Scanning & Searching

Version 1.5.0 of Rumble Network Discovery is live with updates in two major areas; wider scanning, through improved protocol support, scan engine enhancements, and more comprehensive decoders; and deeper searching, with the addition of a dozen new search filters and other enhancements to the web console.

Rumble Network Discovery 1.5.0

Wider Scanning

Whether you use the Rumble Agent or the Rumble Scanner, the scan engine improvements in v1.5.0 make discovery more reliable, predictable, and comprehensive. This release adds support for TFTP, NTP, NFS, dTLS, and OpenVPN discovery probes. The dTLS, OpenVPN, and TFTP probes support multiple ports per scan, enabling a wider range of product and protocol detection. The dTLS probe can identify Remote Desktop Gateway services on port 3391 as well as CAPWAP responses from Wireless LAN Controllers.

Remote Desktop Gateway Detection

The SMB, WSD, SunRPC, UPnP, and HTTP probes all received updates in this release; allowing more information to be captured, normalized, and extracted for easy fingerprinting. Scans now report more ports, more protocols, and more normalized fields for queries.

UPnP Device Attributes

The HTTP probe in particular received big updates, enabling same-host redirect follows, disabling screenshots of generic error pages, capturing generator and other meta tags, storing the final redirect separate from the first response page, and extracting icons from both web and UPnP endpoints. The HTTP probe also identifies Remote Desktop Gateway instances exposed via IIS. The screenshot below demonstrates the icon capture feature, which displays captured icons in the web console.

HTTP & UPnP Icon Capture

Deeper Searching

The web console efforts built on 1.4.0’s support for grouped queries by adding the ability to search by numerical ranges and counts of specific fields. Numeric comparisons can be applied to any asset attribute or service detail, as well as port numbers, round-trip-times, TTLs, and the counts of addresses, macs, hostnames, and domains. The screenshot below demonstrates asset filtering by the TCP service count.

Search by TCP Service Count

Applying the numeric comparisons to service inventory fields allows filtering on any value. For example, the query http.code:>=400 AND NOT http.code:404 can return only web servers with error responses, ignoring 404s.

Search by HTTP Code Range

These comparisons also work for image sizes. The example below uses the query screenshot.image.size:>=500000 to limit screenshot results to those where the image is at least 500,000 bytes (less compressible and more interesting).

Search by Screenshot Size

The presence of switch topology information can now be queried using the has:uplink, has:downlink, and has:unmapped search terms. The topology information itself is now displayed on the asset detail make, making it easier to understand how a particular system is wired into the network.

Network Topology Asset Detail

If you would like to explore the full set of search keywords, the Search Query Syntax documentation has been updated with the new keywords and examples.

More Enhancements

The Scan Configuration page now allows a set of tags to be applied to all assets discovered by that scan. This applies to both single and recurring scans.

Scan Tags

Recurring scans can now be paused and unpaused from the Tasks list.

Scan Pause

Rumble now supports 64-bit ARM on Linux (aarch64), enabling cost and power efficient scans from popular small factor boards and ARM-based cloud instances.

Linux on ARM 64-bit Support

The web interface now applies styles to the print view.

Print Style Support

Last, but not least, every account (trial or otherwise) can now create a pre-populated Demo Organization. This is available via the bottom-left link on the Organizations page. Demo organizations don’t count against your licensed assets and can be used to explore new features without running a new scan. Most of the screenshots in this article used the Demo Organization.

Create a Demo Organization

Release Notes

The complete release notes for v1.5.0 can be found in our documentation at the links below.

If you haven’t had a chance to try Rumble before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Similar Content

Overview Version 1.7.0 of Rumble Network Discovery is live with big updates to reporting. The Analysis Reports introduced in version 1.6.2 are now joined by a new Subnet Grid Report, linked off the main Subnets Report under the Explore menu. The Query Library has been updated with small tweaks and new built-in query for finding expired TLS certificates, supported by improvements to the scan engine. The Rumble backend has been upgraded to support our larger customers as well as all of our new Starter Edition users.
Overview Today’s update comes with two significant features: Analysis Reports and the Query Library. This work brings practical analytic capabilities to the inventory data and makes it easier than ever to create and share custom queries with your team and the wider community. Analysis Reports Analysis Reports are now accessible via the Explore link in the navigation menu. This section includes the three existing reports (Topology, Subnets, Bridges) and introduces two new ones.
Overview Version 1.6.0 of Rumble Network Discovery is live with support for configurable scan grace periods, data retention policies, additional protocol support, enhanced fingerprint coverage, new search keywords, and much more. Scan Grace Periods Starting with the 1.3.2 release, Rumble would automatically cancel a scheduled or recurring scan if the intended agent was not available after four hours. This fixed grace period prevented scans from stacking up in the case of a slow scan or offline agent, but it didn’t work for all use cases, and this is now configurable at the scan level.