Multiple connector additions and new in-platform customizations
Welcome to the Nucleus Product Update 4.1. It’s a new year with new things to get excited about together. Here’s to making 2024 a great one! 🥳
This update outlines lots of Nucleus happenings you don’t want to miss, including:
- Qualys PCS connector beta release
- Orca connector beta release
- Lacework connector GA release
- ServiceNow App connector v 1.3 GA release
- New Asset Filters in Nucleus console
- Customizable Summary and Description for JIRA tickets
We’re also including a link to our latest webinars, which are value-packed sessions you don’t want to miss.
Get the details for all updates below.
Have questions or want to know more about anything you see here? Our team is happy to help. Just reach out to our crew at support@nucleussec.com for further assistance. Happy reading!
How to Automate and Streamline Vulnerability Management Processes – Watch Now!
This week, Scott Kuffer, COO at Nucleus, and Sonia Blanks, Director of Product Marketing at Nucleus, spent time diving into how enterprise organizations can leverage automation to drive efficiency across any vulnerability management program. They discussed the support automation can provide for ownership assignment, ticketing processing, data management, reporting, audit trails, and prioritization decisions. Learn how automating lesser-known or less emphasized parts of the vulnerability management process can significantly enhance efficiency across different teams by watching this on-demand session now.
Qualys Policy Compliance Scanning added to the Nucleus connector family
The new Qualys Policy Compliance Scanning (Qualys PCS) integration allows us to ingest compliance and misconfiguration findings identified by Qualys directly into Nucleus projects, alongside vulnerability data on each asset. By blending policy compliance and vulnerability management, we enable you to navigate your risks associated with vulnerabilities and misconfigurations simultaneously, ultimately enhancing your organization’s overall security posture. The Qualys PCS connector is in BETA release. If you want to explore its capabilities within your Nucleus organization, please contact Nucleus Support or your dedicated account representative. You can learn more about the Qualys PCS connector in this release spotlight.
Orca Security added to the Nucleus connector family
The new Orca Security integration further expands our cloud security coverage. Through this integration, we unify potential risks within your cloud assets alongside security risks from the rest of your technology landscape. With Nucleus and Orca, you can fully leverage cloud technology’s potential while securely guarding your digital assets. With this integration, alerts identified by Orca on virtual machines and container images can now be ingested into Nucleus and visualized alongside insights derived from other asset and vulnerability sources. The Orca Security connector is in BETA release. If you want to explore its capabilities within your Nucleus organization, please contact Nucleus Support or your dedicated account representative. You can learn more about the Orca Security connector in this release spotlight.
Lacework integration expands to general availability
The Lacework integration has been enhanced to support host matching for Azure Virtual Machines and expanded to general availability. This integration allows Nucleus Security to ingest vulnerability data seamlessly from Lacework’s renowned cloud-native application protection platform (CNAPP). You can learn more about the Lacework connector in this release spotlight.
ServiceNow ITSM app version 1.3.1 brings more dynamic ticketing capabilities
The new release of the Nucleus Security app for ServiceNow marks a significant step forward in our ticketing automation capabilities, ensuring the right incidents go to the right teams with zero manual effort. A highlight of this new version includes the ability to dynamically group ServiceNow incidents by finding or asset properties in Nucleus. Whether grouping incidents by team, assignee, package, or any other supported properties, this flexibility enables you to streamline and automate remediation efforts in the way that makes the most sense for your organization. This functionality and all other features of v1.3.1 are available to all Nucleus customers today – head to the ServiceNow app store to get started and view our help docs for details on integrating your systems.
New asset filtering capabilities in Nucleus console
It’s now easier to narrow your view in Nucleus to a filtered collection of assets and their related vulnerabilities. These new asset filters include name, IP address, and risk attributes like business criticality, data sensitivity, network exposure, and compliance scope. With these new filters, you only have to make a few selections to find the data you need at a given moment. We’ll continue developing our asset filters this quarter to enable you to save collections of filters for easy repeat access in subsequent logins – stay tuned for updates! Learn more about Nucleus asset filters in this article.
Customizable Summary and Description for Jira tickets
When you create tickets for remediation teams, you want to ensure people receive only the most relevant and necessary information to help them do their jobs. Reducing the noise so teams have the right information regarding priority, due dates, and so on helps enable prompt and efficient action on vulnerabilities. Available now to all Nucleus customers, the newly customizable summary and description allow you to include or exclude 12 fields within automation rules for JIRA ticketing. You can learn more about Nucleus ticketing rules here.
You’re invited to this month’s webinar
In this upcoming webinar with Scott Kuffer, Founder and COO of Nucleus Security and a special expert guest, will dig into the concept of “Single Pane of Glass” for vulnerability management. Everyone wants it, but what does it mean? The session will focus on catalysts for the increase in demand for a single pane of glass in vulnerability management, the meaning and critical components of single pane of glass, the challenges of implementing and maintaining a single pane of glass, and a deep dive into what a single pane of glass is NOT. Don’t miss this must-see webinar!
Register for the webinar today!
Click here to expand and minimize our full Release Notes
You can access the Nucleus change log to view the complete, unedited version of release updates posted each week. Select the subscribe to the RSS feed option on this page to receive weekly change log updates. This new Nucleus Product Update is intended to fully summarize and outline those weekly changes for you, with more details, each month. The product updates include all the following features and improvements:
New Features
- The Lacework connector is now Generally Available and has been enhanced to support host matching for Azure Virtual Machines.
- Added the ability to delete Ticketing & Issue Tracking rules in bulk from the Global and Project Automation pages.
- Added the ability to Enable, Disable or Delete Vulnerability Scan Ingest automation rules in bulk.
- Added a new Orca connector, now available in BETA. Contact Nucleus Support for enablement.
- Added a new Qualys Policy Compliance Scanning (PCS) connector, now available in BETA. Contact Nucleus Support for enablement.
- Added ability for Org Admin users to upload an Org Image from the Edit Organization dialog.
- Top Risks page now includes a column for “Age” by default, representing the number of days since the Discovered date.
- “Severity – Original” is available by default as criteria in finding processing automation, enabling users to base rules on the original severity from the scanning source rather than adjusted severities.
- Added support to bulk export Nucleus data for use in third party applications by direct download via API. Contact Nucleus Support for enablement.
Product Improvements (Performance, Experience, & Functionality)
- Enhanced Finding Processing rules for setting Due Dates to behave consistent with other Finding Processing Rules. If two or more rules satisfy the criteria, the last action will take precedence.
- Added ability to filter results from the /findings/search API endpoint to only include active findings.
- Improved performance for displaying Finding Instance details.
- Updated the Supported Data Types display for ZAP files to indicate support for JSON in addition to XML file formats.
- Enabled Data Export support for customers in the us-gov-east-1 AWS Region. This feature is currently in BETA. Please contact Nucleus Support to enable.
- Added hostname and IP address as new filter criteria in the asset filter windows.
- Added risk attribute fields like business criticality, network exposure, compliance scope, and data sensitivity as additional criteria to asset filtering at the global level. Additionally, we have refreshed the style of the global asset filter for a cleaner, more modern experience.
- Updated the use of the output criteria in Finding Processing automation to allow for multiple entries. Contact support for enablement of the output field in Finding Processing automation.
- Improved the performance of Asset Processing workflows.
- Improved performance for loading the Top Risks page.
- Improved performance for loading the Active, Assigned to Me, and Assigned to My Team vulnerability pages when filters are applied.
- Added the ability to re-order finding processing rules.
- Improved speed of ticketing automation for environments with large amounts of ticketing rules.
Integration Improvements
General:
- Enhanced the presentation of Finding Instance details to display additional details including Reference Information, Package, Version, Fixes, Service and Port for several scanner ingest connectors.
- Added the ability to ingest OWASP ZAP files in JSON format.
- Added cloud resource tags from Prisma as additional metadata in Nucleus.
AWS:
- Added the ability to export additional justification fields in the instances export. Now available in the S3 connector and bulk data export. Contact support for enablement.
- Improved performance for Amazon AWS ingests by only updating findings for assets in the scan.
- Improved the AWS setup flow by updating the experience for verifying credentials.
Axonius:
- Improved the Axonius connector by adding the ability to ingest from the GUI adapter.
Bugcrowd:
- Updated the BugCrowd connector to allow for a larger ingestion of bounties.
- Improved the Bugcrowd connector by allowing ingestion of results with “live” status.
Checkmarx:
- Enhanced the CheckMarx connector to include SimilarityId in the Reference Information displayed on Finding Instance details.
Github:
- Improved the naming convention of scheduled Github App scans to better differentiate between Dependabot and Code Scanning scans in Vulnerability Scan Ingest automation.
- Improved speed of ingestion for the Github App connector.
InsightVM:
- Enhanced the InsightVM connector to prevent failures when ingesting very large files.
- Enhanced the InsightVM Connector to include the Active Risk Strategy score in Finding References.
Jira:
- Added the ability to configure information included in the summary field of a JIRA ticket, including the severity and Nucleus label.
- Added the ability to configure information included in the description field of a JIRA ticket, including source, description, references, and many more.
- Added support for Label type custom fields in the JIRA connector.
- Improved the ‘Group picker (multiple groups)’ field type in the JIRA connector to account for both group names and IDs.
Lacework:
- Updated the Lacework Connector to work around API limitations when downloading large amounts of data.
Rapid7:
- Updated the Rapid7 Nexpose connector to use the finding discovered date provided, instead of the time ingested into Nucleus.
Snyk:
- Added a deep link URL to Snyk findings in the Snyk UI, available in the finding’s reference information section.
- Added the Snyk Project Type to Snyk findings, available in the finding’s reference information section.
- Updated the Snyk connector to grab project and organization data from their updated V3 Rest endpoints.
Sonarqube/Sonarcloud:
- Enhanced the Sonarqube and Sonarcloud connectors to ingest additional asset metadata, including project-key, project-name, branch, is-main-branch, project-tags, and project-visibility.
Reporting Improvements
- Updated the Vulnerability Details xlsx report by renaming the “scan date” column to “last seen” to align with verbiage in the interface. We have also added a column for “age”, which is the number of days since the discovered date.
- Updated the vulnerability details export on the Active Vulnerabilities page to include filters applied in the interface.
- Made minor interface adjustments when drilling into the widgets on the trends page. Contact Nucleus Support about BETA enablement.
Bug Fixes
- Fixed an issue in the InsightVM connector causing data ingestion to fail for Asset Tags of type ‘custom’.
- Fixed an issue in the Tenable.io WAS connector preventing all scans from being ingested.
- Fixed an issue preventing UK customers from being able to use the Nucleus Agent.
- Fixed an issue causing searches by Finding Name on Resolved Vulnerabilities to return incorrect results in certain browsers if the search criteria includes a ‘<’ character.
- Updated the Carbon Black connector to begin downloading again after Carbon Black made an unannounced breaking change to their API.
- Fixed an issue in causing credentialed scans from Nexpose to display as not credentialed in the Scan History on assets.
- Fixed an issue causing the Org Email Footer defined on an Organization to not be used in assignment email notifications.
- Fixed an issue causing roles assigned to a user in User management to not get saved.
- Fixed an issue preventing users with the proper permission (Update Findings) from being able to upload assessments via the API.
- Fixed an issue preventing users from being able to remove filters after navigating back to the Asset Management page in specific scenarios.
- Fixed an issue where modifying report parameters for a scheduled Vulnerability Details xlsx report were not saving as expected.
- Fixed an issue in the Snyk connector where container images were incorrectly categorized as an application asset type in limited scenarios due to the Snyk API not respecting its documented contract.
- Updated the Snyk connector to replace Unicode space characters with a regular ASCII space.
- Fixed an issue in the Snyk connector where images were not being ingested as expected in very limited scenarios.
- Fixed an issue in the global asset filter, where users restricted by asset groups could see data outside of their restrictions in the new primary asset name and primary asset ip address fields.
- Fixed an issue where updated descriptions and solutions were not reflected in the vulnerability export.
- Adjusted the Rapid7 connector so that the “rapid7.owner” asset metadata is an expected data type that can be used as a dynamic value in Asset Processing automation.
- Fixed an issue in the Tenable.io connector where we were not using the “exploit_available” field to determine exploitability as expected after Tenable made an undocumented breaking change to their API affecting a small number of customers.
- Fixed an issue in the Resolved Vulnerabilities page where we were not displaying the status expiration date in the expected tool tip location.
- Fixed an issue where the count on the Top Risks page was not matching the count in the Top Risks widget in the project dashboard.
- Fixed an issue where navigating back to the Asset Management page from the asset details view was not maintaining applied filters as expected.
- Fixed an issue in Asset Group Access Control V2 BETA in the global dashboard where asset groups could not be removed from a team once applied.
- Fixed an issue in the findings/search endpoint where we were not returning “mitigated via scan” findings as expected.
- Fixed an issue in the Sonarqube connector where assets that only had a default branch were incorrectly marked as “master” instead of “main”, causing assets not to merge as expected.
- Fixed an issue where generating a Vulnerability Details XLSX report, or Vulnerability Custom XLSX report filtered by teams, or due dates were running longer than expected in environments with large amounts of data.
- Fixed an issue where invalid values were incorrectly accepted when creating a ticketing rule via API.
- Fixed an issue in Asset Processing automation where creating a new rule with a filter applied was adding the rule to the bottom of the filtered view, as opposed to the bottom of the unfiltered grid as expected.
- Fixed an issue in Finding Processing automation where certain asset criteria could not be added back once removed.
- Fixed an issue where filters were not maintained when navigating back to the asset management page from the asset details view.
- Fixed an issue in the Rapid7 Insight VM connector where download jobs for on-premise systems would not complete when the system was under load.
- Fixed an issue with the Vulnerability Custom Report options, where Assigned Team data was not populating.
- Fixed an issue where the export on the Asset Management page resulted in an error when filtering the page by OS with a long name.
- Fixed an API documentation issue where we stated that the “team_name” was a required field for the PUT teams/bulk endpoint, instead of the “team_id”.
- Fixed an issue where Finding Processing rules set to execute in a cascading manner did not run as expected.
- Fixed an issue where deselecting certain options in the Vulnerability Details xlsx report were still showing in the report when scheduled.
- Fixed an issue where the original severity was not populated for new findings in the “Adjust Finding Severity” window.
- Fixed an issue where ticket numbers were viewable in a tool tip without view ticket permissions.
- Fixed an issue in the trends page where certain graphs were incorrectly showing future dates.
- Fixed an issue where the “Sync Tickets” functionality was not syncing as expected for ServiceNow.
- Fixed an issue where we incorrectly showed that an ingested file was processing, even though it errored out in the backend due to an incorrect filename.
- Fixed an issue where tickets were created for findings that had already been resolved.
- Fixed an issue in the global dashboard where the connector activity page was not loading in environments with a large amount of connector activity.
- Fixed an issue in asset decom and asset processing automation where certain regex characters were incorrectly capitalized in limited scenarios.
- Fixed an issue on the resolved page that was causing inconsistent results when filtering by asset group.
- Fixed an issue in Finding Processing automation where rules set to assign findings based on asset group criteria were not assigning as expected.
- Fixed an issue in the Tenable WAS connector where we were not ingesting all targets.
- Updated the Prisma connector when ingesting an asset without findings to ensure the correct “last seen” date is applied.
- Fixed an issue with the “Severity – Original” criteria in Finding Processing automation where the rule did not run unless other criteria was specified.
- Fixed an issue where dynamically setting the business owner (user) via Asset Processing Automation appended to existing values rather than replacing.
- Fixed an issue where the numbers displayed for “Asset” and “Count” were not matching Instance level numbers when filtered by “last seen”.
- Fixed an issue where scheduling the Global Summary report resulted in an error.
- Fixed an issue where specific strings in the ticket Description caused manual ticket creation to fail.
- Fixed an issue in Asset Processing Automation where rules were not saving when dynamically setting data sensitivity.
- Fixed an issue with Finding Processing Automation at the global level where editing existing rules with “status” as criteria resulted in an error.
- Fixed an issue in the Vulnerability Details XLSX report, where the Snyk path was not populating.
- Fixed an issue in the Vulnerability Details XLSX report where the Exploit Available column was incorrectly displaying Assigned Team data.
- Fixed an issue in the Vulnerability Details XLSX report where using a certain combination of filters resulted in an error.
- Fixed an issue with the Lifetime widget on the Trends page, where the severities were out of order when the page was filtered by asset group.
- Fixed an issue where navigation between pages on the Active Vulnerabilities page was not working.
- Fixed an issue where longer project names were getting get cut off in the Asset Group Access Control window.
- Fixed an issue where assigning teams too many times was truncating and then removing asset comments in the Activity and Comments section.
- Fixed an issue where generating the Global Trends report with many projects selected resulted in the title rendering incorrectly.
- Fixed an issue where certain Tenable chunked files were not saving as expected due to invalid characters in the scan name.
- Fixed an issue where we were not tracking assets by IP in the Qualys connector when ingesting scan imports via CSV and opting not to track assets by hostname.
- Fixed an issue in the Tenableio connector where findings could not be ingested after Tenable made a change to their API endpoint.
- Fixed an issue causing hosts to remain inactive in specific scenarios where they should have been reactivated by a new scan.
- Fixed an issue causing CrowdStrike ingests to fail when importing by Host Group in specific scenarios.
- Fixed an issue causing the GET /projects/{project_id}/findings/search endpoint to incorrectly return a 503 error in specific scenarios.
- Fixed an issue causing the GET /projects/{project_id}/team API endpoint to return asset_groups as a String instead of an Array.
- Fixed an issue causing the password reset email to contain the default Nucleus footer rather than the organization email footer.
- Fixed an issue with the Resolved Vulnerabilities page not respecting filters on vulnerability Statuses.
- Fixed issues related to filtering on Teams in the Vulnerabilities Top Risks page.
- Fixed an issue with the Vulnerability Details xlsx report causing unselected fields to still appear in the generated report.
- Added additional validation to automation APIs to prevent submitting incorrectly formatted data, causing the automation tabs in the UI not to render.
- Fixed an issue in the Executive Brief report, where the “Most Vulnerable Assets” section of the report was showing data outside of specified asset group filters.
- Fixed an issue where the Syslog connector could not be deleted in limited scenarios.
- Fixed an issue where org admins could not access the organizations page in the Global Dashboard.
- Fixed an issue where ticketing automation was not creating tickets as expected for findings without threat intel.
- Fixed an issue in the Resolved Vulnerability page where applying a custom date range was not properly taking the end date into consideration.
- Fixed an issue where applying an asset group filter via the asset filter sometimes used an unselected asset group.
- Made several enhancements to Asset Processing automation:
- Fixed an issue in Asset Processing automation where setting network exposure was not working as expected in limited scenarios.
- Greatly improved the speed of Asset Processing automation by removing unnecessary calls to the backend.