At Nucleus, we strive to continuously level up our attention to detail and quality of implementation with each new release. One customer recently noticed and told us that our approach is “refreshing compared to many other security vendors”. We thrive on feedback like this so please, don’t hold back! We’re continuing to upgrade our application across the board in all areas, so expect to see continued improvements over the coming months and years.
In this release, we’re very excited to announce Nucleus Teams! This is a completely new set of features across the platform for managing vulnerabilities and assets across groups of users. With Teams, you can solve one of the most challenging issues in vulnerability programs, how to represent ownership of assets and vulnerabilities on those assets. Within Nucleus, Teams can now own and support assets, as well as be assigned vulnerabilities intelligently, either using the Nucleus Automation Engine or manually. Using the Vulnerabilities Assigned To My Team page, users within your organization are now a core participant in your vulnerability management program and will have all the context and information they need to drive faster remediation activities at scale. You can find out more about the Nucleus Teams release here!
We’ve also released a much-anticipated power feature for managing vulnerabilities at scale – the ability to bulk edit vulnerabilities. Now you can use the UI to make sweeping changes to the vulnerability data you manage, such as updating a vulnerability attribute (e.g. changing the severity) or completing a workflow task. A deep-dive blog into this new feature is coming soon!
And of course, no release is complete without some connector news. We are pleased to announce the beta release of our new GitHub Connector for Code Scanning, enabling you to easily import CodeQL scanning results for source code repositories into your Nucleus project. Read more about the GitHub Integration here.
Finally, we also released some significant speed improvements for viewing vulnerability data in the platform. Both the vulnerabilities trends page and the resolved page should now load almost instantaneously, representing (in some cases) up to a 3000% increase in speed.
Complete list of changes and bug fixes…
- NEW You can now create and manage Teams in a Nucleus project.
- NEW Assets can now be owned and supported by Teams. This can be applied manually and via automation.
- NEW Vulnerabilities can now be assigned to Teams manually and via automation.
- NEW The Nucleus Custom File Schema now supports setting the business owner team and support team.
- NEW Asset filters have been updated to be able to filter by business owner team and support team.
- NEW Vulnerability filters have been updated to be able to filter by assigned team.
- NEW There is a new Assigned To My Teams page for viewing vulnerabilities assigned to your team.
- NEW There is a new GitHub Connector for Code Scanning. This connector is in beta and supports ingesting CodeQL analyses from organisations on GitHub.com.
- NEW The Active Vulnerabilities page now has a bulk edit feature for making changes to vulnerabilities at scale.
- NEW The Vulnerabilities Trends and Resolved pages now load significantly more quickly.
- UPDATE The Rapid7 InsightVM connector now imports agent-based scans.
- UPDATE Microsoft Defender for Endpoint vulnerabilities with a None severity is now set to Informational in Nucleus.
- UPDATE Processing of Microsoft Defender for Endpoint scans is now more performant.
- BUG FIX Fixed an issue where the AWS ECR Connector was scheduling the same rule more than once.
- BUG FIX Fixed an issue where some container images from AWS ECR were not being imported.
- BUG FIX Fixed an issue where the scan description for Nessus scans was updated incorrectly.
- BUG FIX Fixed an issue where filtering on the trends page was not correctly rending all dates.
- BUG FIX Fixed an issue where vulnerabilities in specific situations would not open from the asset vulnerabilities tab.
- BUG FIX Fixed an issue where email addresses were not being shown for users in a project.
- BUG FIX Fixed an issue where assets with vulnerabilities from both Tenable.io and Tenable.sc were not persisting as resolved.
- BUG FIX Fixed an issue where manually mitigated findings were not marked as manual when opened and resolved on the same day.
- BUG FIX Fixed an issue where manually mitigated findings were not included in the total mitigated findings count.
- BUG FIX Fixed an issue where API logins were not counted towards the last login date.
- BUG FIX Fixed an issue where scheduled report criteria was being reset while updating the report settings.