After eleven releases and eleven months since our 1.0 launch we are happy to announce that v1.11 is live! The release adds Projects; temporary organizations that make it easy to manage one-off scans and professional services with Rumble. Also introduced in v1.11 is the ability to explore historical data, a new addon for Splunk Cloud, bulk asset changes via CSV import, over 10,000 new SNMP fingerprints, and much more!
Read on for the full list of changes since v1.10.
Rumble is licensed by Live Assets, but this isn’t a fit for all use cases, and we have been exploring alternatives. After extensive conversations with our users, we landed on Projects. Projects are temporary organizations that become read-only after 30 days and automatically expire after 90 days. If you want run one-off scans, explore different discovery options, or provide professional services to other organizations, Projects can help. Projects are available in all paid tiers and can be promoted to full organizations any time prior to the 90-day expiration. Project asset limits are equivalent to your license tier times five. If you are subscribed to the 1,000 live asset tier, Rumble supports 1,000 live assets across all permanent organizations and now 5,000 additional assets across all temporary projects.
If you want to see what a network looked like in the far past, or just last week, Rumble offers the tools for this, but loading historical scan data into new sites and organizations was clunky at best, and not the least bit intuitive. Starting with version v1.11, historical scans can be loaded into temporary projects via the Load action in the task details page for a given scan. Multiple scans (or imports) can be loaded into projects this way, allowing you to explore the data in a separate environment. We plan to explore other options for tracking and displaying asset history, but wanted to provide something easy and full-featured today. Historical data loaded into projects support all of the normal features, including per-user access control, remote APIs, inventory search, and reporting.
Rumble has a shiny new Addon for Splunk 8 and Splunk Cloud! The latest addon supports syncing assets into Splunk, with multiple inputs supported, global API key management, and optional search filters for each input. Want to track only new assets as one input? Sure thing! How about just assets with SMB protocol 1 enabled? It handles that too! Splunk Cloud users can request this addon and schedule the installation through the Splunk Cloud support portal.
Excel is often regarded as the “Second Best Tool for Anything” and this applies equally well to asset inventory. Rumble has supported CSV export from day one and is slowly adding support for CSV import as well. Rumble v1.11 can now import its own CSV export and will update matching assets with any changes to the comments or tags fields. Other fields, like OS and Hardware can be set as well, but may be overridden by the next scan.
There are hundreds of ways to fingerprint a device on the network, but none so ubiquitous as the SNMP Object ID. Rumble v1.11 rolls up over 10,000 new SNMP ObjectID fingerprints across dozens of MIBs into the biggest fingerprint database of its kind. These new fingerprints work in conjunction with existing coverage, with normalized vendor and device types, and provide even more precise device fingerprinting of SNMP-enabled equipment. Building this database required hand-editing and normalizing over 60,000 individual records, with extensive back-testing against public datasets, but the results are worth it.
Two major improvements to web screenshots were added in this release. First, non-standard Chrome installation paths on Windows are now automatically detected. Second, Rumble now takes multiple screenshots of each service, with various timing options, picking the highest quality image from the result set automatically. This process substantially reduces the number of screenshots that return a blank page or simply time out.
All Rumble scan data uploaded to and downloaded from the platform is now compressed with Gzip by default. This substantially decreases the size of scan data and helps with bandwidth-constrained environments. The Import action now supports compressed and uncompressed files while all task data downloads only return compressed data going forward. The command-line Rumble Scanner now compresses the
scan.rumble file by default.
The complete release notes for v1.11.0 can be found in our documentation
If you haven’t had a chance to try Rumble before, or would like to play with the new features, sign up for a free trial and let us know what you think!