Rumble 2.10: Uncover IPv6 blindspots and manage permissions with user groups
Rumble has extended its IPv6 support to include scans of IPv6 static addresses, DNS names with AAAA records, and interface-specific link-local IPv6 addresses. This support is enabled by default for Rumble Explorers on IPv6-enabled hosts. Local IPv6 discovery comes from the new Layer 2 probe, which identifies link-local addresses on IPv6-enabled interfaces, even without user input, and then conducts a full scan of the newly-found targets.
IPv6 scanning is now a native feature in the Rumble scan engine. Thus, scanning one IP protocol version can yield insights from the other. For example, when scanning IPv6, Rumble’s multi-home detection logic can discover IPv4 addresses on the same device, and present a unified asset with both IPv4 and IPv6 addresses.
Uncover your IPv6 blind spots with Rumble by comparing the services exposed on IPv4 with IPv6. Many services are exposed on IPv6 but not on IPv4 and firewalls do not always impose the same restrictions on IPv4 and IPv6 traffic, creating network blind spots. The services summary in the asset detail report makes it easy to spot if an asset presents a different exposure over IPv6 versus IPv4.
Rumble now supports user groups, which enables you to bulk manage users that need a shared set of permissions. User group permissions are applied on top of the base user permissions, with the highest permission level taking effect. This simplifies the common case, where limited privileges are provided through a base role and specific organization access is managed at the group-level. Rumble Enterprise users have the option to set an expiration date on user groups to enforce time-bound access. After the expiration date elapses, the account reverts back to their user-level permissions.
Check out the new user management features by going to Home > Your team > Groups.
The Rumble 2.10 release includes a rollup of all the 2.9.x updates, which includes all of the following features, improvements, and updates.
- Discover IPv6 assets anywhere
- Group users to easily manage permissions
- Sync AWS from the Explorer, Scanner, or Console
- Faster imports of Censys Data
- A security issue has been identified and fixed in the SSO SAML handler of the web console. This issue was found during internal review and could be abused to trigger a denial-of-service or limited leak of application internal data by an unauthenticated attacker. Self-hosted customers need to upgrade as soon as possible. Hosted customers have already been updated to the latest version.
- The CrowdStrike integration now uses the Scroll API to better support large organizations.
- The CrowdStrike integration has been updated to improve correlation with existing assets.
- The Azure connector now ignores canceled subscriptions automatically.
- CrowdStrike connector tasks now move preexisting CrowdStrike-sourced assets into matching scanned assets across sites.
- Censys Avro files can now be converted to a database for faster lookups.
- AWS internal hostnames are now reported in the asset name list.
- AWS assets can now be synced from the standalone scanner, as a scan probe in the console, or imported from previous AWS connector tasks.
- AWS and Azure connectors no longer set asset alive status and no longer are counted as offline or back online in the change report.
- A bug that prevented some AWS organizations from working with STS AssumeRole has been fixed.
- A bug that prevented public IP addresses from populating an AWS asset’s IPv4 attribute has been fixed.
- A bug that prevented services from displaying after a third-party import has been resolved.
- A bug that prevented importing operating system information from CrowdStrike for some Linux devices has been fixed.
- A bug that could allow duplicate CrowdStrike assets after an import has been fixed. Any resulting duplicates are eliminated on the next CrowdStrike task run.
- A bug that caused the Azure integration to occasionally skip public IPs has been fixed.
- A bug that caused a CrowdStrike connector task to send an API request exceeding length limits in specific instances has been fixed.
- A bug where BACnet device fingerprint match values might not be correctly reflected in the asset has been fixed.
- Office asset and service fingerprint additions and improvements, including: 2N, Atlona, Avaya, Canon, Cisco, Fortinet, IBM, Konica, Meraki, Microsoft, MIPS, and Poly
- OT and testing asset and service fingerprint additions and improvements, including: Agilent, BreakingPoint, Calnex, Eaton, GE, Generex, Pressac, Rittal, Spirent, and VIAVI
- Consumer asset and service fingerprint additions and improvements, including: Aircookie, Asus, D-Link, Denon, Espressif, LG, Maytronics, Netgear, Panasonic, Philips, Prusa, Rachio, Samsung, Shelly, Sony, TP-Link, TreatLife, and Wemo
- The scanner now supports configuration of reverse DNS timeouts and the SSH username.
- The scan engine now skips protocol probes on TCP port 9106.
- The scan engine now limits the SNMP enumeration speed to the Max Host Rate, reducing CPU usage on older switches.
- The scan engine now ignores additional cases of FortiGate HTTP interception.
- The scan engine now correctly excludes broadcast addresses from the scan scope.
- The scan engine now accepts IPv6 addresses and resolves AAAA records for hostnames.
- The Explorer service now starts up slightly faster on Windows.
- The CLI Scanner censys-db sub-command now requires less memory.
- IPv6 support now includes link-local asset discovery and PTR lookups for DNS/mDNS.
- A scan engine bug that could lead to an
invalid exclusionserror has been resolved.
- A bug where scanning of some Lexmark printers interfered with the printer’s job queue has been fixed.
- A bug that could cause the CLI scanner to stack trace has been resolved.
- The scan engine can now sync AWS assets.
- The scan engine has improved handling for devices with ports sensitive to probing, such as printers, which also overlap services that use similar port values.
- The coverage report can be filtered by site.
closedPortsMapfield has been removed from JSON exports.
- The query search now supports result count selection and remembers the setting between views.
- The Queries page now supports query execution across all assets, regardless of alive status.
- The Queries page has a new
Updatedcolumn, containing the last-modified date and time for each query.
- Scan tags can now be provided for scan import tasks.
- Rules now show when they were last processed, whether they triggered their action, and any error that occurred as a result.
- Nmap XML exports are now much faster.
- HP iLOs will no longer be merged into their host assets when they share a MAC address.
- Event templates now truncate results correctly.
- Autocompletion of search keywords has been added for organizations, tasks, and events.
- Asset subnet tags are now included in JSON and XML asset exports.
- Added an option to export only selected assets, services, or wireless.
- Added a
Every N Hoursrecurring task frequency option.
- A regression that removed the service names from the asset details page has been fixed.
- A bug which could lead to stalled rule processing has been fixed.
- A bug where the services in an asset view were not properly sorted has been resolved.
- A bug where task progress (on hover) could exceed 100% has been fixed.
- A bug where stale reverse DNS attributes could persist on assets has been resolved.
- A bug that prevented uploading very large scans has been fixed.
- A bug that prevented Asset Modify rules from updating the HW field has been resolved.
- A bug that persisted service products after asset changes has been fixed.
- A bug that hid the Task Change report has been fixed.
- A bug that could lead to some events being processed incorrectly has been resolved.
- The Team page now supports user groups, providing more options when managing permissions/roles across your users.
- The new asset route pathing report traces potential network paths between your assets, displaying a Layer 3 graph visualization.
- A regression that could lead to login errors after bulk permission updates has been fixed.
- A bug which allowed invited users to skip the SSO login step when initially joining an organization with required SSO settings has been resolved.
Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.
May 10, 2022
Rumble 2.13: Sync assets & software from SentinelOne, track more cloud resources, view cross-organization inventory, and schedule automated reports
What’s new with Rumble 2.13? Sync asset and software inventory from SentinelOne Explore software identified through Rumble scans Track more cloud resources from AWS, Azure, and GCP Work with your asset inventory across organizations Schedule and email the …Read More
April 5, 2022
Rumble 2.12: Generate organization reports, create scan templates, synchronize GCP, and invite external users
What’s new with Rumble 2.12? Generate Organization Overview Report for stakeholders Create scan templates to simplify scan management Synchronize your GCP virtual machines to Rumble Invite external Rumble users to your account Fingerprints and protocol updates User …Read More
March 8, 2022
Rumble 2.11: Identify outliers, trace network paths, and streamline SSO user provisioning
What’s new with Rumble 2.11? Identify outliers to find misconfigurations, missing patches, and rogue devices Trace potential network paths to verify network segmentation Streamline SSO user provisioning Cloud connectors available in Rumble Professional Identify …Read More