This roundup of releases for Q1 slaps harder than the 2022 Oscars! We’ve got a little bit for everyone. We hope the changes here will help you continue to find and cut down vulnerabilities like ninjas! We hope all this makes your life easier. Enjoy!
Aggregating, correlating, cleaning, and organizing vulnerability and asset information from all the security tools our customers use across network, application, and cloud environments is foundational to Nucleus’s value. Centralizing all the data and ensuring it’s correct and current is the first step towards achieving maturity in managing vulnerabilities effectively.
Ultimately, it’s having the visibility into what you have and who owns what across all your tools, systems, and teams, being able to establish accountability and benchmark performance that sets the stage for a successful program. Having these cornerstones in place allows you to reduce risk and make life hard for the bad guys so they seek out easier targets.
To ensure Nucleus customers are successful with vulnerability management, we’re constantly adding connectors to sync data from preferred tools, while making it faster and easier to prioritize what to fix by considering org-defined asset risk criticality and automatically correlating findings with high-quality sources of threat intelligence tailored to the vulnerability landscape.
Today we’ve got two big integrations to announce that Nucleus customers are super jazzed about. Let’s get into it!
The Nucleus CrowdStrike Connector
We’re excited to announce an integration and Nucleus connector for CrowdStrike! CrowdStrike is an immensely popular platform for security at an enterprise scale and Nucleus now supports CrowdStrike Falcon Spotlight.
The integration allows customers to sync data from CrowdStrike to Nucleus automatically on a recurring schedule. CrowdStrike generates huge volumes of data, so the Nucleus engineering team streamlined the ingestion of extremely large datasets to make the connector as performant as possible.
Now customers of CrowdStrike and Nucleus can enjoy the benefits of syncing vulnerabilities discovered in infrastructure assets by CrowdStrike, along with data from other tools for an enhanced global, hierarchical view of all assets and vulnerabilities across the organization.
Not only that, but customers can also use asset metadata from CrowdStrike to create fine-grained automation rules that make it easy to abstract away many of the manual and time-consuming tasks like grouping assets, assigning assets and vulnerabilities to individuals, and teams, and setting due dates to enforce SLAs.
The Nucleus Tanium Connector
Nucleus ingests data from all sorts of sources, from asset inventory to vulnerability and compliance scanning, to threat intelligence. Using the new Tanium connector, Nucleus can now ingest data pushes for three modules:
- Tanium Asset
- Tanium Comply – Vulnerability
- Tanium Comply – Compliance
This connector was a different approach. You won’t see it in the Connector list within the Nucleus console, but rather Tanium will push the data to Nucleus. We see event-driven and pushing of data in real-time as the future of vulnerability data aggregation, and this connection is helping to define this new pattern.
You can now get all your assets, vulnerability, and compliance information out of the Tanium console into Nucleus quickly and easily to be normalized, analyzed, and correlated to the rest of the data in your technology stack. We are extremely excited about this integration and believe it will supply massive value to customers.
Ticketing Rules create tickets for all vulnerabilities older than a year
When Nucleus was first built, data older than a year was not something that users wanted to orchestrate and automate. As our customer base has grown, it became clear that by using Nucleus organizations are discovering vulnerabilities that were discovered 2, 3, and sometimes 10 years ago in their infrastructure! When looking at this data, we decided it was important for automation rules and ticketing rules to be able to apply to all vulnerabilities, even ones that were discovered in 1997 (a wonderful year wasn’t it?).
With this latest update, you can now use automation rules to trigger on vulnerabilities that were discovered more than a year ago, and there is a new attribute in the matching section to allow you to set how old you want the matching to go back in time. This is meant to supply maximum flexibility for users in their automation and orchestration pipelines when using the Nucleus platform.
SSO Team Mapping
SSO team mapping enables you to map groups and roles from your SSO provider to a team within a Nucleus Project so that when team members log in to Nucleus, they are automatically assigned to their team within the Nucleus Project and can automatically see vulnerabilities assigned to their team. Users will both gain and lose access to the Team based on the SSO Objects specified.
Miscellaneous
- Enhanced Assetnote Connector: The Assetnote connector can now ingest tags for use within Nucleus.
- Additional Threat Data: The vulnerability details XLS report has been expanded to include more threat data from Mandiant, CISA BOD, AND EPSS.
- Asset Filter Enhancement: Filter by assets that are not in an asset group to more easily assign ungrouped assets to a group.
- Security Scan Center Enhancement: General improvements to the Tenable Security Center scan type for faster processing.
- Netsparker (now Invicti) New Date Formats: We’ve added support for a wide variety of date-time formats when setting up the Netsparker (Invicti) connector.
- Update to Nexpose: Made an update to more accurately represent scan history in the Nexpose connector.
- Added Qualys Metadata: Added more cloud host metadata from Qualys VM reports.
- Enhanced Rapid7 Connector: Added the ability to ingest secondary hostnames from the Rapid7 connector.
- Expanded Vulnerability XLSX Report: Added more score metrics to the Vulnerability XLSX report to more easily compare scores across certain scan sources.
- Enhanced Tanium Connector: Enhanced the Tanium connector by speeding up file ingestion via API.
- Added Criteria to Automation: Added the ability to include finding path to vulnerability criteria in automation.
- Added Additional Metadata to Qualys Connector: Added support for metadata from Qualys WAS.
- Added Additional Metadata to GitHub Connector: Added support for metadata from GitHub to include repository topics.
- Enhanced External Notification System: Enhanced the external notification system for more reliable notification functionality.
- Updated Burp Connector: Updated the burp connector to handle missing XML paths.
- Added Status Permissions: Added status permissions, which allow admins to denote the statuses that a particular role is allowed to set for findings. We’re excited about this one and hope you are too.
- Added the Ability to Ingest Snyk Code Vulnerabilities – EXPERIMENTAL: Added the ability to ingest vulnerabilities from Snyk Code into Nucleus. Note: this uses Snyk API v3 endpoints which are labeled experimental and have known limitations such as not always being able to ingest all instances of a finding and slow ingestion speeds (both limitations in the Snyk API).
- API Updates:
- Included justification_datetime in the projectsprojectfindingssearch response.
- Added the ability to include URL encoded finding_number.
- Added the ability to return due dates for findings.
If you’re interested in learning more about the CrowdStrike or Tanium connector or any other changes, please contact your friendly Nucleus customer success representative!