Overview

Rumble 1.9.0 is out with major updates to the scan engine, reports, fingerprinting, user interface, documentation, and much more!

Scan Engine

Folks who scan external assets using their hostnames will now see asset correlation occur using the DNS name itself. For environments where IP addresses are constantly changing (load balancers, CDNs, etc) this leads to less churn and a more accurate inventory.



The Rumble Agent and Rumble Scanner now detect and automatically filter out invalid services caused by intercepting middle devices such as Fortigate firewalls and Cisco ASAs. If you use these products and certain scans would return completely full subnets, this should resolve it going forward.

The Rumble Agent and Rumble Scanner now support a much wider range of interface types, including VPN adapters that use PPP link types, such as OpenVPN and Forticlient.

screenshot of Rumble console highlighting external DNS Correlation

The Rumble scan engine now gathers pre-authentication SSH banners and SSH host keys, along with their fingerprints, from any SSH daemons encountered on the network. Like any other service attribute, these can be queried to find matches, and viewed as a list of unique groups through the Service Attribute report.

SSH Fingerprints

Reports

The Subnet Utilization and Network Bridges reports now take into account the Site scope, including registered subnets, in order to provide a more accurate view of network segmentation. As we push towards full layer-3 discovery in Rumble, these reports will continue to be refined and become even more useful for planning and diagnostics. The Subnet Utilization report now makes it easy to rescan a specific network from the report.
Subnet Utilization


The Network Bridges report now links all external IP assets together back to the internet-cloud. This can help highlight segmentation issues and better highlights internet-facing assets.

Network Bridges

The Query Library has been updated with new queries to identify Treck devices affected by Ripple20 and F5 BIG-IP devices that may expose recent vulnerabilities in the TMUI management interface. The Rumble-provided queries have been updated to use the `_asset.protocol` filter to speed up searches across large organizations.

Query Library

User Interface

For folks with many recurring or completed scans, the new Search tab in the Tasks view makes task management easier. Sort by the Next column to get quickly get a list of upcoming scans.

Tasks Sorted by Next

The Scan Configuration page has received some big updates. SNMP parameters are now easier to configure in scans, with the most common options brought to the top of the form, from the depths of the advanced prope options. Other scan options have been condensed to make configuration faster and easier. Validation issues in the scan configuration will now show a notification as well as the per-field error message, to make diagnostics easier.

SNMP Options

Prior to launch or updating a scan, a confirmation is now shown with the estimate scan runtime and target count, based on the provided scope and scan speed. This can help prevent typos from leading to long scan times or unwanted network traffic.

Scan Confirmation

Release Notes

The complete release notes for v1.9.0 can be found in our documentation

If you haven’t had a chance to try Rumble before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Similar Content

Overview The 1.8.0 release of Rumble Network Discovery adds Registered Subnets to Sites, increases fingerprint coverage across databases, MAC addresses, and web applications, adds support for FreeBSD, OpenBSD, NetBSD, and DragonFly BSD, and expands support for additional Linux architectures. Tagging has been updated across the platform and numerous small bugs have been fixed. Registered Subnets Sites now allow subnets to be registered with optional tags and descriptions. These subnets work in conjunction with the normal Scope and can be used to apply tags to any assets within the defined networks.
ToneLoc The Subnet Grid Report introduced in Rumble 1.7.0 is copied from one of my favorite security tools of time, ToneLoc! ToneLoc (the tone locator) is MS-DOS wardialer written by Minor Threat and Mucho Maas that was released in the early 90s. ToneLoc was (and sometimes still is) one of the best ways to sweep telephone ranges to find accessible modems. One of the coolest features is ToneMap; a 100x100 pixel grid display of a 10,000 telephone number block.
Overview Version 1.7.0 of Rumble Network Discovery is live with big updates to reporting. The Analysis Reports introduced in version 1.6.2 are now joined by a new Subnet Grid Report, linked off the main Subnets Report under the Explore menu. The Query Library has been updated with small tweaks and new built-in query for finding expired TLS certificates, supported by improvements to the scan engine. The Rumble backend has been upgraded to support our larger customers as well as all of our new Starter Edition users.