Overview

Version 1.7.0 of Rumble Network Discovery is live with big updates to reporting. The Analysis Reports introduced in version 1.6.2 are now joined by a new Subnet Grid Report, linked off the main Subnets Report under the Explore menu.

The Query Library has been updated with small tweaks and new built-in query for finding expired TLS certificates, supported by improvements to the scan engine. The Rumble backend has been upgraded to support our larger customers as well as all of our new Starter Edition users.

The command-line Rumble Scanner now generates its own Network Bridges and Switch Topology reports outside of the cloud platform. For folks who want to build their own fingerprints, the command-line scanner now supports custom Recog fingerprint stores using the --fingerprints argument and easy debugging by setting the --fingerprints-debug boolean flag. More information about custom fingerprint development and contributing to Recog will be covered in a post later this week.

Subnet Grid Report

Rumble can now provide a birds-eye view of the network through the Subnet Grid Report. The backstory on this visualization needs it own blog post, but the short version is that treating the IP address space as a grid and applying color maps based on attributes can identify interesting network properties. The Subnet Grid Report can be found linked with a icon off of the main Subnets Report. The example below is the type color map of a public IPv4 network.

Rumble Subnet Grid Report

The Rumble Scanner

The command-line Rumble Scanner now generates the Network Bridges and Switch Topology reports. These reports can help you understand the layer 2 topology and layer 3 segmentation of a network without having to upload the scans into the cloud platform.

Rumble Scanner Topology Report

These report can also be generated using previous scan data. The --import option can be used multiple times to merge many raw scan files into a combined report.

$ rumble-scanner -o rumble-1.7.0 --import previous-scan/scan.rumble
$ start rumble-1.7.0\bridges.html

Rumble Scanner Bridges Report

More Enhancements

Alert Rules can now be limited to a specific site or all sites, depending on your preference.

Recurring scans now show the day of the week abbreviation in the user interface.

The Rumble Agent and Rumble Scanner now use version 0.9991 of npcap.

Dashboard statistics now only account for Live Assets.

The service timestamp fields ts, tls.notAfterTS, and tls.notBeforeTS can now be queried using time-based query operators.

Release Notes

The complete release notes for v1.7.0 can be found in our documentation at the links below.

If you haven’t had a chance to try Rumble before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Similar Content

ToneLoc The Subnet Grid Report introduced in Rumble 1.7.0 is copied from one of my favorite security tools of time, ToneLoc! ToneLoc (the tone locator) is MS-DOS wardialer written by Minor Threat and Mucho Maas that was released in the early 90s. ToneLoc was (and sometimes still is) one of the best ways to sweep telephone ranges to find accessible modems. One of the coolest features is ToneMap; a 100x100 pixel grid display of a 10,000 telephone number block.
Overview Today’s update comes with two significant features: Analysis Reports and the Query Library. This work brings practical analytic capabilities to the inventory data and makes it easier than ever to create and share custom queries with your team and the wider community. Analysis Reports Analysis Reports are now accessible via the Explore link in the navigation menu. This section includes the three existing reports (Topology, Subnets, Bridges) and introduces two new ones.
Overview Version 1.6.0 of Rumble Network Discovery is live with support for configurable scan grace periods, data retention policies, additional protocol support, enhanced fingerprint coverage, new search keywords, and much more. Scan Grace Periods Starting with the 1.3.2 release, Rumble would automatically cancel a scheduled or recurring scan if the intended agent was not available after four hours. This fixed grace period prevented scans from stacking up in the case of a slow scan or offline agent, but it didn’t work for all use cases, and this is now configurable at the scan level.