The Rumble Network Discovery Blog

At the most basic level, Rumble is a search engine for your network; it sends out probes, listens for replies, normalizes the results, applies fingerprints, and makes this data easy to query. Similar to web crawlers, Rumble will follow links between assets, this includes HTTP redirects, but also things like SunRPC portmappers, UPnP SSDP endpoints, and other services that point the way to additional data. mDNS (also known as ZeroConf or Bonjour) is one of these services.

Scanning & Searching Version 1.5.0 of Rumble Network Discovery is live with updates in two major areas; wider scanning, through improved protocol support, scan engine enhancements, and more comprehensive decoders; and deeper searching, with the addition of a dozen new search filters and other enhancements to the web console. Wider Scanning Whether you use the Rumble Agent or the Rumble Scanner, the scan engine improvements in v1.5.0 make discovery more reliable, predictable, and comprehensive.

Version 1.4.0 of Rumble Network Discovery is now available with a host of changes. This release rolls up our post-1.3.0 work, including major updates to the command-line Rumble Scanner and support for asset syncing in Splunk. The Rumble user interface and API endpoints now support grouped queries using parenthesis in search terms. Grouped queries allow for complex filtering logic and can helpful when searching for specific types of misconfigurations. These queries can be applied to the export functionality as well as the search interfaces for assets, services, screenshots, wireless networks, sites, and organizations.

Data transparancy is one of the key drivers of Rumble development. We do our best to ensure that any data gathered, transmitted, or downloaded is easy to view, import, export, and reprocess. Data generated by the Rumble Agent can be downloaded and reprocessed by the Rumble Scanner. Raw data from the Rumble Scanner can be imported into the Rumble Console. This data is consistently formatted and almost always backwards compatible between versions.

We are excited to announce the availability of an official Splunk Addon for Rumble! This addon uses the new Asset Sync API included in version 1.3.1 of the platform and supports two modes of operation. The New Assets Only mode will only pull in assets that have not been seen before, or could not be uniquely identified after being rescanned. The All Updated Assets mode will pull all changed assets since the last poll.