Platform Upgrades, Lacework, Findings Processing Re-Ordering, and more!
Welcome to the Nucleus Product Update 3.9. As we approach Thanksgiving, we’d like to start by expressing our appreciation for you and the rest of the Nucleus family. Thank you for being a part of our community and contributing to our collective growth and success.
We have so much to be thankful for this year, especially YOU! We hope you have a wonderful holiday celebrating all there is to be grateful for and enjoying a great meal with the people you love most.
This update is filled with lots of Nucleus happenings you don’t want to miss, including:
- Trends page upgrade to enhance usability and provide further vulnerability data insights
- Lacework connector for more accessible cloud infrastructure vulnerability data
- Finding processing re-ordering for easier complex automation rule setting
- Bulk data export functionality for unparalleled reporting and visualization possibilities
- Asset group access control v2 for access control at scale
We’ve also included a direct link to view our latest quarterly product update webinar on-demand. This webinar outlines most of this information in greater detail, in addition to new product updates and roadmap items we plan to release later. We also reflect on additional upgrades and advancements over the last quarter.
Get the details for all updates below.
Have questions or want to know more about anything you see here? Our team is happy to help. Just reach out to our crew at support@nucleussec.com for further assistance. Happy reading!
Quarterly Product Update Webinar – Watch Now!
It’s time for a quarterly check-in from our product team. Hear from Rob Gibson, Director of Product, and Sonia Blanks, Director of Product Marketing, in this value-packed session focused on our latest and upcoming product updates, plus roadmap items we plan to release later. We’ll also outline the most significant upgrades and advancements we’ve made over the last quarter to continually improve your Nucleus experience. This session is integral to our ongoing effort to be transparent and open with you, our valued customers.
You can access the recording here.
Trends page upgrade to enhance usability and provide further vulnerability data insights
Recently, Nucleus released a few product capabilities that help with vulnerability management (VM) data analysis, including a significant overhaul of the Trends Page. This overhaul includes three key highlights that enhance usability and provide invaluable insights into vulnerability data. These highlights include:
Redesigned Interface
The page has undergone a comprehensive redesign with user-friendliness at its core. Navigating through vulnerability data is now more intuitive than ever before.
New Widget – Historical View of Average Vulnerability Lifetime
This powerful addition offers a historical perspective on vulnerability remediation. It provides insights into time to remediation on each day historically and sheds light on the age of active vulnerabilities throughout that time, providing you with a clear view of how your organization is trending with respect to this important metric.
New Widget – Historical View of Risk Score
This widget offers a historical view of risk scores, enabling users to track changes in risk levels over time. Again, this can be instrumental for helping provide perspective on your organization’s performance over time.
You can learn more in the Trends Page Release Spotlight and this Trends Page Support Article. Please contact Nucleus Support or your account representative to sign up for the beta release of these new Trends Page upgrades.
Lacework connector for more accessible cloud infrastructure vulnerability data
This month, the Nucleus Security team reached another milestone with our newest integration addition, Lacework. This integration allows Nucleus Security to ingest vulnerability data seamlessly from Lacework’s renowned cloud-native application protection platform (CNAPP). With this new integration, customers readily access insights on vulnerabilities identified by Lacework on virtual machines across AWS, Azure, and GCP. In addition, they gain visibility into container images scanned by Lacework.
By combining forces with Lacework, Nucleus Security makes staying current on your cloud infrastructure’s vulnerabilities more straightforward and accessible. You can learn more in this Lacework Release Spotlight.
Please contact Nucleus Support or your account representative to sign up for the beta release of the new Lacework connector.
Finding processing re-ordering for easier complex automation rule setting
Available now, this new functionality helps customers supercharge their finding processing automation rules by making it easier to chain rules and actions together. By ordering rules carefully, users can perform multiple actions in conjunction with each other, including assigning vulnerabilities to teams or individuals for remediation, prioritizing vulns, adjusting statuses and workflows, and much more.
To learn more about Nucleus Finding Processing Rules, visit the Finding Processing Rules Support Article.
Bulk data export functionality for unparalleled reporting and visualization possibilities
As seen in our last product update, the bulk data export functionality is now available, providing Nucleus customers more flexibility with their data. It removes the friction, cost, and effort previously needed to accomplish these same tasks via upload to AWS S3 buckets. At the core, Nucleus has always believed in providing our customers full access to all of their data in our platform, so this new enhancement allows us to further support this. Particularly at the enterprise level, many Nucleus customers value and prefer to build and customize their reports and dashboards externally. This ensures Nucleus data drives and supports their VM program and strategy in the most applicable ways for their unique situations.
With a few simple clicks in the console, Nucleus begins uploading files as specified, and customers can view the upload status and download the files directly via an easy-to-use API interface. This way, the bulk data export API makes customer data more accessible. You can learn more in this Bulk Data Export Release Spotlight or this Data Export Support Article.
Please contact Nucleus Support or your account representative to sign up for the beta release of our bulk data export functionality.
Asset group access control v2 for access control at scale
Version 2 of Asset Group Access Control (AGAC) is game-changing for large enterprises with sprawling asset groups and teams. In previous iterations of Asset Group Access Control in Nucleus, restricting by asset group could be done for an individual user. Though effective, this approach is often time-consuming, particularly for larger organizations.
With the Asset Group Access Control v2 release, Nucleus customers can apply asset group restrictions to an entire team and use SSO Mapping to ensure that users are assigned to the right team and asset groups upon login. The /Teams endpoints have also been adjusted so that Nucleus customers can set asset group restrictions for a team via API.
Please contact Nucleus Support or your account representative to sign up for the beta release of Asset Group Access Control v2. You can learn more in this Asset Group Access Control Support Article.
You’re invited to this month’s webinar
On Wednesday, November 29th at 2 PM ET, our panel of cybersecurity experts, including Patrick Garrity, Security Researcher at Nucleus Security, Scott Kuffer, Co-Founder and COO at Nucleus Security, Matthew Clapham, Senior Director of Product Security Trust Center at Activision Blizzard, and a surprise expert guest, will dive deep into the nexus of product security and vulnerability management.
Drawing from their vast experience, they’ll unravel the intricacies of this relationship and provide practical solutions to the challenges at hand. This valuable session will include discussions around the distinction between product security and vulnerability management, challenges developers face pursuing security, operational strategies of product security teams, and more. You can register here.
Click here to expand our full Release Notes
You can access the Nucleus change log to view the complete, unedited version of release updates posted each week. Select the subscribe to the RSS feed option on this page to receive weekly change log updates. This new Nucleus Product Update is intended to fully summarize and outline those weekly changes for you, with more details, each month. The product updates include all the following features and improvements:
New Features
- Added a Lacework connector for ingesting hosts and container image data. Please contact Nucleus Support or your account representative to sign up for the beta release.
- Added the ability to specify asset group access when creating a team in Nucleus. Create an SSO mapping for those teams so that users log in and are automatically assigned to the appropriate teams with designated asset group access. Please contact Nucleus Support or your account representative to sign up for the beta release.
- Added average vulnerability lifetime and Nucleus risk score trend lines to the Trends Page along with redesigning the Trends Page. Please contact Nucleus Support or your account representative to sign up for the beta release.
Product Improvements (Performance, Experience, & Functionality)
- Added the ability to click on charts in the Trends Page to view the detailed data behind an individual chart element. Please contact Nucleus Support or your account representative to sign up for the beta release.
- The GET /projects/{project_id}/assets/groups API endpoint now includes ‘tag_id’ for use when creating and updating groups via the API.
- Made the API endpoint for updating findings in bulk more efficient for large data sets.
- Added “justification_status_name” as a supported field in the Findings Search API endpoint.
- Added “Severity – Original” as criteria in finding processing automation to key off of the original severity from the scanning source instead of adjusted severities. Please contact Nucleus Support or your account representative to sign up for the beta release.
- Added “does not exist” and “does exist” as filter options for Mandiant Risk Rating.
- Support was added for the asset type filter in the /assets API endpoint.
- Improved the BULK API endpoint for modifying findings to execute more efficiently for large data sets.
- Added the ability for Org Admins in Nucleus self-hosted environments to set up SSO for their org.
- Made due-date modifications more efficient by removing unnecessary back-end processes.
- Updated Finding Processing automation for due dates so that rules run based on the modified severity.
- Improved the experience for adding and editing teams at both the project and global levels.
- Added the ability to set a finding’s discovered date in the Nucleus Custom file upload.
Integration Improvements
Alert Logic:
- Added support to ingest Alert Logic’s new CSV format.
AWS:
- Added retries in 429 scenarios in the AWS connector.
- Sped up ingestion of assets from AWS.
Checkmarx:
- Improved the Checkmarx connector by adding the ability to match based on custom fields at scan time.
Crowdstrike:
- Ability to use the Crowdstrike local-ip instead of the external-ip as the Primary IP address on assets in Nucleus. Contact support for enablement.
- Sped up the Crowdstrike connector when importing by all, especially for large data sets.
InsightVM:
- Improved download performance of InsightVM assets.
Jira:
- Added support for the ‘Group picker (multiple groups)’ field type in the JIRA connector. Available when creating tickets manually and via automation rules.
- Sped up the Jira connector with back-end enhancements to more efficiently attach files, leave comments, close issues, and create new tickets.
Lacework:
- Improved the Lacework scan normalization to handle large scan files more efficiently.
Snyk:
- Added the ability to import by Target in Snyk. This is now generally available.
- Improved the ingestion speed of the Snyk connector for large projects by improving scan download speeds.
Synack:
- Added additional Synack metadata: assessment id, assessment name, codename, category.
Tenable:
- Sped up the TenableIO connector for especially large ingests.
- Added the ability to ingest and display CVSS V3 data from Nessus.
Reporting Improvements
- Improved generation of the vuln details xlsx report for especially large data sets.
Bug Fixes
- Fixed an issue causing ticketing automation rules to fail in specific scenarios.
- Fixed an issue where the Carbon Black connector was not applying filters for “Endpoint” scans.
- Fixed an issue where special characters in an Asset Group name caused report filters based on that Asset Group to not properly filter results.
- Fixed an issue preventing users from deleting a Notification rule in specific scenarios.
- Fixed an issue in the Lacework connector causing container image ingests to fail in specific scenarios.
- Fixed an issue preventing users from adding Custom Findings to unique vulnerabilities.
- Fixed an issue in Connector Activity causing ‘Is secondary =’ to display in the Message column.
- Fixed an issue where having multiple notification rules with differing emails caused some emails not to be sent.
- Fixed an issue in Resolved Vulnerabilities causing Medium severity vulnerabilities to be included when filtering on Low severity vulnerabilities.
- Fixed an issue caused by Tenable’s API that prevented us from getting a list of all targets when ingesting WAS scans. Contact support for enablement.
- Fixed an issue in the Nessus connector that was causing credential errors every few days.
- Fixed an issue where the CVE number was not correctly displayed for Tenable findings in limited scenarios, due to an unannounced change in Tenable’s API contract.
- Fixed an issue where scan level compliance data was not populated if compliance findings were included as part of older scans.
- Fixed an issue with the ReportVulnSummary that was causing resource constraints with certain filters applied.
- Fixed an issue with the Executive Group Comparison report where user could save the report without a name, resulting in an error.
- Fixed an issue where the Certificate Summary page failed to load in limited scenarios.
- Updated the TenableIO connector to account for severities being case insensitive when Tenable made an unannounced, breaking change to their API and the way data is returned.
- Fixed an issue where dynamic criteria was not working in Asset Processing automation.
- Fixed an issue in the Team Management view where filtering the “users in team” section down and removing user(s) resulted in more members of the team being removed than selected.
- Fixed an issue for initial users in the self-hosted environment where passwords were not set as expected.
- Fixed an issue where the status of certain tenable findings were not adjusted in Nucleus according to subsequent scans.
- Fixed an issue where the AWS EC2 asset sync was including non-running instances as active assets in Nucleus.
- Fixed an issue where Org Admins could not generate certain global reports via the API.
- Fixed an issue on the Active Compliance Findings page where filtering by medium severity did not work as expected.
- Fixed an issue in Finding References where we were showing the CWE number in the CVE section.
- Fixed an issue in the Global Dashboard where asset details were not consistently loading.
- Fixed an issue in the Global Dashboard Search that was causing tabs to overlap.
- Fixed an issue where the business owner chip indicator disappeared when navigating to the resolved page.
- Fixed an issue where custom asset aliases were overwritten upon ingestion.
- Fixed an issue where running an asset processing rule that sets a business owner user resulted in an error in limited scenarios.
- Fixed an issue where the instance URL search was not working for certain Qualys WAS items.
- Fixed an issue in ticketing automation where we could have been more efficient in requesting details for inactive rules.
- Fixed an issue where the CSV attached to a Jira ticket was not updated with remediated instances in limited scenarios.
- Fixed an issue in Asset Processing automation that was causing rules with a large amount of hosts to run very slowly.
- Ensured redundant values that Mandiant set for “Ease of Attack” fit into the existing “easy,” “moderate,” and “difficult” schema to avoid miss-match between API and UI results within Nucleus.
- Fixed an issue where Assignee and Assigned Team values were not updating as expected in the active vulnerabilities grid popover.
- Fixed an issue in the Jira connector where assignees were not populating.
- Fixed connection issues with Rapid7 via the Nucleus agent.
- Fixed an issue where vulnerability information was missing from inactive assets.
- Fixed an issue where users assigned a role via SSO had their asset group restrictions cleared after logging out.
- Fixed an issue where we could not import more than 10,000 hosts from a group from Crowdstrike based on restrictions in their API.
- Fixed an issue in the Github Dependabot connector where matching was case-sensitive, which led to asset mismatch.
- Fixed an issue in Finding Processing automation where using any of/all of for Mandiant Associated Malware criteria were not saving.
- Fixed an issue in finding processing automation where the assigned team was unassigned and was not triggering at the instance level.
- Removed legacy Twistlock CSV import method for PrismaCloud.