July 2024

The daily updates in the CISO Workplace for the month of July 2024

Daily Update: July 11
Daily Update: July 12
New Module (July 12): Vulnerability Assessment and Management
Daily Update: July 15
Daily Update: July 16
Daily Update: July 17
Daily Update: July 18
New Module (July 19): SOAR
Daily Update: July 19
New Module (July 23): Virtual Penetration Testing
Daily Update: July 22
Daily Update: July 23
Daily Update: July 24
Daily Update: July 25
Daily Update: July 26
Daily Update: July 29
Daily Update: July 30
Daily Update: July 31

Daily Update: July 11

Aside from the bug fixes, here's what's updated / improved:

We added another email and landing page template in the Phishing Simulation module.

In our CIM module, to help in the investigation of the alert, an Investigation Guide is available. As of this time, not all Alert Rules have Investigation Guide available.

In our Security and Privacy Compliance, you can now drag and drop the evidence files.

In the RM Module's Dashboard, the components can now be moved and positioned based on your preference.

Daily Update: July 12

Aside from bug fixes, here are the main updates in the CISO Workplace for July 12:

Go to your Users menu, you can now see when and what IP Address your Users logged in.

In the CSPM module, you can now move some of the components around based on your preference.

In the SCRM module, you can now also move some of the components around based on your preference

Bug Fixes:

Fixes in the Task Management feature in the Risk Management Module

Fixes in the Simulation page of the Phishing Simulation Module

New Module (July 12): Vulnerability Assessment and Management

🚀 New Module Release

We’ve just dropped a new module: Vulnerability Assessment and Vulnerability Management

🌟 New Features:

Dashboard components:
- Overall Vulnerability Score
- Overall Vulnerability Score - Trend
- Vulnerabilities by Severity
- Vulnerabilities by Asset Type
Scans Page: After starting a scan, needs page refresh to see the running scan.
- Scanning Capabilities:
  - Website Scanner only, using NMAP. Network Scanner, Mobile Scanner, and Quick Scan are not yet supported.
    - Able to show CVEs of a website/website port.

🐞 Known Issues:

When there is a running scan, there is no data in the Dashboard. When all scans are finished, there is data present.
No descriptions for CVEs yet

Stay tuned for more exciting updates!

Daily Update: July 15

Here are the latest updates in the CISO Workplace as of July 15:

Added new component in VA, VM Dashboard -- Top CVEs -- most occuring CVE(s) that are found in most scans.

RM Bug fixes:

- Risk Details No Data Display (Vulnerability description, Threat description)
- Fix controls recommendation in controls json data issue
- Other assets affected Improvements (FE)
- Fix threat & vulnerability description delayed state issue

Daily Update: July 16

Here are the main updates in the CISO Workplace for July 16:

Initial Spanish Language Support

- Based on the input, the CIM and Compliance modules are currently supported.

Performance Updates in Phishing Simulation when opening campaign in Simulation > Campaign

Daily Update: July 17

Here are the main updates in the CISO Workplace for July 17:

Continue with Spanish Translation.
In CIM > Alerts:

In Phishing Simulations:

Rabbit Hole Support in Vulnerability Assessment and Management:

Bug Fixes:

1) Fixed bug in CIM > Reports > "My Library". Only reports of the client will be displayed

2) Bug fixes in Phishing Simulation

3) Bug fixes in Vulnerability Assessment and Management

Daily Update: July 18

Here are the main updates in the CISO Workplace for July 18:

Initial Update to the WP Menu.

Show the clusters’ names only with a ‘+’. On Click, to expand and show all modules in each.

Bug Fixes:

1) Risk Management
Task management enhancements & Change risk response implementation

Improvements:
1) Show only CIM Module to one of the clients

New Module (July 19): SOAR

🚀 New Module Release

We’ve just dropped a new module: SOAR (Security Orchestration, Automation and Response)

🌟 New Features:

Dashboard

Dashboard supports the following:
- Mean time to respond with history comparison
  - User can now see their respond time data
  - User can also see the comparison from yesterday
- False positive rate with history comparison
  - User can now see their false positive time data
  - User can also see the comparison from yesterday
- Total open alerts
  - User can now see their total open alerts
- Total resolved alerts
  - User can now see their total resolved alerts
- Open Alerts
- Case Resolution Time Analysis:
  - Partially Supported

Dashboard Limitations:
- Mean time to respond with history comparison
  - User can only see the comparison from yesterday
- Total open alerts
  - Query limited to only 100, proper implementation to support large sets of alerts is not yet complete
- Total resolved alerts
  - Query is limited to only 100, proper implementation to supportt large sets of alerts is not yet completed.
- Open Alerts
  - Query limted to 100
- Incident Type By Status
  - Not Yet Supported
- False positive rate with history comparison
  - User can only see the comparison from yesterday

Dashboard Known Issues:
- For features with history comparison, it needs at least 2 historical data in order to be able to perform a comparison.

SOAR Configuration

SOAR configuration currently supports:
- Alert Tagging
  - Display a list of alert tags
  - Automatic assignee of a case based on the alert tags
- Connectors
  - Send email based on Alert or Alert Rule
- Tools
  - Add IP Reputation Tools

SOAR configuration Limitations:
- Alert Tagging
  - Rule name characters length issue, characters must not be more than 25 characters
  - User can't modify or change alert tagging configuration
- Connector
  - User can't see the list of actions/connectors that has attached on a rule
  - Only Email Connector is currently supported. Other connectors such as Teams and etc.
- Tools
  - User can't edit IP Reputation tool
  - User can't delete IP Reputation tool added.
  - User can't view the list of IP Reputation tools
SOAR configuration Known Issues:
- Alert Tagging
  - Assignee duplication issue when selecting multiple alerts to attach on a case in CIMS
- Connector
  - User can't create email connector with "for each alert and per rule" configuration

Daily Update: July 19

Here are the main updates of the CISO Workplace:

General Updates:

Initial Spanish Translation of BIA (Business Impact Analysis)

Risk Management Updates:

1. Redesign of the risk management modal

a. New presentation of data that has 2 modes Visualize and Detailed view on the left side

b. Tabs on the left side that shows the comments, timeline and attached files including the upload file

2. Task Management improvements

a. Add delete subtasks

b. Tasks is linkable

c. Fixes in the change risk response functionality

d. Initial implementation for checklist.

3. Other Assets Affected options were added with default scores provided.

New Modules Release:

SOAR

New Module (July 23): Virtual Penetration Testing

🚀 New Module Release

We’ve just dropped a new module: Virtual Penetration Testing

🌟 New Features:

Dashboard

Total Vulnerabilities Detected
Severity Gauge
Penetration Activity
Penetration Graph
Top Vulnerabilities Detected
Recent Penetration Test
Top Exploitable Assets

Penetration Test Page

List of Scans
New Scan Button

New Scan: User can successfully add new scan

Limitation:
1) Only "One Time" setting can be selected for Set Frequency
2) Only "Now" setting can be selected for Start Time

Specific Scan Details

Known Issues:

Actual progress percentage of the scan

Type of Attack Information: Only basic functionalities of each attack above are being performed by the tool. Wapiti Tool is currently being used.

Can only support limited type of attacks
- backup (Search copies of scripts and archives on the web server)
- brute_login_form (Brute Force login form using a dictionary list)
- buster (DirBuster like module)
- cms (Scan to detect CMS and their versions)
- cookieflags (Checks Secure and HttpOnly flags)
- crlf (CR-LF injection in HTTP headers)
- csp (Detect lack of CSP or weak CSP configuration)
- csrf (Detects forms not protected against CSRF or using weak anti-CSRF tokens)
- exec (Code execution or command injection)
- file (Path traversal, file inclusion, etc)
- htaccess (Misconfigured htaccess restrictions)
- htp (Identify web technologies used the HashThePlanet database)
- xss (XSS injection module)
- upload (File upload vulnerabilities)
- nikto (Look for known vulnerabilities by testing URL existence and checking responses)

Daily Update: July 22

Here are the main updates of the CISO Workplace:

Add Recipients new modal in Phishing Simulation

EDR Spanish Translation

Compliance Improvements

Task Management Updates

Gantt Chart Updates

SOAR Bug Fixes

In Auto-Assignee feature, removed Duplicate Assignee in Case Creation

Daily Update: July 23

Here are the main updates of the CISO Workplace:

New Module: Virtual Penetration Testing

SOAR Improvements

Display all actions of rule

Display all actions of alert tag

Data Governance Improvement

Initial Spanish Translation

Change in Language Select Menu

Bug Fixes:

SOAR Bug Fixes
Phishing Simulation Module Bug Fixes
Risk Management Bug Fixes

Daily Update: July 24

Here are the main updates of the CISO Workplace:

SOAR Bug Fixes in Dashboard:

$image.png$

VPT Bug Fixes in Scan and Dashboard:

Translation Updates:

Risk Management Updates:

Overall Gantt / Timeline Improvements

$image.png$

Phishing Simulation Updates:

Added Recipients Editing Capabilities

Daily Update: July 25

Here are the main updates of the CISO Workplace:

CyberNews Updates:

Posts from cybernews.cytechint.io are now sync

EDR Updates:

Updated the Windows Installer

Modified to lower the VirusTotal Score from 24 to 2 vendors flagging the installer as malicious
-bkav pro is false positve
- grayware half chance if malware or safe app

DPD Updates:

Support for Spanish Translation

SOAR Bug Fixes:

Alert Aggregation Support for History and Dashboard
Case resolution time analysis data refinement
Rounded resolution time output
Dashboard history data representation improvement

Phishing Simulation Updates:

Download Recipient and Re-import
Chronological order of dates

Virtual Penetration Testing Bug Fixes:

Backend Improvements

Daily Update: July 26

Here are the main updates of the CISO Workplace:

CIM Updates:

Alert Timeline more information:

Added Search in Alerts Page

Set Closing Reason Description as Optional:

CIM Bug Fixes:

Cannot Delete / Modify comments not belonging to user

User Filter in cases is closed automatically when mouse is out

RM Updates

Task Management Overview component
Mitigation Proposal Timeline Gantt Chart
Assignee Full name displayed in Timeline
Improvement in Task management timeline search

Privileged Account Review Updates:

Spanish Translation Support

Virtual Penetration Testing Updates:

Updated dashboard with some "Rabbit Hole" support

Security and Privacy Compliance Updates:

Updated Timeline Gantt Chart

Daily Update: July 29

Here are the main updates of the CISO Workplace:

CIM Updates:

Fix on comments being erased when changing tabs, and added "Changes Confirmation" on comments:

Security and Privacy Compliance Updates:

Added Search in Gantt chart

Added click function in Gantt chart:

Identify and Access Review Updates:

Spanish Translation

Risk Management Updates:

Risk Management Date Picker - added min and max range for mitigation and tasks

Phishing Simulation Updates:

Added Settings to set the domain

Daily Update: July 30

Here are the main updates of the CISO Workplace:

CIM Updates:

In Alert Details, added "show less" and "show more"

In Alert Details, updated the display formatting:

In Alert Details, updated the improvement for editing an alert detail:

Bug Fixes in graph display for Quarterly and Annual Report:

Cloud Security Posture Management Updates:

Spanish Translation

Daily Update: July 31

Here are the main updates of the CISO Workplace:

CIM Updates:

In Alert Table View, added "Show More", "Show Less", and "Copy to Clipboard"

This can also be seen in the Timeline Table View:

Removed the Global Date Picker. It will only be displayed in Alerts and Cases.

VPT Updates:

Spanish Translation

VA/VM Updates:

Spanish Translation

Phishing Simulation Updates

Added Control Panel - Domain control for recipients