cloud.
  • The Network Bridges report now uses subnet masks from Sites.
  • The Subnet Utilization report now provides a Scan link for each network.
  • The Subnet Utilization report now uses subnet masks from Sites.
  • The Subnet Grid report now handles errors more gracefully.
  • A bug that prevented some users from logging in has been resolved.
  • Search queries are now slightly faster across assets and services.

1.8.14

2020-07-02

  • Tasks are now searchable and sortable via the Search tab.
  • A regression in numerical search queries has been resolved.

1.8.13

2020-07-01

  • The Scan Configuration page now provides an estimated runtime through a confirmation dialog.
  • Trial accounts are now longer limited to scanning a /16 and may now scan a full /8.
  • The runZero Explorer now supports log configuration using the environment. See the documentation for details.
  • The runZero Explorer and runZero Scanner now collect SSH pre-auth banners and host keys.
  • Bogus service responses from Fortigate helpers on ports 80 and 8008 are now ignored.
  • Fingerprint improvements.

1.8.12

2020-06-24

  • The runZero Explorer and runZero Scanner now handle a wider range of ppp-based link types on Linux and macOS.
  • Bogus service responses from Fortigate helpers on ports 21, 25, 80, 110, 143, 8008, 8010, and 8020 are now ignored.
  • Fingerprint improvements.

1.8.11

2020-06-22

  • Bogus service responses from Cisco H.323 helpers on port 1720 are now ignored.
  • The runZero Explorer now stores additional diagnostics in the raw task data.
  • Fingerprint improvements.

1.8.10

2020-06-21

  • Bogus service responses from Fortigate SIP ALG helpers on ports 2000 and 5060 are now ignored.
  • A regression in HTTP handling with redirects and TLS+HTTP headers has been resolved.
  • Fingerprint improvements.

1.8.9

2020-06-20

  • The runZero Explorer and runZero Scanner now handle malformed HTTP responses and redirects better.
  • Fingerprint improvements.

1.8.8

2020-06-18

  • ICMP Echo probes now record the IP header information from the response (useful for Ripple20/Treck detection).
  • The Rumble favicon.ico MD5 fingerprint database has been contributed to the Recog project.

1.8.7

2020-06-16

  • The runZero Explorer and runZero Scanner now support “cooked” interface types (ppp-based VPNs).
  • The scan engine now extracts additional information from Netgear routers.
  • Fingerprint coverage for Netgear routers has been improved.

1.8.6

2020-06-15

  • Fingerprint improvements.

1.8.5

2020-06-15

  • Fingerprint improvements.

1.8.4

2020-06-15

  • Fingerprint improvements.

1.8.3

2020-06-14

  • Asset Inventory and Search Inventory performance has been improved.
  • The bundled npcap driver in the runZero Explorer and runZero Scanner for Windows has been upgraded to version 0.9994.
  • Fingerprint improvements.

1.8.2

2020-06-09

  • The runZero Scanner CSV output now includes populated UUID values.
  • The runZero Scanner now creates a standalone bridges.json file for third-party processing.
  • Fingerprint improvements.

1.8.1

2020-06-09

  • A bug that could cause agent uninstalls to crash on BSD platforms has been resolved.

1.8.0

2020-06-09

  • This release is a roll-up of the 1.7.x changes listed below.

1.7.13

2020-06-08

  • Sites now support registered subnets. Assets can be queried via the associated Site subnet tags.
  • Tags can be set with empty values and queried more precisely through the Inventory search.
  • Asset fingerprinting via favicon.ico hashes has been implemented.
  • The runZero Scanner now creates a standalone topology.json file for third-party processing.
  • Assets now store the MAC-to-IP relationship in the hidden _macs.ipmap attribute.
  • The runZero Explorer and runZero Scanner now support OpenBSD on x86 (64-bit).
  • Fingerprint improvements.

1.7.12

2020-06-05

  • This release fixes a bug that prevents the runZero Explorer from restarting automatically after an update on certain Debian-based distributions.
  • Fingerprint improvements.

1.7.11

2020-06-04

  • A reliability bug in the runZero Explorer and runZero Scanner for BSD-based platforms (macOS, FreeBSD, NetBSD, DragonFly BSD) has been resolved. This bug would manifest as missing scan results in the TCP SYN and ARP probe responses.
  • The bundled npcap driver in the runZero Explorer and runZero Scanner for Windows has been upgraded to version 0.9992.

1.7.10

2020-06-02

  • The runZero Explorer and runZero Scanner now support FreeBSD, NetBSD, and DragonFly BSD. FreeBSD and NetBSD support cover the following architectures: x86 (64-bit, 32-bit), ARM v5, ARM v6, and ARM v7. DragonFly BSD is supported on x86 (64-bit).
  • The runZero Explorer and runZero Scanner now support additional Linux architectures. These include x86 (64-bit, 32-bit), ARM v5, ARM v6, ARM v7, ARM 64-bit (aarch64), MIPS (BE/LE), MIPS64 (BE/LE), PowerPC64 (LE), and s390x (IBM Z).
  • The runZero Explorer now runs in standalone mode when no supported services backend is detected.
  • The runZero Explorer now supports automatic updates in standalone mode on non-Windows platforms.
  • The runZero Explorer binary now supports command-line flags (-h, -v, -l) and displays usage.

1.7.9

2020-05-27

  • MAC address fingerprints are now live. The initial set includes fingerprints for devices manufactured by Amazon, Google, Honeywell, August, SimpliSafe, TRENDnet, FLIR, Microsoft, Belkin, Meross, LG, Logitech, Hunter, Lutron, Orbit, Arlo, Panasonic, Sony, Vizio, Chameleon, iRobot, SharkNinja, Netatmo, Nintendo, HP, Intel, Lenovo, Dell, and PC Engines. MAC fingerprints are used as a fallback when more precise fingerprinting is not available.
  • Microsoft SQL Server versions obtained from the network are now mapped to specific releases and patch levels, enabling queries that look for end-of-life versions and missing patches.
  • Chromecast devices now return additional service attributes, including information about the wireless network that they are connected to. Fingerprinting of older Chromecast models (Gen 1) has been improved. MAC addresses and additional IP addresses from the Chromecast web endpoint is now applied to the asset.
  • MySQL and MariaDB version detection now also applies the appropriate OS fingerprint, if known.
  • HTTP services that return JSON responses now camelCase the attribute names and support a wider range of data types. This impacts JSON-based HTTP interfaces such as ElasticSearch and Riak HTTP.
  • OS and Hardware matching is more precise after adjustments were made to the weighting and priorities. The most precise and most confident fingerprint should always be chosen going forward.
  • The confidence of the OS match is now reported as the asset-level match.score attribute. This may be renamed to match.os.score in the future as we accommodate more granular hardware weights.
  • NTLMSSP-based OS matching now disqualifies systems that are obviously not Windows (BSD-based stacks, etc).
  • Brother printers now use distinct hardware and firmware (OS) fingerprints. This should address cases where the firmware version overrode the hardware model by mistake.
  • Release notes are now consolidated across the Platform, Agent, and Scanner.
  • Versioning is now shared across the Platform, Agent, and Scanner.

Archived release notes

Prior to version 1.7.9, release notes and versions were split between the Platform, Explorer, and Scanner. You can find these archived release notes at the links below.

Updated