Back-end:
- Fixed configuration error importing 2015 CVE's
- Fixed radom crahs importing NVD datastream using JSON
- Fixed import of MS Patch data after change of excel-reding component
- Adapted EPSS score based in asset importance
- Added service for vulnerability details
- Fixed the database connection by heavy API use
- Added search indexation
Front-end:
- Changed logo's to new logo
- Added ability to change asset details
- Added difference between active and inactive assets
- Making the dashboard more configurable by enabling/disabling widgets
- Added the option to set importance level for the organisation of an asset
- Added asset names to the labels of agent push statistics
- Added ability to go to vulnerability details from some of the graphs
- Introduced dark mode
- Added search capabilities
- Added two widgets showing cumulative risk of exploitation in groups and percentile
Additional remarks:
When searching the results can be refined by using multiple search terms. It is also possible to narrow the search to a specific subject. For example, adding cve: will narrow the search to public CVE ID's. Other possibilities are server: (server names,) ip: (IPv4 addesses), ipv6: (IPv6 addresses), os: (for operating systems).
Examples are:
- os:windows will find assets running the Windows operating systems
- ip:192.168 will search for assets with ipv4 addresses containing '192.168'
- cve:CVE-2019 will limit the search to CVE ID's containing 'CVE-2019'
By default the search will use the search terms combined with OR. This means that if one of the terms is present than the search hit will be shown in the total of results (if relevant enough). If you want to combine search terms to limit the result, please use AND between searches. For example:
- rpc AND cve:2019
Will search for the term 'rpc' and 'cve:2019' resulting in all vulnerabilities from 2019 relating to 'rpc'.