Rumble 2.7: New dashboard, multi-subscription Azure, AWS ELBs, Splunk add-on improvements, and faster discovery for Rumble Professional
User experience improvements
- Get insights, trends, and visualizations from your dashboard
- Easily navigate configuration pages for scans, imports, connections, and more
- Know when your connector credentials are invalid
- Sync Microsoft Azure with multiple subscriptions and directories
- Sync AWS load balancers into your inventory
- Connect Splunk to self-hosted instances and import services data
Scan, search, and self-hosted improvements
- Scan faster with Rumble Professional using subnet and host ping
- View end-of-life dates for APC firmware and Windows 10
- Updated search keywords for assets and services
- Self-hosted deployment improvements
Need high-level visibility into your asset and services inventory? Rumble 2.7 introduces trend data and insights directly from your dashboard, which lets you assess how your inventory is changing.
To help you visualize trending data, there are two new graphs on the dashboard:
- Asset trends - Shows the number of live, offline, scanned, and unscanned assets you have and how those counts have changed over the past day, 7 days, or 30 days.
- Services trends - Shows the number of ARP, ICMP, TCP, UDP, and total services you have and how those counts have changed over the past day, 7 days, or 30 days.
Under each category–such as asset type, OS, hardware type, and TCP ports–there are historical trend graphs that let you see how that data has changed over time.
To help you keep up-to-speed with changes in your environment, you can set up automated queries for critical assets or specific events on your network. When you activate an automated query, it will run after scans and show the number of assets, services, and wireless networks that matched in your query on the dashboard.
Ever scrolled through the Rumble scan configuration page? We know; it’s long and overwhelming. To help you easily configure your scan, the scan configuration page now has tabs that group together relevant configuration options for your scans: Standard, Advanced, SNMP, and Probes.
Other configurable areas of Rumble have taken inspiration from the scan configuration page redesign as well, such as the new query, import, connection, credential, and team member pages. Happy navigating!
Don’t you hate it when you fat-finger your password? We do too! Rumble now validates all connector credentials against their live APIs before saving them. No more running a task only to find out it couldn’t connect to its data source. Sometimes, it’s the small things that make a big difference.
Rumble’s integration with Microsoft Azure Cloud delivers better visibility into your cloud assets by adding information about your virtual machines to your inventory, such as their location, size, OS, storage information, resource group, and more.
Rumble 2.7 introduces multi-subscription access for Azure, which lets you use a client secret for API access to find all subscriptions in a directory. Select the
Access all subscriptions in this directory (tenant) option when you set up your Azure connection configuration to enable multiple subscription support.
To sync multiple directories, you can provide Rumble with a username and password for an account. When you configure your Azure connection, choose
Azure username & password as the credential type, and then provide your account credentials. If you don’t want to provide your username and password, you’ll need to add a client secret for each Azure directory.
Once synced, you’ll be able to search your inventory for Azure VMs and drill into each asset to view its attributes, like its resource group and storage profile.
Elastic Load Balancing (ELB) offers the ability to scale computing capacity by distributing incoming traffic across multiple targets, like EC2 instances, containers, and IP addresses, across availability zones. As the frontline to your applications and services, load balancers are often exposed to the Internet and highly visible. Knowing which load balancers are public-facing and reachable from the internet is critical. Our AWS integration now sync load balancers from ELB to your inventory.
To sync AWS load balancers with Rumble, you will need to add and activate a connection to your AWS EC2 API by providing the AWS region Access Key ID, and Secret Access Key. This credential should have access to the
AmazonEC2ReadOnlyAccess policy. After a successful sync, you can view your load balancers in the asset inventory.
All four types of load balancers will be viewable from the Rumble inventory: application, network, classic, and gateway load balancers. The assets will include ELB-specific attributes, such as the public IP addresses, availability zone, ARN, state, type, IPv4 pool, and scheme.
Rumble 2.7 adds three improvements to the Splunk Add-on:
- jQuery upgrade - The bundled version of jQuery has been upgraded to 3.5.0 for security and future compatibility.
- Services export from Rumble - Folks who want to pull all discovered services into Splunk can do so using the per-input configuration option.
- Self-hosted support - Self-hosted deployments can now leverage the Splunk integration. Just set your self-hosted console as the API endpoint input during configuration of the account.
Rumble’s subnet ping and host ping options enable fast discovery of large IP ranges. Subnet ping lets you only scan /24 segments that have at least one responsive host. Host ping lets you use a smaller set of probes to identify active systems before running a full scan. Combining these two options can help you quickly identify all reachable IP spaces in an organization. These two discovery options are now available to all Rumble Pro and Enterprise Editions. Enjoy your rapid discovery!
Assets running end-of-life firmware or operating systems pose security, compliance, and business risks and need to be upgraded as soon as possible. Rumble 2.6 introduced two new columns to your asset inventory that lists the known EOL dates:
OS EOL and
OS EOL EXT. These columns reflect the support end-of-life and extended support end-of-life date for the detected operating system or firmware. Rumble highlights specific assets that are EOL, nearing their EOL date, or are still within their supported period.
Our initial coverage for EOL dates included Windows, macOS, Ubuntu, Debian, and HP iLO firmware. Rumble 2.7 expands coverage for APC UPS firmware cards on your network.
For Windows systems, Rumble better tracks builds that share the same system files (such as 1903-1909, 2004-21H2, etc). These systems will now report the range of versions possible and the OS EOL reporting will use the latest release in this range to determine the end of support timeframe.
Rumble 2.7 adds new keywords for services inventory searches and improves wildcard searches for asset hostnames.
Five new service search keywords have been added to help you search services by IP address: The
service_has_linklocal keywords work similarly to their assets versions, but apply to the specific IP tied to the service. For example, to look for a service that has a private IP address, you can search
service_hasprivate:true. Or for a service that has a public IP address, you can search
Rumble search keywords use the percentage sign (%) as a wildcard, but applying this to fields with multiple values, like hostnames, was tricky. Starting with 2.7, you can perform wildcard searches of hostnames with anchored patterns, such as using
name:=FTP.% to find any asset with a hostname starting with the “FTP.” sequence.
The self-hosted platform is better than ever with support for Debian, a combined installer, improved configurability around TLS, updated documentation, and service hardening.
Rumble 2.7 adds support for the Debian 10 and Debian 11 operating systems running on x86_64, in addition to existing support for Ubuntu, RHEL, and CentOS.
The self-hosted installer now bundles together this full suite of explorers and scanners in the initial download, saving a step at installation time. This new download is a bit bigger (and takes a few seconds to generate), but removes the need to run an update after installation.
Documentation around self-hosting has been updated to include new SMTP and TLS options in addition to a detailed description of how the file system is used and what permissions are needed. The new TLS options simplify the process of running with NIST 800-52r2 cipher configurations.
This release includes a rollup of all the 2.6.x updates. Read the changelog to see all the improvements and updates in this release.
Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.
September 30, 2021
Fingerprinting Windows build numbers
Our goal at Rumble is to help customers identify everything on their networks, quickly, and without authentication. This process is driven by research, which often leads to dead ends, but sometimes we learn interesting things along the way. This post explores recent research …Read More
September 8, 2021
Rumble 2.6: Integrate with Microsoft Azure Cloud, identify EOL assets, self-host in offline mode, and detect more protocols
What’s new with Rumble 2.6? Synchronize your Azure VM inventory with Rumble Identify assets running end-of-life OS versions Support for NFS, PPTP, and “r” services Updates to the CrowdStrike integration Install and update self-hosted Rumble in offline mode See new …Read More
August 19, 2021
BlackHat gems: HP iLO 5 vulnerabilities
Each year, August arrives with promises of hot weather and cool security research talks. The DEF CON, Black Hat, and BSidesLV security conferences bring people in from all over the world to share knowledge through conversations, villages, training, and talks. There are …Read More