#
Changelog
#
April 2, 2024
LATEST
- Support link in main navigation now opens a new tab at support.netspi.com
- Parent tenants may now filter child tenants by name
- Performance improvements were made to vulnerability creation workflow
#
March 12, 2024
LAST
- Fix date formatting bug on the IP Address table bug
- Added filter to Customize Column modal in Ports
- Change password functionality added to user settings
- Support link in main navigation now opens a new tab at help.netspi.com
#
February 28, 2024
- Renamed vulnerabilities copy button to Assets
#
February 21, 2024
- Performance and stability enhancements
#
January 30, 2024
- Added
Client Comments
text field to full vulnerability view
#
January 11, 2024
- Added asset details (tags, labels, and availability region) to assets discovered by cloud scanners
- Added
Client Comments
text field to Vulnerability sidebar - Parent clients can now be assigned in the
Create Client
modal - Changed sorting order of clients in the client dropdown list
- Added CSV Export button to data tables
- Visual improvements to Discovery Chain graphs
#
December 19, 2023
- The
Time Since Last Scan
card on the Signal Dashboard was not counting scans executed via the new scan engine. bug - Configurable timeouts are now enforced in the scanning engine, and are reflected in the operation status modal when relevant
- Canceled workflow executions were sometimes misreported as having failed bug
- Vulnerabilities that were remediated in bulk would not have their
Remediated At
date set bug - Pilot marketing features visible for pilot clients
- The table column header filter icon was not working bug
- Added the "Exists" operator + misc bug fixes to search string parsing for Search Assistant bug
#
December 5, 2023
- Add hosting provider name to vulnerability and port tables
- Vulnerability History charts now include vulnerabilities that are marked "Ready For Retest"
- Workato user associations were not being handled during user deletion bug
- A new Search Assistant feature was added to aid users in building search queries.
- If a domain is removed from monitoring, any associated certificates with no open, monitored ports are also deactivated
#
November 9, 2023
- A new Executive Summary dashboard was added to provide high-level statistics on your assets and vulnerabilities
- Asset graphs on the FAQ dashboard are now limited to monitored assets
- Add optional 'Created by Vulnerability Trigger' column on Vulnerabilities table view
- Patch concurrent login attempt functionality
- The Vulnerability Trigger default suggestion panel was not being displayed as expected for domains and IPs bug
- Creating a Vulnerability Trigger with no search query could generate an invalid filter bug
- Discovery Chain item attribution labels fit within the chain graph better and have a tooltip.
- Bulk DNS upsert request would fail on duplicate IP-Domain relation records bug
- Several improvements were made to the internal scanning engine
#
October 18, 2023
- Store HTTP response headers during HTTP metadata scanning
- Add Google Cloud Platform (GCP) support
- Deleting a user that belonged to multiple clients was deleting too many references to the user bug
- Deleting users and/or clients was taking too long bug
- Updating vulnerability statuses via bulk table actions was not generating QA tasks bug
- If a client deletion interrupts a request, a more informative error is returned
- Tasks will now display a "started at" time, which tracks when they were first set to in-progress.
- Add a dropdown in the Create Client form to allow for different client types
#
September 26, 2023
- ASN scan would fail if client owned both an ASN domain and AS domain bug
- Remove green background from product icons in detail view bug
- Long-running ASN scans would sometimes not have their final status displayed to the user bug
- Add the full standard set of columns to the Vulnerability tables displayed within tasks
- Display the date when a vulnerability was remediated
- Fix placeholder text when creating vulnerabilities in dark mode bug
- Remove
Reload Page
warning when text hasn't been changed while creating vulnerabilities bug
#
September 12, 2023
- Change copy to clipboard text when performing bulk table actions
- Fix toggle colors for API settings page in dark mode bug
- Improve text overflow behavior in the asset sidebars
- Syncing company data now adds related domains and their ASN IP ranges to the attack surface
- Companies can now be set to monitored or unmonitored, with corresponding updates made to their associated assets
- Certificate vulnerabilities were being excluded by table filters and were missing asset column data bug
- Execution metadata were not being displayed in the Vulnerability Trigger settings bug
- The transparency log sync could fail for root domains with very large sets of subdomains bug
#
August 25, 2023
- New user notifications included an incorrect hyperlink bug
- If an IP is removed from monitoring, any associated certificates with no open, monitored ports are also deactivated
- Improve responsive layout of table controls
- Display Common Product Enumeration details for domains
- Facet sidebar is now collapsible on desktop
- The Domain activity history was not properly tracking CDN updates bug
- Truncate long text in tables
- Fix overlapping dropdowns in notification settings bug
#
August 8, 2023
- Custom vulnerability triggers can now be created using only facet filters
- Updated button text in ASNs Sidebar
- Removed unmonitored services from the pie chart count on the Attack Surface Dashboard bug
- Perform strict search of service name when clicking on the pie chart
- Display last activity and created at information in team directory
- Duplicate vulnerabilities could be generated because of how some blank field values were handled bug
- Added links to statistics cards in the Signal Dashboard
- Display date user was created in the team member details
- Portfolio dashboard was throwing errors for portfolio clients without children. bug
- When clicking on a DNS Record in the Discovery Chain graph, the proper filter is now applied to the DNS Records table. bug
- Added pagination to the Vulnerability Triggers page in Settings
#
July 25, 2023
- Fixed a bug where disabling network analysis on large amounts of IP addresses could fail bug
- Hyperlinks in Attack Surface Report emails now link directly to the proper pages
- Date columns in the Domain table are now sortable
- Date is now populated for
Reported At
column for non-verified vulnerabilities bug -
tcpwrapped
service type ports are now excluded from management ports consideration - Fixed rendering of Beta Report PDF bug
- Added copy-to-clipboard buttons in several areas
- Sort by ID instead of Reported At when switching to "All Vulnerabilities" table filter bug
- Added optional column
Network Analysis
for the Domains table -
Weak
badge inCertificates
display widget is now clickable and navigates you to reference links for weak SSL/TLS ciphers upon click - Certificate ciphers and protocols were failing to save bug
- Domain summary report PDFs now include the domain in the file name
- Deleting a user from a portfolio client also deletes that user from the sub-clients
- Added ability to edit a tag name
#
July 11, 2023
- Fixed proper display when hovering over an IP range in a table bug
- Show an error when adding an IPv6 address
-
Created At
andUpdated At
columns are now visible for ASNs - ASN table was showing invalid data when hovering on an IP range bug
- Facet searches were showing as lowercase bug
#
June 26, 2023
- Day-range selectors have been added on Asset and Exposure dashboards
- When clicking a table header's filter button the default value is now
*
instead of""
. bug - Markers on IP location map can now be clicked to see a list of IPs represented by that marker
- The Asset dashboard's info cards were showing incorrect counts for
Vulns
andPorts
bug - Cancel button on
Update a Vulnerability Trigger
modal was not working as expected. bug - Alphabetic sorting in search result tables is now more accurate
- IP addresses can now be copied directly to clipboard from tables
-
Updated At
andCreated At
columns are now available for ASNs - Domains that are hosted on non-owned IP addresses now have scanning coverage for the top 200 TCP ports
#
June 5, 2023
- Discovery chain node limit error message was overlapping delete button. bug
- Default filter text was not in proper format for
Open
port. bug - Informational vulnerabilities count was mismatched for
Vulnerabilities Stacked by Severity
andSeverity
graph. bug - Increased company sync request fault-tolerance. bug
- Portfolio dashboard enhancements
- Increased network and web vulnerability scan coverage
#
May 23, 2023
- Added client name to attack surface report.
- Chain items were not getting inserted for vulnerabilities. bug
- Added allowlist link in ASM guides.
#
May 22, 2023
- Filter buttons in UI were causing empty search queries and errors. bug
#
May 19, 2023
- Links to closed ports on the exposures dashboard included incorrect search filters. bug
- Vulnerability reports that don't have any vulnerabilities now look better. bug
- Added input field for CVSS vector in input form for
Add Network Vulnerabilities to Ports
. - Portfolio dashboard improvements
- Vulnerability bulk status updates would fail it the asset column was ordered or an asset facet was selected. bug
- In the Vulnerability table, when clicking the add filter icon on the
port
column, aname
filter was being inserted instead of aport.number
filter. bug
#
May 16, 2023
- Workato integrations were not being removed when a client account was deleted. bug
- The history widget was showing erroneous change events for the integration identifier field. bug
- Added new button
Needing Attention
underBulk Actions
dropdown menu which can set monitored field of domains or IPs to null. - Bulk Actions > Set Status option will be shown only to user having update permission. bug
- Vulnerability sidebar was not showing certificate information. bug
- When a domain, IP, or port is deleted, associated certificates and products are also deleted if they're not used by any other resource
- New option for Vulnerability API endpoint to return text in Markdown or Plaintext instead of just HTML
- Added confirmation modal for deletion of port. bug
- Asset dashboard vulnerability cards were showing incorrect values. bug
- Fixed bug where some CVSS info could be removed if certain other vulnerability information was edited. bug
- Added a
Login to Workato
button to Settings > Integrations - Saving a vulnerability could sometimes erroneously delete its CVSS information bug
#
April 26, 2023
- Company data is now available! Go to Assets > Companies to see your related companies and company hierarchy. Learn more here
- Attack surface reports can now be delivered straight to your inbox!
- Added vulnerability trigger for certificates.
- Selected operation name will be shown under user provided operation name in operation tab.
- Status Timeline graph for ports now shows null states. bug
- CVSS score in the vulnerability sidebar can now display a score of 0. bug
- The Add Asset validation check will now flag erroneous IP ranges in the case of either error:
Start IP address must not be larger than End IP address
orIP range contains more than 1 million IP address
. bug - Bidirectional Jira integrations are now supported
- Some ASNs were not displaying their monitored state. bug
#
April 13, 2023
- Added support for discovery of DMARC, DKIM, and SPF DNS records
- ASNs can now be set to not monitored
- Added virtual host enumeration capability
- Global search now supports an option to include only monitored assets
- Updated the Information vulnerability severity to Informational bug
- Changed the layout for graphs of entity dashboard in order to make sure it won't disappear when large numbers are present in it
- The IP address "added via network analysis" status is now non-editable after creation bug
- Fixed Workato's font color in dark mode bug
- Username styling in navigation view is now ellipsis. bug
- Once task is completed, user won't be able to see
Set to In Progress
button - Vulnerabilities can now have a CVSS 3.1 metrics string, and will calculate the CVSS score
- Fixed name capitalization in the history widget for NetSPI bug
- When an item is deleted from the sidebar, the data table now updates automatically bug
- User deletion was failing if the user had manually created a vulnerability at any point bug
#
March 23, 2023
- Info card graphs are now shown underneath their counts, allowing larger counts to not hide the history graph bug
#
March 22, 2023
- Support for multiple PTR records on a single IP address
- Hyperlinks are now clickable in the What's New widget. Code text will also now be shown with a gray background.
- Changed the color of informational vulnerability severity in severity graph. bug
- Read-only users were incorrectly being shown the toolbar in rich text fields. bug
- Fixed the direction of rotation for workflow execution arrows. bug
- The ASM logo is now clickable and upon click the page will navigate to the attack surface dashboard. bug
- ASN scanning could erroneously descope associated IPs and ports in cases were an ASN changed for a pre-existing IP range and domain bug
- Integrations are now available to account Admins. Learn more here
- Remediated vulnerabilities will be recreated if discovered again post-remediation
- SSL/TLS ciphers were not properly reporting for all protocols bug
- Additional documentation around cloud integrations for ASM can be found for AWS and Azure
- Asset imports were not alerting when >1 million assets are attempted to be imported at once bug
- Fix for deleting a domain that has linked vulnerabilities could fail bug
#
March 7, 2023
- Global search now supports exporting to CSV
- Certificates will now show enabled SSL/TLS protocols and ciphers for the services serving those certificates
- When IP addresses are descoped for a newly expired ASN, their ports are now descoped as well bug
- Users can now select the severity of the vulnerabilities that they'd like to be notified about
- Checking for cloud storage configurations weaknesses bug
- Removed ASN third-party providers FAQ section
- The clickthrough functionality on the dashboard stacked vulnerability chart was not working bug
- Ordering product services by the version column was failing bug
- The homepage advanced search feature now shows a loading spinner when waiting for results
- Fixed Non-verified vulnerabilities having a Reported At date after bulk updates bug
#
February 21, 2023
- IP addresses that have exceeded the max scan duration for port scanning are now separated into
TCP
andUDP
types and can be searched usingtcpPortScanTimedOut:true
orudpPortScanTimedOut:true
on the IP address table - Fixed vulnerabilities and ports count mismatch on asset dashboard. bug
- Updated styling on the Notifications page.
- ASM integration with Resolve for External Network Penetration Tests.
- Simplified permissions model for admin users
- Certain tables displayed compressed rows when used alongside the rich text editor bug
- When editing a description field in the sidebar, unsaved values were displaying as saved values bug
#
February 9, 2023
- Global Search is now accessible from the left navigation panel!
- New QA status for vulnerabilities, complete with a QA Review task for vulnerabilities that are in QA status.
- Fixed incorrect Create Vulerability Trigger modal being shown when search is modified from default bug
- Vulnerability tables had incorrect columns available on the settings modal bug
- Global Search now supports searching by Asset/Exposure Id.
- Vulnerabilities that failed remediation testing were counted as new vulnerabilities in email notifications bug
- In-app notifications for vulnerabilities that failed remediation testing were redirecting to an incorrect URL bug
#
February 2, 2023
- The bulk action dropdown was overlapping the search help menu. bug
- In settings for
Vulnerability Triggers
, text pluralization was incorrect bug - The
Copy Assets
button was not copying common names in the certificate table bug - Added sorting ability on
Asset
column on the Vulnerability and Port tables. - Added a widget to the Dashboard to show the most recent changelog items
- Updated domain card on the assets dashboard to show count of monitored (live and unlive) assets.
- Vulnerability trigger query is now editable on creation.
- When viewing full product details, the version of each service is now shown
- Added certificate display widget for domains and IPs.
#
January 19, 2023
- The domain search on the ASM homepage now allows users to expand their search to include organizations associated with their domain.
- An unnecessary error would sometimes be reported on multiple attempts to delete the same user bug
- IP addresses that return >1000 open ports are now considered "timed out" and the ports are discarded.
- Added categories column to the products table which will display as a truncated list.
#
December 28, 2022
- Client admins can now configure vulnerability triggers on filtered domains, IPs, and ports. Learn more about this feature here.
- ASN generated IPs were not being flagged as discovered by NetSPI bug
- Added the Tags list filter to the Port table page.
- The severities on the
Vulnerabilities Stacked by Severity
chart located on the dashboard view now link to the vulnerabilities page, filtered by the selected severity. - On the Domains page, 'Scan Certificate Transparency Logs' now identifies and inserts any new domains from a client's associated certificate transparency logs.
- The Domains Explore page now has facet filter for
Subdomains
- Added the
Accepted Risk
vulnerability status.
#
December 9, 2022
- A rate limit of 20000 requests per 5 minutes has been applied to all ASM APIs
#
December 8, 2022
- Vulnerabilities can now be added with only a domain or IP address, for vulnerabilities that don't affect network ports (e.g. DNS vulnerabilities).
- Vulnerability table CSV exports will now display the description, remediation, and verification text for each row
- Disabling network analysis for domains was failing bug
- A port's products were still being displayed after it was marked as unmonitored bug
- When the
Web Ports
filter is selected on the Ports table, thePage Title
andStatus Code
columns will now be displayed
#
November 15, 2022
- The HTTP metadata scan now collects the favicon mmh3 hash, which is displayed in the port sidebar
- Links to the guide were not properly navigating to specific page sections bug
- Deleting a tag from an object could affect other objects with that tag bug
- IP Addresses were improperly set to offline when they had no UDP ports open, but still had TCP ports open bug
- A
Create Vulnerabilities
bulk action was added to the Ports table, which will create a vulnerability for each selected port. - Modals were not styled correctly in dark mode bug
#
October 25, 2022
- Certain domains were showing as live when no ports were open
- Automated checks added for CVE-2022-42889 (Text4Shell)
- IP addresses that have exceeded the max scan duration for port scanning will be noted and can be searched using
portScanTimedOut:true
on the IP address table - The IP Location graph wasn't displaying coordinates when zoomed out bug
#
October 19, 2022
- Admins can now create new accounts through the Create Client modal via the command palette
- Improved modal transitions
- View Async Jobs option added to the command pallet to display a list of async jobs
- Select search bars now display additional information to help construct search queries
- Overall DNS count in the Exposure Dashboard was not filtering out inactive records bug
- Added an ASM methodology chapter to Domain report
- Dropdown options were presenting as selectable for read only users. bug
- Domain and IP Address created by attributes were sometimes null bug
- The IP Discovery Chain graph now indicates whether an IP was generated by an ASN
#
October 7, 2022
- The screenshot carousel now displays screenshot-specific port number, protocol, and service type while hovering.
- Screenshots were being cut-off on the timeline history graphs bug
- All users can now use the Stop Scanning button
#
September 30, 2022
- In the Port Screenshot Gallery, the user can order perceptually grouped screenshots by port count
- Performance improvements were made to requests that insert or update ports for IPs and domains
- UX/UI updates to the Port Screenshot Gallery
#
September 28, 2022
- Deletion of slack integrations was failing bug
#
September 27, 2022
- Images in the Port Screenshot Gallery can now be grouped by perception. Learn more about this feature here.
- The Domain, IP Address, and Port table views now have the ability to copy selected assets and port URLs to the clipboard
#
September 24, 2022
- Performance enhancements were made to the Team Members view
- Users can add an attribution statement when adding assets
- Domain and IP address exports now include ports and associated assets
- Certain flyover modals were being cut off on mobile devices bug
- Table page selection now has a search field to jump to a specific page
- Domains, Ports, and IP Addresses now have all associated screenshots available to view on large detail pages
- When viewing the full details page for a Domain you can now use the Generate Report button to get a summary report for that domain
- IPs with more than 1664 ports would not have their expired ports closed bug
- The Domain explore page will now show non-live domains
- Updated from HeroIcons v1.0 to HeroIcons v2.0
#
September 12, 2022
- Added support for global tenant search in API requests
- Manually resized screenshots did not maintain their aspect ratio bug
- In Discovered Vulnerability notifications, links to the vulnerability table will be filtered to only include the discovered vulnerabilities
- Added sorting to the "name" column of the Product table
- Updates to the tag selection popup including adding search functionality and styling improvements
- Removing ability to manually add ASNs, ASNs are now automatically detected and added to your attack surface.
- In the IP Address table, the IP column was not sorting numerically bug
- The main dashboard now shows you trends of all vulnerabilities on your attack surface, separated by severity
- Clients containing a portfolio of ASM customers can use the new Portfolio dashboard to view all organizations they are responsible for
- On the ASNs page, 'Scan for ASNs' now validates and updates existing ASN associations in addition to inserting newly identified ASNs.
- FAQ outlier services will only show outliers with fewer than 20 ports
- For users with access to multiple clients, their parent client now has a Home icon next to it in the client chooser
- Port Gallery has been converted to an Explore page with left-hand facet searches
- SAML SSO now supports users from multiple domains
#
September 6, 2022
- Increased inline search bar page size to 50 records and added help text when there are >50 records.
#
September 1, 2022
- Images pasted into a text editor will be limited to 80% of the editor width
- The Add Assets view now includes an option to allow invalid CIDR ranges if they can be converted to a valid equivalent
- Added a screenshot gallery to the ports page accessible via the table/graph view selection buttons
- HTTP ports now track status code, content type, content length, HTTP reachability, and their JARM.
- Certain CSV exports contained malformed columns bug
- Users with the tenant switcher will now see active tenants sorted to the top and inactive tenants sorted to the bottom.
#
August 24, 2022
- IP ASN links now point to https://ipinfo.io instead of https://arin.net.
- The ports display on the domain details page will show the associated IP next to the port number when relevant
- Tables now have the option to select the number of rows shown when using the desktop view
- Clicking on a link while pressing the Command (MacOS) or Control (Windows) key will open it in a new tab if possible
- Domain names and IP addresses were not sortable bug
- Tables now have jump to first and jump to last page buttons
- Clicking the globe on the dashboard will now present you with all scanning information for your attack surface, as well as an option to immediately stop all scanning.
#
August 19, 2022
- Products will be marked as inactive when they are no longer found on services
- Discovery chain graphs will now represent when a relationship is inactive (e.g. between a port and a certificate that has been removed)
- Performance improvements were made to the IP history graph
- Description field updates will now show up in the activity log for IPs and Ports
- The ASN asset page will now display all ASNs associated with your organization, including IP range information.
#
August 15, 2022
- Fixed bug that sometimes caused duplicate tasks to be generated bug
- In the Vulnerability details view, a link icon was added next to the 'Affected URL' field so you can navigate directly to the full URL
- When adding a vulnerability, the flyover now has double width for better data entry.
- AWS cloud integration scans were failing to run bug
#
August 4, 2022
- Our Azure integration is now live! Integrate today to sync all ephemeral IP Addresses from your Azure subscriptions. Check out our docs for more information.
- PTR records are now automatically associated with your attack surface as Domain assets
- Fixed bug that could prevent the FAQ graphs from correctly displaying how many IPs were discovered by NetSPI bug
- Certificates will be marked as inactive when replaced by a new certificate on the same service
#
July 29, 2022
- Vulnerability name, affected url, and attack param fields now have whitespace trimmed on input
- The Vulnerability History graphs on the Domain and IP details views now include a checkbox for showing vulnerabilities from associated assets
- Related domains are now graphed on the Cloud card when viewing the asset dashboard
#
July 22, 2022
- The history graph caption now displays more detailed and accurate counts
- Fixed bug that was occasionally causing imprecise table ordering in history graph bug
- IP address ports were not being closed when all ports went offline for a given IP address bug
- Improvements to subdomain bruteforcing
- UDP port scanning now in beta
- Assets will now be verified prior to submission
#
July 15, 2022
- Added confirmation email when requesting remediation testing
- Added summary email for remediation testing results
- The vulnerability explore page now has facets on the left-hand side to aid in navigation
#
July 13, 2022
- Performance improvements were made to the IP Exposures graph
- Fixed issue preventing the deletion of clients bug
- Updated DNS record count to only include active records on exposure dashboard bug
- Fixed bug showing all vulnerability statuses when filtering for unverified vulnerabilities bug
- Added API option to not overwrite port services when creating duplicate ports
- The History Graph table now displays its results in either cards or standard rows with column sorting
- You can change the time span displayed in History graphs via a new dropdown menu
#
July 8, 2022
- You can now request remediation testing right in the platform! Update the status of 1 or more vulnerabilities to "Ready for Retest" and our team will be notified.
- Fixed an issue with the
Set Status
submenu in the vulnerability table, which would close unexpectedly bug
#
June 30, 2022
- The history graph state timelines now indicate if/when the entity did not exist or was out of scope.
- A history graph has been added for Open Ports
- Added
Set Status
bulk action to the vulnerabilities table - IP Location maps will now display only IPs that are live and monitored
- Fixed issue with services table filtering in ASN details bug
- Pie chart color schemes are more consistent now
- The global icon on the dashboard will now display as green during any active scanning operations
- An alert will now appear if a table search term is invalid
- Field values will wrap instead of truncating
- Screenshots for IP addresses were failing to upload bug
- Out of scope ports were present in the IP exposure charts bug
#
June 2, 2022
- Check out the new FAQ Dashboard to explore common questions you may have about your data!
- An interactive version of the dashboard timeseries graphs are now available in the Domain and IP galleries.
- IP and domain details pages now include a timeline of their live/offline status
- Timeline graph was failing on empty field values bug
- Fixed issue where deletion requests could fail bug
#
May 31, 2022
- Vulnerability PDF reports now contain the attack parameter field for each vulnerability
- Rich text editor code blocks were showing light backgrounds in dark mode bug
- Images were failing to paste into text editors bug
#
May 26, 2022
- Dark mode is now available! Check it out in your settings.
#
May 24, 2022
- AWS Elastic IPs that were associated with EC2 instances had their Cloud Identifier set to the Instance ID. They are now set to the EIP ID.
- Fixed intermittent PDF export errors when rich text content was copy+pasted from another website. bug
- Domains containing only filtered ports were set to Online bug
- Bulk Domain and IP deletion resulted in errors bug
#
May 23, 2022
- Fixed an issue where closing small details page would cause user to be redirected to explore page bug
#
May 20, 2022
- AWS Integration now supports ingesting ephemeral domain names from Route53 hosted zones
#
May 19, 2022
- Ports were not removed from dashboards when monitoring was disabled on their related assets bug
- Non-monitored IPs and Ports were present in the dashboard IP Exposure graph bug
#
May 18, 2022
- Links on the port small details page always defaulted to HTTPS for HTTP ports
- System updates to domains and ip addresses mistakenly reported changes as user updates bug
- Fixed an issue where network analysis did not remove non-active DNS records from their respective domains bug
#
May 13, 2022
- PDF reports were failing to generate bug
- PDF reports did not include the client name on the title page bug
#
May 12, 2022
- DNS records were failing to insert when pointing to a deny listed asset bug
- Tables now support multi-sorting by holding shift and clicking multiple table headers
- Vulnerabilities now contain a
reportedAt
value to help surface the most recent vulnerabilities - Domain, IP, Port, and Vulnerability CSV exports now contain tags for their related assets
#
May 10, 2022
- The Add Assets pane now supports tagging for all inserted or updated assets
- Fixed issue where text editor and dropdown selections persist between uses bug
- New product categories will be automatically inserted in service product API
- PDF reports are now available in beta! Check them out by:
- Hitting
cmd/ctrl+k
> "View ASM Report" - Navigating to Vulnerabilities, selecting a few, clicking Bulk Actions > Export as PDF
- Hitting
- Our new status page is live! Check it out at https://status.netspi.com, you will also be alerted in-product when we are experiencing an outage
- Rich text editor images were failing to load in Firefox bug
#
May 3, 2022
- Assets without a specific monitoring status were failing to add
#
May 2, 2022
- Team Members can now be filtered by your team and NetSPI collaborators
- Fixed issue where new vulnerabilities notification could display inaccurate count bug
- New rich text editors available for vulnerabilities
- Updated Content Security Policy
- Vulnerabilities now support dedicated remediation instructions
- Command palette keyboard navigation was out of order bug
#
Apr 26, 2022
- Assets and Exposures now have new dashboards and navigation options!
- Failures during async jobs will now send in-app and email notifications
- Improved detection for invalid CIDR ranges
- IP ranges (e.g.
1.1.1.0-1
and1.1.1.1-2.2
) now supported when adding assets - Em dashes are converted to dashes in Add Assets input
- Improved explore page performance
- Table columns can now be resized!
- Fixed an issue where table pagination resulted in negative pages bug
- Table pagination was not resetting when initiating new table searches bug
#
Apr 14, 2022
- AWS Cloud Scanning now available! Manage ephemeral IP addresses for all your AWS accounts. Go here for more information. asset
- Significant performance improvements for adding and deleting assets
- Domains, IPs, and Ports now track vulnerability history on their respective dashboards
- Fixed an issue preventing most recent counts from showing up correctly in timeseries graphs bug
#
Apr 8, 2022
- Fixed an issue where port products were not being returned bug
- Fixed an issue where https ports were being identified as http bug
- Special thanks to Ryan Krause for debugging host timeout issues with port scanning bug
- AAAA records were failing to add as DNS records. bug
- TXT records were being improperly deduplicated. bug
- Added support for continuous full port scanning on hosts not responding to ping
- Fixed an issue where tables would take 5 seconds to load if navigated to immediately after page load bug
#
Apr 3rd, 2022
- Added Spring4Shell detection exposure
- Added Cisco ASA detection exposure
- Fixed issues with SSL/TLS certificate scans failing bug
- Filtered the domain dashboard to only monitored and live domains
- Web Vulnerabilities have been renamed to Network Vulnerabilties to cover a wider variety of scenarios
#
Mar 25th, 2022
- New IP Geolocation map available on the dashboard!
- Attack surface reports are now available in beta! Check them out in the command palette.
- Fixing vulnerability counts bug
- Open ports were not being toggled back to closed when no port response was received bug
- Refactored port scanners for performance and maintainability
- IP Address region and city are now searchable
- Domain dashboard is now filtered to only show monitored domains
- Domain assets are automatically added from PTR records if they match an existing root domain name.
#
Mar 21st, 2022
- Updating default table filters to only show live/valid entities
- UI updates for administrative user permissioning
- Export CSV bulk table action added
#
Mar 18th, 2022
- Discovery chains are now available!
- Dashboard now filterable by multiple date ranges
- Info card graphs improperly displaying future dates bug
- Product details pages failing to load on certain products bug
- Allowing ports to be copied directly to clipboard
- Certificates and Products refactored to better represent their underlying services
- Tables were removing default filters on navigation bug
#
Mar 11th, 2022
- End user license agreement now required for all users
- Uptime and availability enhancements
- New warnings and options around adding ASNs to your attack surface
- IP and Domain deny list updates
- Client switcher now sorts alphabetically
- Slack notification subscriptions are now removed when Slack integrations are uninstalled bug
- Refactored tables for performance and usability
- Our public API is now in Beta! Check it out here
- Bulk tagging and network analysis changes were failing bug
- Alerts are now only sent for verified vulnerabilities
#
Mar 1st, 2022
- Autonomous System Numbers asset
- Upgrade to leaflet maps
- NetSPI team members can now manually create tasks to follow up on at a later time
- Markdown viewer formatting updates for large headers
- Clicking on the header of a Domain, IP, or Port now opens a new tab directly to that service.
- Products discovered on multiple Ports showed up as duplicates on the Domain page bug
- RFC5735 addresses added to deny list
- Certain asset counts were returning approximate and not absolute counts bug
- Added Log4j web vulnerabilities exposure
#
Feb 22nd, 2022
- ASM is now Generally Available! Learn more here.
- Notifications can now be grouped by Realtime, Daily, Weekly, and Monthly timeframes.
- Slack notifications are now configurable by notification type
- IP Address geolocations are now available!
- Help guide updates
- Support tickets can now be made directly in the platform, see the
Support
button on the left-hand navigation - New and improve Command Palette, press CMD+k or CTRL+k to see it!
- Command Palette now supports full attack surface searching
- Smart text search for all pages
- Recurring and automated tasks for the NetSPI team to investigate attack surface activity
- Infrastructure performance and error monitoring enhancements
- Accounts are now locked after 5 invalid attempts
- Last login tracking now available for client admins
- Dashboard info cards and selectables not working bug
- Created API user not showing up until after refreshing page bug
- Broken product icons bug
- Subdomains returned when searching for root domains bug
- Removed support for CORS requests
- The NetSPI team can now run any scan on-demand based on their investigations of the attack surface
- Explore page search queries are now sticky when navigating between pages
#
v0.1.12
Released: 2022-02-01
- Exposure enhancements
- Details
- Chains
- TOTP-based multifactor authentication
- Web Vulnerabilities exposure
- Management ports exposure
- Infrastructure migration
#
v0.1.11
Released: 2021-12-17
- User guides
#
v0.1.10
Released: 2021-11-20
- Elasticsearch added
- Domain exposure dashboard
- Domain exposure intelligent search
#
v0.1.9
Released: 2021-11-11
- Network analysis mode added for domains
#
v0.1.8
Released: 2021-11-08
- RDNS support exposure
- Discovery history for all assets
#
v0.1.7
Released: 2021-11-04
- DNS records exposure
- Subdomain detection exposure
- New network scanning infrastructure
#
v0.1.6
Released: 2021-10-28
- Slack integration
- New logo!
- Search bar for all major grids
#
v0.1.5
Released: 2021-10-23
- Tree view grouping by tag
- Asset triage tree views
- Tree view bulk updates
- Dashboard updates
#
v0.1.4
Released: 2021-10-20
- Extensive API controller unit testing
- Tree views
- Reverting to exposure heat map on dashboard
#
v0.1.3
Released: 2021-10-10
- API documentation
- Added Monitored and Unmonitored states for assets
- Account switcher for users with access to multiple clients
- Infrastructure auto scaling
#
v0.1.2
Released: 2021-09-29
- User onboarding workflows
- Tree map graph for IP exposure detection
#
v0.1.1
Released: 2021-09-27
- Info cards and sparkline graphs
- Top service detection on dashboard
- IP exposure heatmap
- SSL/TLS certificates exposure
- Technology frameworks exposure
#
v0.1.0
Released: 2021-09-06
- Transformation from Scan Monster (on-demand scanning) to Attack Surface Management (always-on continuous scanning)
- IP Addresses exposure
- Domain Names exposure
- Ports & Services exposure
- Team management
- Bulk actions for all assets
- Initial tagging framework
- Dashboard & notifications
#
v0.0.1
Research: 2018-02-10 - 2021-09-06
- Extensive research on internet-scale exposure detection and vulnerability scanning
- Scan Monster used in over 500 penetration testing engagements