11.14.36 Platform Release

Released October 31, 2023

Database upgrade notice

The Brinqa Platform will upgrade its database to a newer version in the upcoming 11.15 release. Therefore, upgrading to 11.15 will require extra time due to the database migration and index rebuilding. To ensure a smooth transition, make sure that your system is running 11.14 and reach out to the Brinqa team for a thorough review of your configuration before proceeding with the upgrade to 11.15.

New features and enhancements

New tab for previous findings

A tab named "Previous findings" has been added on the ticket Details view. This allows users to gain the historical context related to a specific vulnerability definition.

New cluster type for informed users

A new cluster type named “Informed users” has been introduced to grant multiple users access to an asset or finding. This allows the Brinqa Platform to provide visibility into assets and findings to users who should be aware of these. For instructions on how to use the Informed users cluster type, see Create clusters for read-only access.

Data model changes

The following data models have been modified in this release:

• Add the applications relationship attribute to Site, Host, Code project, and Code repository.

• Removed the wrong renderer for the firstDetected attribute in Finding definition.

• Added the riskFactor attribute to CVE record.

Addressed issues

• The First detected and Open finding count attributes in Finding definition now render correctly.

• Exports for agent logs no longer remain in the Processing state.

• Orchestration no longer shows "Successful" when the run was only partially successful.

• All attributes marked as exportable are exported to CSV from the LIST view.

• The WHERE conditions for CSV exports now process as expected.

• Users can now add comments on the vulnerability ticket Show view.

• Re-enabled notification emails for exports that are ready for download.

• The HIPAA Risk Factor no longer contains PCI conditions.

• SLA and Risk rating in tickets no longer reset after the associated vulnerabilities are closed.

• Fixed the errors in the "App event log metrics" report section.

• Fixed the issue where the conditions in the default risk scoring model of Vulnerability definition were invalid.

Known Issues with Workarounds:

• Users may receive the following error when they navigate to Administration > Configuration > Risk scoring models:

  The attribute defaultCluster was not found in the RiskScoringModel data model(s).

  This is because the defaultCluster attribute has been removed from the Risk scoring model data model, and all default views have been updated to reflect that change in the latest CAASM version. But if you have a custom list view for the Risk scoring model that still includes this column, this error would occur.

  To workaround this issue, ensure that the CAASM application is on the latest version and go through all of your custom list views to remove this column manually.

Known issues

• Ticket creation may fail when too many relationships are involved.

• The top charts on the Dashboard and Findings page may load slowly for limited users.

• Drill-downs in Tabular charts don’t carry over decimal points from Buckets.

• Filtering for "System administrator" may return the HTTP 400 error on Users list page.

• Aggregate functions don't work on numeric attributes within Metrics.

• The “Source data” link is missing if the name of the source data model doesn't match the name in the Source column.

• Custom attributes added to Remediation owner or Risk owner are missing after the upgrade.