11.28.36 Platform Release

Released August 26, 2024

New features and enhancements

• Created datasets for MITRE data models originating from the Brinqa Risk Intelligence feed.

  • Created a kill-switch flow to activate version 2 risk factors and deactivate stock risk factors. This allows the platform to bulk enable the Brinqa Risk Intelligence Feed risk factors.

  • Created a kill-switch to deactivate version 2 risk factors and activate stock risk factors. This allows the platform to bulk disable the Brinqa Risk Intelligence Feed risk factors.

  • Renamed existing risk factors to v1 for versioning given the enhanced risk factors that accommodate the Brinqa Risk Intelligence risk factors.

  • Created the Threat Intelligence Risk Factor Icons when these are applied.

  • Updated the pre-built Brinqa Risk Connector to use the production connector version.

  • Updated 11.x platform to include new Brinqa Risk Intelligence Risk Factor icons.

  • Updated the pre-built Brinqa Risk Intelligence connector version to 2.1.3.

• Replaced data purge with data lifecycle management (DLM) in data integration, which allows administrators to leverage the robust status configuration of DLM.

  • Removed the feature flag for data lifecycle and made the new behavior the default. This allows all organizations to take advantage of DLM.

  • Linked data lifecycle flows with the source data models (SDM), which allows a user to launch these flows from the data model page instead of having to search for it on the flow list view.

  • Added more parallel processing to improve consolidation time after DLM.

• Separated data integration syncing from data orchestration. See Multi-sync configurations for more information.

• Enabled the dashboard sidebar navigation. This removes the dashboard list from the top bar and allows users to navigate dashboards via the sidebar. See Dashboards Overview for more information.

  • Added access control to dashboards, which allows the platform to only show assets and risks to which the user has been granted permissions.

  • Allowed users to select a category for a dashboard so that these can be properly organized in the sidebar navigation.

  • Updated access control to work with the updated dashboard permissions, so that dashboards only show the permitted data.

  • Updated pre-built dashboards for the new Category property.

• Displayed report inputs at the top of a report as filters, which allows users to easily understand how they’ve filtered a report. See documentation on adding inputs to reports.

• Added guardrails to drill-downs to make these more descriptive and enabling users to properly select inputs. See documentation on report drill-downs to find out how it works.

• Improved the data source options on a visualization. This streamlining provides relevant data to understand how a visualization is populated.

• Added a tooltip for Graph stacked bar chart to more accurately describe the individual metric.

• Added an option to hide the top labels for stacked bar charts.

• The platform now filters visualizations by the current dataset that is displayed.

• Added a link to edit the visualization when adding it on a report since visualizations are managed on a separate page.

• Updated the INFO icon on visualizations and charts to use the new icon.

• Updated list visualizations so "total" is not listed on the first visualization twice.

• Added the ability to allow tickets-without-sprints to add new findings to existing tickets.

• Created the configuration required to push Remediation Campaigns to an external tool. This allows Brinqa to push remediation campaigns to ticketing solutions.

• Improved the BQL relationship's guardrail message to indicate when the maximum number of relationships have been exceeded.

• Added app event logs when Exception Requests automation expires to provide more context for these events.

• Updated the brinqa-core YAML to set the number of persistent threads.

Data model changes

• Added some new data models to support Brinqa Risk Intelligence:

  • Attack Mitigation

  • Attack Pattern

  • Attack Tactic

  • Attack Technique

  • EOL Advisory

• Added the riskOwner, remediationOwner and informedUsers attributes to the Assessment data model. This allows better enforcement of access control.

• Updated the CVE Record data model as follows:

  • Added new attributes and a new option to support status configuration.

  • Added new attributes to support Brinqa Risk Intelligence.

  • Renamed the cvssV2AttackVector attribute to cvssV2AccessVector.

• Added a cisaDueDateExpired attribute to the Finding data model.

• Updated the Finding Definition data model as follows:

  • Added the exploitExists and exploitedInTheWild attributes.

  • Renamed the cvssV2AttackVector attribute to cvssV2AccessVector.

• Added a cpeRecord attribute to the Package data model.

• Added some CVE Record-related attributes such as affected, cveIds, vendor and url , and removed the cpeRecords attribute from the Security Advisory data model.

• Added the recommendation and sourceCreatedDate attributes to the Threat Intelligence data model.

• Added the abstraction, structure, sourceStatus and weightedScore attributes to the Weakness data model.

Addressed issues

• Fixed the BCL query failure when using the OR operator.

• Added a cleanup of the primitive channels for compute.

• Fixed the issue that using OR statements in Visualization filters incorrectly adds OPTIONALLY on relationships.

• Fixed the CAASM update failure with Optimistic locks on CachedGeneralRepository.

• Fixed the acquireDuration discrepancy.

• Fixed an issue in Reports with multiple tabs where charts created in the last tab were placed in the first tab.

• Removed the extra Clone button for reports.

• Researched risk factors for Brinqa Risk Intelligence.

• Fixed the issue that caused risk and remediation owners not seeing ticket sources.

• Fixed the issue that free-text search didn’t work when trying to add a visualization to a report.

• Added the missing tabs in the Compliance status input filter for reports.

• Fixed the “Show more” button in Edit filters when creating visualizations.

• Improved the look and feel of the Add attribute section in the View editor.

• Fixed the text overflowing issue in report filters.

• Fixed the size and alignment of the 'open lookup view' button in the ownership cluster form view.

• Removed the Create button from list views for read-only users.

• Fixed the dashboard where changing through tabs would display a square highlight when it should not.

• Fixed the markdown rendering so it displays long text correctly.

• Fixed the Analytics Source trend chart so that switching from trend line to trend bar doesn’t break when the time range is set.

• Fixed the issue that the Matrix table didn't show all the data that it contains.

• Fixed the chart overlapping issue when using the Rendering > Sparkline option in the Matrix table.

• Improved the backend to return the whole BQL query in the bql endpoint.

• Fixed the drill-down in reports that changed True/False to Yes/No upon editing the report.

• Re-activated the affected technologies cluster.

• Fixed the CAASM installation failure with caasm-11.27.9.zip.

• Fixed the issue that using shortcut to open Edit mode in a view and closing it in the same way didn't return to the same size.

• Increase the spacing between Input options in automations.

• Fixed the 11.28.P0 install failure due to a dependency issue with BCL.

• Removed the Delete option for tickets since users should not be allowed to delete them.

• Fixed some broken list views.

• Fixed the charts on Clusters > Assets > Environments.

• Added the Duration column on the orchestration history page.

• Fixed the IN operator translation to SQL on multi-valued attributes.

• Removed the Security Controls and Security Control Framework DMs from the navigation menu.

• Added the ui.dataintegration.testconnection.success translation.

• Ensured that the left hand dashboard navigation uses the "Order" field on dashboards.

• Removed empty values from the results when using the BQL "IN" operator on multi-valued attributes.

• Opened the 'Learn more' link in Sync Configuration in a new tab.

• Removed the blue message about not synced data sources after the sync had run.

• Changed the default order for the vulnerability definition severity score risk scoring model to 9999.

• Fixed the positioning of new risk factor icons.

• Fixed the ACLs for the Risk Analyst role.

• Fixed the error seen in the console when adding any chart with source type ‘data model’ to a report.

• Set the order on built-in views to 99 to avoid collision (should not have customer impact).

• Added a banner to explain that integration configurations are ignored if they are present in application.yml (on the server).

• Added a Category drop-down for creating/updating dashboards.

• Ensured that the Create button on the Users list page doesn’t change after doing a search.

• Added a type check to ensure that the Exception request date is saved as Long in Neo4j.

• Fixed the delay and added an Uncategorized category to the dashboard navigation menu.

• Allowed the Configurator role to see/edit/share the dashboards that they created.

• Fixed the issue that changing the Category of a custom dashboard would erase all visuals.

• Refrained from referencing statuses of assets or findings in the built-in UDLs.

• Set the attributes for BCL correctly in the DLM advanced settings.

• Fixed the reports so graphs display when the data source is 'Data Model'.

• Updated the Analytics Source charts on the All findings page.

• Fixed the issue that selecting SAML as the authentication method didn't redirect user to the SSO page and allowed their password to be reset.

• Added calculation optimization on the Vulnerability data model (affected by the new attributes from Brinqa Risk Intelligence).

• Fixed the HTTP 500 server error on the Analytics > Indicators page.

Known issues

• Received an HTTP 500 server error when manually editing a Pentest finding.

• Dashboards don't render and are uneditable.

• Filters from Analytics Source are not being applied in report drill downs.

• The pre-built risk factors do not account for all Finding models.

• Complex queries cannot be stored as Dimensions for visualizations.

• Remediation campaign push action throws an exception.

• Not all risk factors are exporting from the LIST view.

• The cidr attribute in the Subnet data model isn’t a multi-value field, causing calculation to fail.