More Speed, Automation, and Accelerated Remediation
Welcome to the Nucleus Product Update 2.11. The holidays are here, and our crew is hustling as hard as the thousands of shoppers scrambling to get their holiday gifts just right. This past month, our team introduced new features and applied additional performance, reporting, and connector improvements to the Nucleus vulnerability management platform to make things even easier for you, at scale. This product update includes:
- New automation to remove due dates from lower severity findings
- More places to view Installed Software reports so you can stay ahead of threats
- Connector improvements for S3, Carbon Black, Prisma Cloud, Qualys, and several more
Check out all the details for these updates below.
Have questions or want to know more about anything you see here? Our team is happy to help. Just reach out to our crew at support@nucleussec.com for further assistance. Happy reading!
Less manual work, more automation
As part of our mission to make things easier at scale, we’ve added the ability to remove due dates based on severity in the Finding Processing automation. This new feature is available to use, whether set in your scanning tool before ingestion into Nucleus or in Nucleus itself, based on the severity of the finding. We’ve long included the ability to remove due dates with a manual bulk modify action but wanted to extend this into our automation engine for continual ease of use. You can now officially say goodbye to the manual work of removing due dates from lower severity findings and hello to more time spent doing the things you care most about.
Get ahead of threats with customer favorite Installed Software reports
Installed Software reports are an important way that Nucleus helps you get ahead of potential threats, particularly when large-scale attacks happen (e.g. Log4j, polkit). Instead of waiting on specific vulnerability scans, Installed Software reports allow you to identify potentially vulnerable systems immediately by locating those systems containing affected software. This preliminary Installed Software data can then be used to get a head start on remediation efforts. As part of this update, we’ve now made these Installed Software reports available on the Reports List page in Nucleus.
The need for speed continues with additional S3 improvements and faster ingests for multiple connectors
Our quest for faster load, ingest, and processing speeds continues. This release includes a 30x speed improvement for Prisma Cloud, as well as ingest improvements for Qualys, Checkmarx, Carbon Black, S3, and several other connectors. Providing you with near real-time data is core to our mission – and we know it’s critical to yours. We also significantly improved the Instance Details view load time and added additional columns to our S3 file output in Nucleus to further improve your data in Nucleus.
You can access the Nucleus change log to view the complete, unedited version of release updates posted each week. Select the subscribe to the RSS feed option on this page if you would like to receive weekly change log updates. This new Nucleus Product Update is intended to fully summarize and outline those weekly changes for you, with more details, each month.
Click here to expand our full Release Notes
The product updates include all the following features and improvements:
New Features
- Added the ability to remove due dates based on severity in Finding Processing automation.
Product Improvements (Performance, Experience, & Functionality)
- Improved performance on the findings/summary API endpoint to prevent timeouts.
- Enhanced validation on all automation API endpoints that use CIDR notation as criteria.
- Made sweeping improvements to speed and page load times across the Nucleus platform, including improvement on the Active Vulnerabilities page and Vulnerability details page, as well as the Instance Details view.
- Updated the “last seen” date format in the Active Vulnerabilities page to be compatible in certain versions of Firefox and Safari.
- Updated API responses to return non-200 when providing invalid parameters.
Reporting Improvements
- Added additional columns to S3 file output to more holistically capture manually mitigated findings, scan date, host last seen date, and finding discovered date.
- Made report generation for certain report types more efficient: PCI Executive report, PCI technical report, Executive group summary, etc.
- Updated the Reports List page to include the Installed Software reports.
- Sped up the creation of the vulnerability report when filtering by Mandiant filters.
Integration Improvements
Carbon Black:
- Sped up Carbon Black ingestion in retry scenarios and addressed out of memory errors.
Checkmarx:
- Updated Checkmarx connector to include support for custom fields in version 9.4 due to Checkmarx breaking their API contract for the v1.0 API between product versions.
- Updated Projects endpoint to use Checkmarx V2.2 API.
- Sped up Checkmarx scan parsing.
Jira:
- Temporarily improved speed of “sync fields”.
Nexus IQ:
- Sped up scan parsers by improving how we pull finding descriptions.
- Enhanced the NexusIQ Connector to check for existing jobs before creating new ones.
Prisma Cloud:
- Sped up Prisma Cloud ingestion by up to 30x
Qualys:
- Added retry logic upon Qualys ingestion.
- Sped up scan ingestion.
- Removed querying of unnecessary data when updating the connector.
S3
- Updates to custom findings are uploaded to S3 as a delta. Only the changed/updated custom finding will be included in the delta.
- Sped up S3 upload by limiting data to active and manually mitigated findings.
Security Hub Connector
- Improved the Security Hub connector so that ingestion and download occur more efficiently.
ServiceNow:
- Enhanced the ServiceNow App by significantly reducing load time for choice fields.
Snyk:
- Updated the SNYK connector to add a check before creating a new job.
Sonar Cloud:
- Updated the SonarCloud connector to fetch last analysis date.
Sonatype:
- Sped up scan parsers by improving how we pull finding descriptions.
Veracode:
- Enhanced speed of the Veracode connector by splitting downloading and processing scans into separate jobs
Security Improvements
- Added more stringent permissions to the download project API endpoint so only users that have access to edit a project can utilize the download project endpoint/functionality.
Bug Fixes
- A bug where the full list of Jira projects was not displayed when creating a ticket from Nucleus.
- A bug where the discovered date differed between the Vulnerability Details page and the Instance Details page.
- A bug where filtering by date on the Connector Activity page was not working as intended.
- A bug where the Jira connector used the internal URL when utilizing the Nucleus manager.
- A bug on the vulnerability trends graph that occurred while adding a day when filtering by date.
- A bug where CodeQL was not ingesting scans on team ingests
- A bug with the AWS ECR connector where existing hosts were not displayed if subsequent ingests had duplicated asset images.
- A bug where tickets did not include expected attachments and were not appearing in the Nucleus Tickets page in certain scenarios.
- A bug where Qualys auto imports were not importing as expected.
- A bug where data-rich queries were not delivering in S3.
- A bug where certain settings were not persisting in S3.
- A bug where a filtering issue in the Active Vulnerability page was removing certain filter conditions and then re-adding them resulted in the default value showing blank.
- A bug where filtering in the Active Vulns page by date range was persisting after removing the range.
- A bug where ServiceNow was timing out when ingesting assets in certain scenarios.
- A bug in Qualys where multiple instances were being created if a date was included in the finding output.
- A bug where users could not edit the membership of a team without changing the name of the team.
- A bug where searching for the name of a vulnerability did not yield results if that finding existed after the first page.
- A bug where mitigated finding counts were inaccurate in some instances.
- A bug where setting the network exposure condition as internal did not save the rule.
- A bug where connector asset rule criteria was not displaying.