Product

Attack Surface, Remediation, Automation Rules, and Detection improvements

This update introduce a series of updates aimed at enhancing user experience, platform improvements, and bug fixes across various features.

Mon 04 March 2024

This update introduce a series of updates aimed at enhancing user experience, platform improvements, and bug fixes across various features.

πŸ•ΈοΈ Attack Surface & Inventory Improvements

  • Users can now export inventory assets to a CSV file for easier data manipulation and analysis.
    Export assets
  • The asset owner field is now pre-populated when editing one or more assets as well as when confirming potential nodes.
  • Fixed a bug where assigning attack surface owners to an attack surface auditor failed when users created a new owner within the modal.

πŸ“„ Remediation Enhancements

  • Regular expressions are now supported for filtering data in Remediation, Inventory, and Attack Surface, allowing for more granular searches.
  • Fixed exclusion filter functionality for assigned and self-reported tickets.
  • Fixed ticket metrics to be based on closed time rather than modified time.
  • Users can now open created tickets in new tabs when using the "Save & Add Another" feature for convenient access.

βš™οΈ Automation Rules Updates

  • Introducing a new automation rule action enabling the deletion of tags assigned to selected tickets or assets, enhancing customization and control.
  • You can now see a list of items a new rule will apply to before creating the rule.
    Preview list of items new rule applies to

πŸ›‘οΈ Scan Enhancements

  • Fixed an issue with multiple downloads of exported scans.
  • Mobile scan summaries now display IP addresses within the preview of backend links for better context.
    Scan summary backend IPs

πŸ“¦ Detection & Knowledge Base

  • Added detection for Insecure Storage vulnerabilities in mobile applications.
  • Enhanced descriptions and recommendations for Personally Identifiable Information (PII) vulnerabilities, complete with insightful code snippets.
  • Detections for HTML injection and dynamic code loading have also been refined for increased accuracy.

πŸ€– Open Source

  • Added support for scanning a list of assets using a Yaml asset definition file. You can pass an asset definition file using the -a flag, e.g:
oxo scan run --install -g agent_group.yaml -a assets_group.yaml

OXO target group definition
- Fixed a bug related to the download progress while installing agents. The bug was a KeyError which usually occurred due to network issues when installing agents. Because of the bug, agent installation would sometimes fail. The error is now gracefully handled so that agent installation does not fail.

πŸ—οΈ Improved API Keys page

The API keys page has been redesigned for ease of use.

Tags:

remediation, oss, attack surface, automation rules