July 2024
The daily updates in the CISO Workplace for the month of July 2024
- Daily Update: July 11
- Daily Update: July 12
- New Module (July 12): Vulnerability Assessment and Management
- Daily Update: July 15
- Daily Update: July 16
- Daily Update: July 17
- Daily Update: July 18
- New Module (July 19): SOAR
- Daily Update: July 19
- New Module (July 23): Virtual Penetration Testing
- Daily Update: July 22
- Daily Update: July 23
- Daily Update: July 24
- Daily Update: July 25
- Daily Update: July 26
- Daily Update: July 29
- Daily Update: July 30
- Daily Update: July 31
Daily Update: July 11
Aside from the bug fixes, here's what's updated / improved:
We added another email and landing page template in the Phishing Simulation module.
In our CIM module, to help in the investigation of the alert, an Investigation Guide is available. As of this time, not all Alert Rules have Investigation Guide available.
In our Security and Privacy Compliance, you can now drag and drop the evidence files.
In the RM Module's Dashboard, the components can now be moved and positioned based on your preference.
Daily Update: July 12
Aside from bug fixes, here are the main updates in the CISO Workplace for July 12:
Go to your Users menu, you can now see when and what IP Address your Users logged in.
In the CSPM module, you can now move some of the components around based on your preference.
In the SCRM module, you can now also move some of the components around based on your preference
Bug Fixes:
Fixes in the Task Management feature in the Risk Management Module
Fixes in the Simulation page of the Phishing Simulation Module
New Module (July 12): Vulnerability Assessment and Management
🚀 New Module Release
We’ve just dropped a new module: Vulnerability Assessment and Vulnerability Management
🌟 New Features:
-
Dashboard components:
-
Scans Page: After starting a scan, needs page refresh to see the running scan.
🐞 Known Issues:
-
When there is a running scan, there is no data in the Dashboard. When all scans are finished, there is data present.
- No descriptions for CVEs yet
Stay tuned for more exciting updates!
Daily Update: July 15
Here are the latest updates in the CISO Workplace as of July 15:
Added new component in VA, VM Dashboard -- Top CVEs -- most occuring CVE(s) that are found in most scans.
RM Bug fixes:
- Risk Details No Data Display (Vulnerability description, Threat description)
- Fix controls recommendation in controls json data issue
- Other assets affected Improvements (FE)
- Fix threat & vulnerability description delayed state issue
Daily Update: July 16
Here are the main updates in the CISO Workplace for July 16:
Initial Spanish Language Support
- Based on the input, the CIM and Compliance modules are currently supported.
Performance Updates in Phishing Simulation when opening campaign in Simulation > Campaign
Daily Update: July 17
Here are the main updates in the CISO Workplace for July 17:
Continue with Spanish Translation.
In CIM > Alerts:
In Phishing Simulations:
Rabbit Hole Support in Vulnerability Assessment and Management:
Bug Fixes:
1) Fixed bug in CIM > Reports > "My Library". Only reports of the client will be displayed
2) Bug fixes in Phishing Simulation
3) Bug fixes in Vulnerability Assessment and Management
Daily Update: July 18
Here are the main updates in the CISO Workplace for July 18:
Initial Widget Support for Phishing Simulations Module
Initial Update to the WP Menu.
Show the clusters’ names only with a ‘+’. On Click, to expand and show all modules in each.
Bug Fixes:
1) Risk Management
Task management enhancements & Change risk response implementation
Improvements:
1) Show only CIM Module to one of the clients
New Module (July 19): SOAR
🚀 New Module Release
We’ve just dropped a new module: SOAR (Security Orchestration, Automation and Response)
🌟 New Features:
Dashboard
- Dashboard supports the following:
- Mean time to respond with history comparison
- User can now see their respond time data
- User can also see the comparison from yesterday
- False positive rate with history comparison
- User can now see their false positive time data
- User can also see the comparison from yesterday
- Total open alerts
- User can now see their total open alerts
- User can now see their total open alerts
- Total resolved alerts
- User can now see their total resolved alerts
- User can now see their total resolved alerts
- Open Alerts
- Case Resolution Time Analysis:
- Partially Supported
- Partially Supported
- Mean time to respond with history comparison
- Dashboard Limitations:
- Mean time to respond with history comparison
- User can only see the comparison from yesterday
- Total open alerts
- Query limited to only 100, proper implementation to support large sets of alerts is not yet complete
- Total resolved alerts
- Query is limited to only 100, proper implementation to supportt large sets of alerts is not yet completed.
- Open Alerts
- Query limted to 100
- Incident Type By Status
- Not Yet Supported
- False positive rate with history comparison
- User can only see the comparison from yesterday
- Mean time to respond with history comparison
- Dashboard Known Issues:
- For features with history comparison, it needs at least 2 historical data in order to be able to perform a comparison.
SOAR Configuration
- SOAR configuration currently supports:
- SOAR configuration Limitations:
- Alert Tagging
- Rule name characters length issue, characters must not be more than 25 characters
- User can't modify or change alert tagging configuration
- Connector
-
User can't see the list of actions/connectors that has attached on a rule
- Only Email Connector is currently supported. Other connectors such as Teams and etc.
-
- Tools
- User can't edit IP Reputation tool
- User can't delete IP Reputation tool added.
- User can't view the list of IP Reputation tools
- Alert Tagging
- SOAR configuration Known Issues:
- Alert Tagging
- Assignee duplication issue when selecting multiple alerts to attach on a case in CIMS
- Connector
- User can't create email connector with "for each alert and per rule" configuration
- Alert Tagging
Daily Update: July 19
Here are the main updates of the CISO Workplace:
General Updates:
- Initial Spanish Translation of BIA (Business Impact Analysis)
Risk Management Updates:
1. Redesign of the risk management modal
a. New presentation of data that has 2 modes Visualize and Detailed view on the left side
b. Tabs on the left side that shows the comments, timeline and attached files including the upload file
2. Task Management improvements
a. Add delete subtasks
b. Tasks is linkable
c. Fixes in the change risk response functionality
d. Initial implementation for checklist.
3. Other Assets Affected options were added with default scores provided.
New Modules Release:
- SOAR
New Module (July 23): Virtual Penetration Testing
🚀 New Module Release
We’ve just dropped a new module: Virtual Penetration Testing
🌟 New Features:
Dashboard
- Total Vulnerabilities Detected
- Severity Gauge
- Penetration Activity
- Penetration Graph
- Top Vulnerabilities Detected
- Recent Penetration Test
- Top Exploitable Assets
Limitation: Widget currently not clickable.
Penetration Test Page
- List of Scans
- New Scan Button
New Scan: User can successfully add new scan
Limitation:
1) Only "One Time" setting can be selected for Set Frequency
2) Only "Now" setting can be selected for Start Time
Specific Scan Details
Known Issues:
- Actual progress percentage of the scan
Type of Attack Information: Only basic functionalities of each attack above are being performed by the tool. Wapiti Tool is currently being used.
- Can only support limited type of attacks
- backup (Search copies of scripts and archives on the web server)
- brute_login_form (Brute Force login form using a dictionary list)
- buster (DirBuster like module)
- cms (Scan to detect CMS and their versions)
- cookieflags (Checks Secure and HttpOnly flags)
- crlf (CR-LF injection in HTTP headers)
- csp (Detect lack of CSP or weak CSP configuration)
- csrf (Detects forms not protected against CSRF or using weak anti-CSRF tokens)
- exec (Code execution or command injection)
- file (Path traversal, file inclusion, etc)
- htaccess (Misconfigured htaccess restrictions)
- htp (Identify web technologies used the HashThePlanet database)
- xss (XSS injection module)
- upload (File upload vulnerabilities)
- nikto (Look for known vulnerabilities by testing URL existence and checking responses)
Daily Update: July 22
Here are the main updates of the CISO Workplace:
Add Recipients new modal in Phishing Simulation
EDR Spanish Translation
Compliance Improvements
- Task Management Updates
- Gantt Chart Updates
SOAR Bug Fixes
- In Auto-Assignee feature, removed Duplicate Assignee in Case Creation
Daily Update: July 23
Here are the main updates of the CISO Workplace:
New Module: Virtual Penetration Testing
SOAR Improvements
- Display all actions of rule
- Display all actions of alert tag
Data Governance Improvement
- Initial Spanish Translation
Change in Language Select Menu
Bug Fixes:
- SOAR Bug Fixes
- Phishing Simulation Module Bug Fixes
- Risk Management Bug Fixes
Daily Update: July 24
Here are the main updates of the CISO Workplace:
SOAR Bug Fixes in Dashboard:
VPT Bug Fixes in Scan and Dashboard:
Translation Updates:
Risk Management Updates:
Overall Gantt / Timeline Improvements
Phishing Simulation Updates:
Added Recipients Editing Capabilities
Daily Update: July 25
Here are the main updates of the CISO Workplace:
CyberNews Updates:
- Posts from cybernews.cytechint.io are now sync
EDR Updates:
- Updated the Windows Installer
Modified to lower the VirusTotal Score from 24 to 2 vendors flagging the installer as malicious
-bkav pro is false positve
- grayware half chance if malware or safe app
DPD Updates:
Support for Spanish Translation
SOAR Bug Fixes:
- Alert Aggregation Support for History and Dashboard
- Case resolution time analysis data refinement
- Rounded resolution time output
- Dashboard history data representation improvement
Phishing Simulation Updates:
- Download Recipient and Re-import
- Chronological order of dates
Virtual Penetration Testing Bug Fixes:
- Backend Improvements
Daily Update: July 26
Here are the main updates of the CISO Workplace:
CIM Updates:
Alert Timeline more information:
Added Search in Alerts Page
Set Closing Reason Description as Optional:
CIM Bug Fixes:
Cannot Delete / Modify comments not belonging to user
User Filter in cases is closed automatically when mouse is out
RM Updates
Task Management Overview component
Mitigation Proposal Timeline Gantt Chart
Assignee Full name displayed in Timeline
Improvement in Task management timeline search
Privileged Account Review Updates:
Spanish Translation Support
Virtual Penetration Testing Updates:
Updated dashboard with some "Rabbit Hole" support
Security and Privacy Compliance Updates:
Updated Timeline Gantt Chart
Daily Update: July 29
Here are the main updates of the CISO Workplace:
CIM Updates:
Fix on comments being erased when changing tabs, and added "Changes Confirmation" on comments:
Security and Privacy Compliance Updates:
Added Search in Gantt chart
Added click function in Gantt chart:
Identify and Access Review Updates:
Spanish Translation
Risk Management Updates:
Risk Management Date Picker - added min and max range for mitigation and tasks
Phishing Simulation Updates:
Added Settings to set the domain
Daily Update: July 30
Here are the main updates of the CISO Workplace:
CIM Updates:
In Alert Details, added "show less" and "show more"
In Alert Details, updated the display formatting:
In Alert Details, updated the improvement for editing an alert detail:
Bug Fixes in graph display for Quarterly and Annual Report:
Cloud Security Posture Management Updates:
Spanish Translation
Daily Update: July 31
Here are the main updates of the CISO Workplace:
CIM Updates:
In Alert Table View, added "Show More", "Show Less", and "Copy to Clipboard"
This can also be seen in the Timeline Table View:
Removed the Global Date Picker. It will only be displayed in Alerts and Cases.
VPT Updates:
Spanish Translation
VA/VM Updates:
Spanish Translation
Phishing Simulation Updates
Added Control Panel - Domain control for recipients