# Changelog

# April 2, 2024 LATEST

• Support link in main navigation now opens a new tab at support.netspi.com
• Parent tenants may now filter child tenants by name
• Performance improvements were made to vulnerability creation workflow

# March 12, 2024 LAST

• Fix date formatting bug on the IP Address table bug
• Added filter to Customize Column modal in Ports
• Change password functionality added to user settings
• Support link in main navigation now opens a new tab at help.netspi.com

# February 28, 2024

• Renamed vulnerabilities copy button to Assets

# February 21, 2024

• Performance and stability enhancements

# January 30, 2024

• Added Client Comments text field to full vulnerability view

# January 11, 2024

• Added asset details (tags, labels, and availability region) to assets discovered by cloud scanners
• Added Client Comments text field to Vulnerability sidebar
• Parent clients can now be assigned in the Create Client modal
• Changed sorting order of clients in the client dropdown list
• Added CSV Export button to data tables
• Visual improvements to Discovery Chain graphs

# December 19, 2023

• The Time Since Last Scan card on the Signal Dashboard was not counting scans executed via the new scan engine. bug
• Configurable timeouts are now enforced in the scanning engine, and are reflected in the operation status modal when relevant
• Canceled workflow executions were sometimes misreported as having failed bug
• Vulnerabilities that were remediated in bulk would not have their Remediated At date set bug
• Pilot marketing features visible for pilot clients
• The table column header filter icon was not working bug
• Added the "Exists" operator + misc bug fixes to search string parsing for Search Assistant bug

# December 5, 2023

• Add hosting provider name to vulnerability and port tables
• Vulnerability History charts now include vulnerabilities that are marked "Ready For Retest"
• Workato user associations were not being handled during user deletion bug
• A new Search Assistant feature was added to aid users in building search queries.
• If a domain is removed from monitoring, any associated certificates with no open, monitored ports are also deactivated

# November 9, 2023

• A new Executive Summary dashboard was added to provide high-level statistics on your assets and vulnerabilities
• Asset graphs on the FAQ dashboard are now limited to monitored assets
• Add optional 'Created by Vulnerability Trigger' column on Vulnerabilities table view
• Patch concurrent login attempt functionality
• The Vulnerability Trigger default suggestion panel was not being displayed as expected for domains and IPs bug
• Creating a Vulnerability Trigger with no search query could generate an invalid filter bug
• Discovery Chain item attribution labels fit within the chain graph better and have a tooltip.
• Bulk DNS upsert request would fail on duplicate IP-Domain relation records bug
• Several improvements were made to the internal scanning engine

# October 18, 2023

• Store HTTP response headers during HTTP metadata scanning
• Add Google Cloud Platform (GCP) support
• Deleting a user that belonged to multiple clients was deleting too many references to the user bug
• Deleting users and/or clients was taking too long bug
• Updating vulnerability statuses via bulk table actions was not generating QA tasks bug
• If a client deletion interrupts a request, a more informative error is returned
• Tasks will now display a "started at" time, which tracks when they were first set to in-progress.
• Add a dropdown in the Create Client form to allow for different client types

# September 26, 2023

• ASN scan would fail if client owned both an ASN domain and AS domain bug
• Remove green background from product icons in detail view bug
• Long-running ASN scans would sometimes not have their final status displayed to the user bug
• Add the full standard set of columns to the Vulnerability tables displayed within tasks
• Display the date when a vulnerability was remediated
• Fix placeholder text when creating vulnerabilities in dark mode bug
• Remove Reload Page warning when text hasn't been changed while creating vulnerabilities bug

# September 12, 2023

• Change copy to clipboard text when performing bulk table actions
• Fix toggle colors for API settings page in dark mode bug
• Improve text overflow behavior in the asset sidebars
• Syncing company data now adds related domains and their ASN IP ranges to the attack surface
• Companies can now be set to monitored or unmonitored, with corresponding updates made to their associated assets
• Certificate vulnerabilities were being excluded by table filters and were missing asset column data bug
• Execution metadata were not being displayed in the Vulnerability Trigger settings bug
• The transparency log sync could fail for root domains with very large sets of subdomains bug

# August 25, 2023

• New user notifications included an incorrect hyperlink bug
• If an IP is removed from monitoring, any associated certificates with no open, monitored ports are also deactivated
• Improve responsive layout of table controls
• Display Common Product Enumeration details for domains
• Facet sidebar is now collapsible on desktop
• The Domain activity history was not properly tracking CDN updates bug
• Truncate long text in tables
• Fix overlapping dropdowns in notification settings bug

# August 8, 2023

• Custom vulnerability triggers can now be created using only facet filters
• Updated button text in ASNs Sidebar
• Removed unmonitored services from the pie chart count on the Attack Surface Dashboard bug
• Perform strict search of service name when clicking on the pie chart
• Display last activity and created at information in team directory
• Duplicate vulnerabilities could be generated because of how some blank field values were handled bug
• Added links to statistics cards in the Signal Dashboard
• Display date user was created in the team member details
• Portfolio dashboard was throwing errors for portfolio clients without children. bug
• When clicking on a DNS Record in the Discovery Chain graph, the proper filter is now applied to the DNS Records table. bug
• Added pagination to the Vulnerability Triggers page in Settings

# July 25, 2023

• Fixed a bug where disabling network analysis on large amounts of IP addresses could fail bug
• Hyperlinks in Attack Surface Report emails now link directly to the proper pages
• Date columns in the Domain table are now sortable
• Date is now populated for Reported At column for non-verified vulnerabilities bug
• tcpwrapped service type ports are now excluded from management ports consideration
• Fixed rendering of Beta Report PDF bug
• Added copy-to-clipboard buttons in several areas
• Sort by ID instead of Reported At when switching to "All Vulnerabilities" table filter bug
• Added optional column Network Analysis for the Domains table
• Weak badge in Certificates display widget is now clickable and navigates you to reference links for weak SSL/TLS ciphers upon click
• Certificate ciphers and protocols were failing to save bug
• Domain summary report PDFs now include the domain in the file name
• Deleting a user from a portfolio client also deletes that user from the sub-clients
• Added ability to edit a tag name

# July 11, 2023

• Fixed proper display when hovering over an IP range in a table bug
• Show an error when adding an IPv6 address
• Created At and Updated At columns are now visible for ASNs
• ASN table was showing invalid data when hovering on an IP range bug
• Facet searches were showing as lowercase bug

# June 26, 2023

• Day-range selectors have been added on Asset and Exposure dashboards
• When clicking a table header's filter button the default value is now * instead of "". bug
• Markers on IP location map can now be clicked to see a list of IPs represented by that marker
• The Asset dashboard's info cards were showing incorrect counts for Vulns and Ports bug
• Cancel button on Update a Vulnerability Trigger modal was not working as expected. bug
• Alphabetic sorting in search result tables is now more accurate
• IP addresses can now be copied directly to clipboard from tables
• Updated At and Created At columns are now available for ASNs
• Domains that are hosted on non-owned IP addresses now have scanning coverage for the top 200 TCP ports

# June 5, 2023

• Discovery chain node limit error message was overlapping delete button. bug
• Default filter text was not in proper format for Open port. bug
• Informational vulnerabilities count was mismatched for Vulnerabilities Stacked by Severity and Severity graph. bug
• Increased company sync request fault-tolerance. bug
• Portfolio dashboard enhancements
• Increased network and web vulnerability scan coverage

# May 23, 2023

• Added client name to attack surface report.
• Chain items were not getting inserted for vulnerabilities. bug
• Added allowlist link in ASM guides.

# May 22, 2023

• Filter buttons in UI were causing empty search queries and errors. bug

# May 19, 2023

• Links to closed ports on the exposures dashboard included incorrect search filters. bug
• Vulnerability reports that don't have any vulnerabilities now look better. bug
• Added input field for CVSS vector in input form for Add Network Vulnerabilities to Ports.
• Portfolio dashboard improvements
• Vulnerability bulk status updates would fail it the asset column was ordered or an asset facet was selected. bug
• In the Vulnerability table, when clicking the add filter icon on the port column, a name filter was being inserted instead of a port.number filter. bug

# May 16, 2023

• Workato integrations were not being removed when a client account was deleted. bug
• The history widget was showing erroneous change events for the integration identifier field. bug
• Added new button Needing Attention under Bulk Actions dropdown menu which can set monitored field of domains or IPs to null.
• Bulk Actions > Set Status option will be shown only to user having update permission. bug
• Vulnerability sidebar was not showing certificate information. bug
• When a domain, IP, or port is deleted, associated certificates and products are also deleted if they're not used by any other resource
• New option for Vulnerability API endpoint to return text in Markdown or Plaintext instead of just HTML
• Added confirmation modal for deletion of port. bug
• Asset dashboard vulnerability cards were showing incorrect values. bug
• Fixed bug where some CVSS info could be removed if certain other vulnerability information was edited. bug
• Added a Login to Workato button to Settings > Integrations
• Saving a vulnerability could sometimes erroneously delete its CVSS information bug

# April 26, 2023

• Company data is now available! Go to Assets > Companies to see your related companies and company hierarchy. Learn more here
• Attack surface reports can now be delivered straight to your inbox!
• Added vulnerability trigger for certificates.
• Selected operation name will be shown under user provided operation name in operation tab.
• Status Timeline graph for ports now shows null states. bug
• CVSS score in the vulnerability sidebar can now display a score of 0. bug
• The Add Asset validation check will now flag erroneous IP ranges in the case of either error: Start IP address must not be larger than End IP address or IP range contains more than 1 million IP address. bug
• Bidirectional Jira integrations are now supported
• Some ASNs were not displaying their monitored state. bug

# April 13, 2023

• Added support for discovery of DMARC, DKIM, and SPF DNS records
• ASNs can now be set to not monitored
• Added virtual host enumeration capability
• Global search now supports an option to include only monitored assets
• Updated the Information vulnerability severity to Informational bug
• Changed the layout for graphs of entity dashboard in order to make sure it won't disappear when large numbers are present in it
• The IP address "added via network analysis" status is now non-editable after creation bug
• Fixed Workato's font color in dark mode bug
• Username styling in navigation view is now ellipsis. bug
• Once task is completed, user won't be able to see Set to In Progress button
• Vulnerabilities can now have a CVSS 3.1 metrics string, and will calculate the CVSS score
• Fixed name capitalization in the history widget for NetSPI bug
• When an item is deleted from the sidebar, the data table now updates automatically bug
• User deletion was failing if the user had manually created a vulnerability at any point bug

# March 23, 2023

• Info card graphs are now shown underneath their counts, allowing larger counts to not hide the history graph bug

# March 22, 2023

• Support for multiple PTR records on a single IP address
• Hyperlinks are now clickable in the What's New widget. Code text will also now be shown with a gray background.
• Changed the color of informational vulnerability severity in severity graph. bug
• Read-only users were incorrectly being shown the toolbar in rich text fields. bug
• Fixed the direction of rotation for workflow execution arrows. bug
• The ASM logo is now clickable and upon click the page will navigate to the attack surface dashboard. bug
• ASN scanning could erroneously descope associated IPs and ports in cases were an ASN changed for a pre-existing IP range and domain bug
• Integrations are now available to account Admins. Learn more here
• Remediated vulnerabilities will be recreated if discovered again post-remediation
• SSL/TLS ciphers were not properly reporting for all protocols bug
• Additional documentation around cloud integrations for ASM can be found for AWS and Azure
• Asset imports were not alerting when >1 million assets are attempted to be imported at once bug
• Fix for deleting a domain that has linked vulnerabilities could fail bug

# March 7, 2023

• Global search now supports exporting to CSV
• Certificates will now show enabled SSL/TLS protocols and ciphers for the services serving those certificates
• When IP addresses are descoped for a newly expired ASN, their ports are now descoped as well bug
• Users can now select the severity of the vulnerabilities that they'd like to be notified about
• Checking for cloud storage configurations weaknesses bug
• Removed ASN third-party providers FAQ section
• The clickthrough functionality on the dashboard stacked vulnerability chart was not working bug
• Ordering product services by the version column was failing bug
• The homepage advanced search feature now shows a loading spinner when waiting for results
• Fixed Non-verified vulnerabilities having a Reported At date after bulk updates bug

# February 21, 2023

• IP addresses that have exceeded the max scan duration for port scanning are now separated into TCP and UDP types and can be searched using tcpPortScanTimedOut:true or udpPortScanTimedOut:true on the IP address table
• Fixed vulnerabilities and ports count mismatch on asset dashboard. bug
• Updated styling on the Notifications page.
• ASM integration with Resolve for External Network Penetration Tests.
• Simplified permissions model for admin users
• Certain tables displayed compressed rows when used alongside the rich text editor bug
• When editing a description field in the sidebar, unsaved values were displaying as saved values bug

# February 9, 2023

• Global Search is now accessible from the left navigation panel!
• New QA status for vulnerabilities, complete with a QA Review task for vulnerabilities that are in QA status.
• Fixed incorrect Create Vulerability Trigger modal being shown when search is modified from default bug
• Vulnerability tables had incorrect columns available on the settings modal bug
• Global Search now supports searching by Asset/Exposure Id.
• Vulnerabilities that failed remediation testing were counted as new vulnerabilities in email notifications bug
• In-app notifications for vulnerabilities that failed remediation testing were redirecting to an incorrect URL bug

# February 2, 2023

• The bulk action dropdown was overlapping the search help menu. bug
• In settings for Vulnerability Triggers, text pluralization was incorrect bug
• The Copy Assets button was not copying common names in the certificate table bug
• Added sorting ability on Asset column on the Vulnerability and Port tables.
• Added a widget to the Dashboard to show the most recent changelog items
• Updated domain card on the assets dashboard to show count of monitored (live and unlive) assets.
• Vulnerability trigger query is now editable on creation.
• When viewing full product details, the version of each service is now shown
• Added certificate display widget for domains and IPs.

# January 19, 2023

• The domain search on the ASM homepage now allows users to expand their search to include organizations associated with their domain.
• An unnecessary error would sometimes be reported on multiple attempts to delete the same user bug
• IP addresses that return >1000 open ports are now considered "timed out" and the ports are discarded.
• Added categories column to the products table which will display as a truncated list.

# December 28, 2022

• Client admins can now configure vulnerability triggers on filtered domains, IPs, and ports. Learn more about this feature here.
• ASN generated IPs were not being flagged as discovered by NetSPI bug
• Added the Tags list filter to the Port table page.
• The severities on the Vulnerabilities Stacked by Severity chart located on the dashboard view now link to the vulnerabilities page, filtered by the selected severity.
• On the Domains page, 'Scan Certificate Transparency Logs' now identifies and inserts any new domains from a client's associated certificate transparency logs.
• The Domains Explore page now has facet filter for Subdomains
• Added the Accepted Risk vulnerability status.

# December 9, 2022

• A rate limit of 20000 requests per 5 minutes has been applied to all ASM APIs

# December 8, 2022

• Vulnerabilities can now be added with only a domain or IP address, for vulnerabilities that don't affect network ports (e.g. DNS vulnerabilities).
• Vulnerability table CSV exports will now display the description, remediation, and verification text for each row
• Disabling network analysis for domains was failing bug
• A port's products were still being displayed after it was marked as unmonitored bug
• When the Web Ports filter is selected on the Ports table, the Page Title and Status Code columns will now be displayed

# November 15, 2022

• The HTTP metadata scan now collects the favicon mmh3 hash, which is displayed in the port sidebar
• Links to the guide were not properly navigating to specific page sections bug
• Deleting a tag from an object could affect other objects with that tag bug
• IP Addresses were improperly set to offline when they had no UDP ports open, but still had TCP ports open bug
• A Create Vulnerabilities bulk action was added to the Ports table, which will create a vulnerability for each selected port.
• Modals were not styled correctly in dark mode bug

# October 25, 2022

• Certain domains were showing as live when no ports were open
• Automated checks added for CVE-2022-42889 (Text4Shell)
• IP addresses that have exceeded the max scan duration for port scanning will be noted and can be searched using portScanTimedOut:true on the IP address table
• The IP Location graph wasn't displaying coordinates when zoomed out bug

# October 19, 2022

• Admins can now create new accounts through the Create Client modal via the command palette
• Improved modal transitions
• View Async Jobs option added to the command pallet to display a list of async jobs
• Select search bars now display additional information to help construct search queries
• Overall DNS count in the Exposure Dashboard was not filtering out inactive records bug
• Added an ASM methodology chapter to Domain report
• Dropdown options were presenting as selectable for read only users. bug
• Domain and IP Address created by attributes were sometimes null bug
• The IP Discovery Chain graph now indicates whether an IP was generated by an ASN

# October 7, 2022

• The screenshot carousel now displays screenshot-specific port number, protocol, and service type while hovering.
• Screenshots were being cut-off on the timeline history graphs bug
• All users can now use the Stop Scanning button

# September 30, 2022

• In the Port Screenshot Gallery, the user can order perceptually grouped screenshots by port count
• Performance improvements were made to requests that insert or update ports for IPs and domains
• UX/UI updates to the Port Screenshot Gallery

# September 28, 2022

• Deletion of slack integrations was failing bug

# September 27, 2022

• Images in the Port Screenshot Gallery can now be grouped by perception. Learn more about this feature here.
• The Domain, IP Address, and Port table views now have the ability to copy selected assets and port URLs to the clipboard

# September 24, 2022

• Performance enhancements were made to the Team Members view
• Users can add an attribution statement when adding assets
• Domain and IP address exports now include ports and associated assets
• Certain flyover modals were being cut off on mobile devices bug
• Table page selection now has a search field to jump to a specific page
• Domains, Ports, and IP Addresses now have all associated screenshots available to view on large detail pages
• When viewing the full details page for a Domain you can now use the Generate Report button to get a summary report for that domain
• IPs with more than 1664 ports would not have their expired ports closed bug
• The Domain explore page will now show non-live domains
• Updated from HeroIcons v1.0 to HeroIcons v2.0

# September 12, 2022

• Added support for global tenant search in API requests
• Manually resized screenshots did not maintain their aspect ratio bug
• In Discovered Vulnerability notifications, links to the vulnerability table will be filtered to only include the discovered vulnerabilities
• Added sorting to the "name" column of the Product table
• Updates to the tag selection popup including adding search functionality and styling improvements
• Removing ability to manually add ASNs, ASNs are now automatically detected and added to your attack surface.
• In the IP Address table, the IP column was not sorting numerically bug
• The main dashboard now shows you trends of all vulnerabilities on your attack surface, separated by severity
• Clients containing a portfolio of ASM customers can use the new Portfolio dashboard to view all organizations they are responsible for
• On the ASNs page, 'Scan for ASNs' now validates and updates existing ASN associations in addition to inserting newly identified ASNs.
• FAQ outlier services will only show outliers with fewer than 20 ports
• For users with access to multiple clients, their parent client now has a Home icon next to it in the client chooser
• Port Gallery has been converted to an Explore page with left-hand facet searches
• SAML SSO now supports users from multiple domains

# September 6, 2022

• Increased inline search bar page size to 50 records and added help text when there are >50 records.

# September 1, 2022

• Images pasted into a text editor will be limited to 80% of the editor width
• The Add Assets view now includes an option to allow invalid CIDR ranges if they can be converted to a valid equivalent
• Added a screenshot gallery to the ports page accessible via the table/graph view selection buttons
• HTTP ports now track status code, content type, content length, HTTP reachability, and their JARM.
• Certain CSV exports contained malformed columns bug
• Users with the tenant switcher will now see active tenants sorted to the top and inactive tenants sorted to the bottom.

# August 24, 2022

• IP ASN links now point to https://ipinfo.io instead of https://arin.net.
• The ports display on the domain details page will show the associated IP next to the port number when relevant
• Tables now have the option to select the number of rows shown when using the desktop view
• Clicking on a link while pressing the Command (MacOS) or Control (Windows) key will open it in a new tab if possible
• Domain names and IP addresses were not sortable bug
• Tables now have jump to first and jump to last page buttons
• Clicking the globe on the dashboard will now present you with all scanning information for your attack surface, as well as an option to immediately stop all scanning.

# August 19, 2022

• Products will be marked as inactive when they are no longer found on services
• Discovery chain graphs will now represent when a relationship is inactive (e.g. between a port and a certificate that has been removed)
• Performance improvements were made to the IP history graph
• Description field updates will now show up in the activity log for IPs and Ports
• The ASN asset page will now display all ASNs associated with your organization, including IP range information.

# August 15, 2022

• Fixed bug that sometimes caused duplicate tasks to be generated bug
• In the Vulnerability details view, a link icon was added next to the 'Affected URL' field so you can navigate directly to the full URL
• When adding a vulnerability, the flyover now has double width for better data entry.
• AWS cloud integration scans were failing to run bug

# August 4, 2022

• Our Azure integration is now live! Integrate today to sync all ephemeral IP Addresses from your Azure subscriptions. Check out our docs for more information.
• PTR records are now automatically associated with your attack surface as Domain assets
• Fixed bug that could prevent the FAQ graphs from correctly displaying how many IPs were discovered by NetSPI bug
• Certificates will be marked as inactive when replaced by a new certificate on the same service

# July 29, 2022

• Vulnerability name, affected url, and attack param fields now have whitespace trimmed on input
• The Vulnerability History graphs on the Domain and IP details views now include a checkbox for showing vulnerabilities from associated assets
• Related domains are now graphed on the Cloud card when viewing the asset dashboard

# July 22, 2022

• The history graph caption now displays more detailed and accurate counts
• Fixed bug that was occasionally causing imprecise table ordering in history graph bug
• IP address ports were not being closed when all ports went offline for a given IP address bug
• Improvements to subdomain bruteforcing
• UDP port scanning now in beta
• Assets will now be verified prior to submission

# July 15, 2022

• Added confirmation email when requesting remediation testing
• Added summary email for remediation testing results
• The vulnerability explore page now has facets on the left-hand side to aid in navigation

# July 13, 2022

• Performance improvements were made to the IP Exposures graph
• Fixed issue preventing the deletion of clients bug
• Updated DNS record count to only include active records on exposure dashboard bug
• Fixed bug showing all vulnerability statuses when filtering for unverified vulnerabilities bug
• Added API option to not overwrite port services when creating duplicate ports
• The History Graph table now displays its results in either cards or standard rows with column sorting
• You can change the time span displayed in History graphs via a new dropdown menu

# July 8, 2022

• You can now request remediation testing right in the platform! Update the status of 1 or more vulnerabilities to "Ready for Retest" and our team will be notified.
• Fixed an issue with the Set Status submenu in the vulnerability table, which would close unexpectedly bug

# June 30, 2022

• The history graph state timelines now indicate if/when the entity did not exist or was out of scope.
• A history graph has been added for Open Ports
• Added Set Status bulk action to the vulnerabilities table
• IP Location maps will now display only IPs that are live and monitored
• Fixed issue with services table filtering in ASN details bug
• Pie chart color schemes are more consistent now
• The global icon on the dashboard will now display as green during any active scanning operations
• An alert will now appear if a table search term is invalid
• Field values will wrap instead of truncating
• Screenshots for IP addresses were failing to upload bug
• Out of scope ports were present in the IP exposure charts bug

# June 2, 2022

• Check out the new FAQ Dashboard to explore common questions you may have about your data!
• An interactive version of the dashboard timeseries graphs are now available in the Domain and IP galleries.
• IP and domain details pages now include a timeline of their live/offline status
• Timeline graph was failing on empty field values bug
• Fixed issue where deletion requests could fail bug

# May 31, 2022

• Vulnerability PDF reports now contain the attack parameter field for each vulnerability
• Rich text editor code blocks were showing light backgrounds in dark mode bug
• Images were failing to paste into text editors bug

# May 26, 2022

• Dark mode is now available! Check it out in your settings.

# May 24, 2022

• AWS Elastic IPs that were associated with EC2 instances had their Cloud Identifier set to the Instance ID. They are now set to the EIP ID.
• Fixed intermittent PDF export errors when rich text content was copy+pasted from another website. bug
• Domains containing only filtered ports were set to Online bug
• Bulk Domain and IP deletion resulted in errors bug

# May 23, 2022

• Fixed an issue where closing small details page would cause user to be redirected to explore page bug

# May 20, 2022

• AWS Integration now supports ingesting ephemeral domain names from Route53 hosted zones

# May 19, 2022

• Ports were not removed from dashboards when monitoring was disabled on their related assets bug
• Non-monitored IPs and Ports were present in the dashboard IP Exposure graph bug

# May 18, 2022

• Links on the port small details page always defaulted to HTTPS for HTTP ports
• System updates to domains and ip addresses mistakenly reported changes as user updates bug
• Fixed an issue where network analysis did not remove non-active DNS records from their respective domains bug

# May 13, 2022

• PDF reports were failing to generate bug
• PDF reports did not include the client name on the title page bug

# May 12, 2022

• DNS records were failing to insert when pointing to a deny listed asset bug
• Tables now support multi-sorting by holding shift and clicking multiple table headers
• Vulnerabilities now contain a reportedAt value to help surface the most recent vulnerabilities
• Domain, IP, Port, and Vulnerability CSV exports now contain tags for their related assets

# May 10, 2022

• The Add Assets pane now supports tagging for all inserted or updated assets
• Fixed issue where text editor and dropdown selections persist between uses bug
• New product categories will be automatically inserted in service product API
• PDF reports are now available in beta! Check them out by:
  • Hitting cmd/ctrl+k > "View ASM Report"
  • Navigating to Vulnerabilities, selecting a few, clicking Bulk Actions > Export as PDF
• Our new status page is live! Check it out at https://status.netspi.com, you will also be alerted in-product when we are experiencing an outage
• Rich text editor images were failing to load in Firefox bug

# May 3, 2022

• Assets without a specific monitoring status were failing to add

# May 2, 2022

• Team Members can now be filtered by your team and NetSPI collaborators
• Fixed issue where new vulnerabilities notification could display inaccurate count bug
• New rich text editors available for vulnerabilities
• Updated Content Security Policy
• Vulnerabilities now support dedicated remediation instructions
• Command palette keyboard navigation was out of order bug

# Apr 26, 2022

• Assets and Exposures now have new dashboards and navigation options!
• Failures during async jobs will now send in-app and email notifications
• Improved detection for invalid CIDR ranges
• IP ranges (e.g. 1.1.1.0-1 and 1.1.1.1-2.2) now supported when adding assets
• Em dashes are converted to dashes in Add Assets input
• Improved explore page performance
• Table columns can now be resized!
• Fixed an issue where table pagination resulted in negative pages bug
• Table pagination was not resetting when initiating new table searches bug

# Apr 14, 2022

• AWS Cloud Scanning now available! Manage ephemeral IP addresses for all your AWS accounts. Go here for more information. asset
• Significant performance improvements for adding and deleting assets
• Domains, IPs, and Ports now track vulnerability history on their respective dashboards
• Fixed an issue preventing most recent counts from showing up correctly in timeseries graphs bug

# Apr 8, 2022

• Fixed an issue where port products were not being returned bug
• Fixed an issue where https ports were being identified as http bug
• Special thanks to Ryan Krause for debugging host timeout issues with port scanning bug
• AAAA records were failing to add as DNS records. bug
• TXT records were being improperly deduplicated. bug
• Added support for continuous full port scanning on hosts not responding to ping
• Fixed an issue where tables would take 5 seconds to load if navigated to immediately after page load bug

# Apr 3rd, 2022

• Added Spring4Shell detection exposure
• Added Cisco ASA detection exposure
• Fixed issues with SSL/TLS certificate scans failing bug
• Filtered the domain dashboard to only monitored and live domains
• Web Vulnerabilities have been renamed to Network Vulnerabilties to cover a wider variety of scenarios

# Mar 25th, 2022

• New IP Geolocation map available on the dashboard!
• Attack surface reports are now available in beta! Check them out in the command palette.
• Fixing vulnerability counts bug
• Open ports were not being toggled back to closed when no port response was received bug
• Refactored port scanners for performance and maintainability
• IP Address region and city are now searchable
• Domain dashboard is now filtered to only show monitored domains
• Domain assets are automatically added from PTR records if they match an existing root domain name.

# Mar 21st, 2022

• Updating default table filters to only show live/valid entities
• UI updates for administrative user permissioning
• Export CSV bulk table action added

# Mar 18th, 2022

• Discovery chains are now available!
• Dashboard now filterable by multiple date ranges
• Info card graphs improperly displaying future dates bug
• Product details pages failing to load on certain products bug
• Allowing ports to be copied directly to clipboard
• Certificates and Products refactored to better represent their underlying services
• Tables were removing default filters on navigation bug

# Mar 11th, 2022

• End user license agreement now required for all users
• Uptime and availability enhancements
• New warnings and options around adding ASNs to your attack surface
• IP and Domain deny list updates
• Client switcher now sorts alphabetically
• Slack notification subscriptions are now removed when Slack integrations are uninstalled bug
• Refactored tables for performance and usability
• Our public API is now in Beta! Check it out here
• Bulk tagging and network analysis changes were failing bug
• Alerts are now only sent for verified vulnerabilities

# Mar 1st, 2022

• Autonomous System Numbers asset
• Upgrade to leaflet maps
• NetSPI team members can now manually create tasks to follow up on at a later time
• Markdown viewer formatting updates for large headers
• Clicking on the header of a Domain, IP, or Port now opens a new tab directly to that service.
• Products discovered on multiple Ports showed up as duplicates on the Domain page bug
• RFC5735 addresses added to deny list
• Certain asset counts were returning approximate and not absolute counts bug
• Added Log4j web vulnerabilities exposure

# Feb 22nd, 2022

• ASM is now Generally Available! Learn more here.
• Notifications can now be grouped by Realtime, Daily, Weekly, and Monthly timeframes.
• Slack notifications are now configurable by notification type
• IP Address geolocations are now available!
• Help guide updates
• Support tickets can now be made directly in the platform, see the Support button on the left-hand navigation
• New and improve Command Palette, press CMD+k or CTRL+k to see it!
• Command Palette now supports full attack surface searching
• Smart text search for all pages
• Recurring and automated tasks for the NetSPI team to investigate attack surface activity
• Infrastructure performance and error monitoring enhancements
• Accounts are now locked after 5 invalid attempts
• Last login tracking now available for client admins
• Dashboard info cards and selectables not working bug
• Created API user not showing up until after refreshing page bug
• Broken product icons bug
• Subdomains returned when searching for root domains bug
• Removed support for CORS requests
• The NetSPI team can now run any scan on-demand based on their investigations of the attack surface
• Explore page search queries are now sticky when navigating between pages

# v0.1.12

Released: 2022-02-01

• Exposure enhancements
  • Details
  • Chains
• TOTP-based multifactor authentication
• Web Vulnerabilities exposure
• Management ports exposure
• Infrastructure migration

# v0.1.11

Released: 2021-12-17

• User guides

# v0.1.10

Released: 2021-11-20

• Elasticsearch added
• Domain exposure dashboard
• Domain exposure intelligent search

# v0.1.9

Released: 2021-11-11

• Network analysis mode added for domains

# v0.1.8

Released: 2021-11-08

• RDNS support exposure
• Discovery history for all assets

# v0.1.7

Released: 2021-11-04

• DNS records exposure
• Subdomain detection exposure
• New network scanning infrastructure

# v0.1.6

Released: 2021-10-28

• Slack integration
• New logo!
• Search bar for all major grids

# v0.1.5

Released: 2021-10-23

• Tree view grouping by tag
• Asset triage tree views
• Tree view bulk updates
• Dashboard updates

# v0.1.4

Released: 2021-10-20

• Extensive API controller unit testing
• Tree views
• Reverting to exposure heat map on dashboard

# v0.1.3

Released: 2021-10-10

• API documentation
• Added Monitored and Unmonitored states for assets
• Account switcher for users with access to multiple clients
• Infrastructure auto scaling

# v0.1.2

Released: 2021-09-29

• User onboarding workflows
• Tree map graph for IP exposure detection

# v0.1.1

Released: 2021-09-27

• Info cards and sparkline graphs
• Top service detection on dashboard
• IP exposure heatmap
• SSL/TLS certificates exposure
• Technology frameworks exposure

# v0.1.0

Released: 2021-09-06

• Transformation from Scan Monster (on-demand scanning) to Attack Surface Management (always-on continuous scanning)
• IP Addresses exposure
• Domain Names exposure
• Ports & Services exposure
• Team management
• Bulk actions for all assets
• Initial tagging framework
• Dashboard & notifications

# v0.0.1

Research: 2018-02-10 - 2021-09-06

• Extensive research on internet-scale exposure detection and vulnerability scanning
• Scan Monster used in over 500 penetration testing engagements