Release Notes

Release Notes

Release 24.11 [Nov 30, 2024]

  1. Additional Vulnerability Sources: 
    1. Added six new sources to improve CVE coverage and providing wider understanding of vulnerabilities.
  2. Scanner Integration:
    1. Added a new scanner source to make vulnerability assessments easier and more effective.

Release 24.10  [Oct 31, 2024]

  1. Standardized Industries Curation:
        Streamlined and aligned industry sector curation to enhance clarity and consistency.
  2. CVSSv4 Integration:
        Implemented CVSSv4 scoring from NVD to enhance score coverage for vulnerabilities.
  3. Additional Vulnerability Sources:
        Integrated 13 new sources to expand CVE coverage, providing broader insights into vulnerabilities.
  4. Zero-Day Enhancements:
        Enhanced Zero-Day CVE tracking with data from 4 additional sources to improve accuracy and comprehensiveness.

Release 24.9.1  [Sep 30, 2024]

Features/Enhancements

  1. CVSS Vector prediction algorithm implemented and CVSS is predicted for CVEs which do not have vector from sources today but do have minimal data required to predict the vectors.
  2. Threat Actor API - An API which gives user an  end to end view of vulnerabilities exploited in the wild including the threat actors exploiting them
  3. KEV API -  An API which gives the list of key exploited vulnerabilities along with the summary information of the vulnerability. 
  4. Fixes for Ivanti, Apple, Microsoft, Bitdefender, Adobe, Oracle for structure changes
  5. CVE coverage - Added 28 sources. 

Release 24.8.1  [Aug 29, 2024]

Features/Enhancements

  1. CVE and Threat Coverage - Added new source for Zerodays
  2. CVE coverage - Added 22 sources

Release 24.7.1  [July 25, 2024]

Features/Enhancements

  1. CVE Coverage -  Authorized Data Publisher [ADP] Enrichments
  2. Package Coverage - Added 2 new sources
  3. Threat Coverage - Added in the wild sources
  4. CVE Coverage - Added 5 new sources

Release 24.6.1  [June 27, 2024]

Features/Enhancements


  1. More coverage for CVEs - AlienVault.
  2. Added more coverage for product categorization - SSH, VNC. 
  3. In the wild threat objects created for CVEs with Ransomware.
  4. Upgraded to Mitre CVEListV5
  5. Added new package source- Ruby
UI
  1. Implemented scroll functionality for saved filters
  2. Removed Software CPE from Sidekick
  3. Detailed view page of a CVE can be made public now based on request.
Fixed Issues
  1. Users should see API key in UI documentation now
  2. Addressed change in layout for Samsung
  3. Addressed parameter changes for Cisco
  4. Comprehensive API - Restricted the max pagelimit to 100

Release 24.5.2 [May 25, 2024]

Unified Login Page

Unified Login Page for a Simpler & Improved Experience: With the Securin unified login page, you can access all Securin products using a single set of credentials, streamlining the login process.


Features/Enhancements

  1. CVE Coverage - Added New Sources: By adding sources, we enrich the coverage of vulnerabilities and reduce the data latency between the time the CVE was first known to exist and the time it was publicly disclosed by known sources like US-NVD.
  2. Initial Access Intelligence: This feature allows users to quickly identify the CVEs commonly used by cyber adversaries to gain the initial foothold in an organization’s network. Initial Access CVEs are represented with additional tags that can be seen in the Comprehensive API. 
  3. Saved Filters: This new feature in the UI allows users to define a certain set of filters that will be often used and save it for future use.

Release 24.4.1  [4-Apr-2024]

  1. Exploit-DB - Improved the coverage for CVEs
  2. ThreatWatch Sources - Added 60+ sources for monitoring threats
  3. CPE API - New API which would provide the vulnerabilities associated given a CPE.
  4. Data Coverage - Added more coverage for Ivanti CVEs

Release 24.3.2  [21-Mar-2024]

  1. CVSSV4 Early Adoption  - This is made available in UI. (Palo Alto)
  2. Risk Index - NER Model tags and duplicate checks improvised.

Release 24.3.1  [5-Mar-2024]

  1. CVSSV4 Early Adoption  - Palo Alto - CVSSV4 and its attributes are being brought into the vulnerability view and is available as part of the comprehensive vulnerability API. UI changes will go in the upcoming releases.   
  2. Favorites  - UI -  This feature allows users to bookmark frequently used CVEs for quicker access.
  3. Threats - Additional fields like description for certain sources, threat source published dates, verified flags from exploit-DB are being exposed as part of the vulnerability API now 

Other Changes (Internal Tracking)

  1. Product Adoption Report - A weekly report generated which gives a metrics on the usage of the APIs by the customers + any errors faced by the customers

Release 24.2.1  [8-Feb-2024]

  1. Risk Index -Metadata Scores - Multiple descriptions for CVE from valid sources are  now considered for determining the vulnerability type. Risk Index score is modified and reflected now for all CVEs based on this change
  2. ThreatWatch - The process is automated to pick up the keywords file automatically from G-drive. Any updates to the keywords in the file should automatically get reflected in the next alert.
  3. Data Coverage - Zero Day Initiative - CVEs from ZDI are ingested into the platform
  4. Temporal Metrics - New sources added and revised the decision tree + bug fixes

Tech Debts

  1. Audit Audit log introduced for Redhat
  2. ThreatWatch alerts - HackerNews - added home page URL 

Release 24.1 [31-Jan-2024]

  1. CWE Prediction - Change to go against the multiple descriptions available for a CVE and picking up the right CWE based on the relationship.
  2. Apple - In the wild keywords refreshed.
  3. ThreatWatch Sources - Added new source - Socradar and Fortinet. Incorporated appropriate filter for the alerts so that only important ones flow through in the email.
  4. Product Categorization - Enhanced the algorithm to remove certain false positives.
  5. RBAC - "FREE" Role added. This will be used for non-VI customers while we move towards SSO
  6. MITRE TTP - Added indirect Associations and deprecation checks
  7. Migration of Canvas from Securin to CSW

Other Fixes/Tech Debts

  1. Audit log introduced for US-NVD, Cisco, ICS, VMWare
  2. Keycloak - User Update flow and email id case check fixes
  3. Nuclei Parser fix for the new field/vector strings
  4. In the wild and Huntr fix to switch to the new NVD flow - Accomodated the new domain fix for Huntr as well.
  5. Threat Counts and errror messages for login flow corrected In the UI
  6. Qualcomm - Parser fix to move to a standalone parser to ensure it runs on a daily basis.
  7. Corrected the NER/Ransomware look up logic in scoring
  8. Split NVD to separate out the email corpus for better performance.

Release 23.12.2 [22-Dec-2023]

Risk Index Updates
 
NER Models:
  • Four new tags have been introduced.
  • Refinement of ransomware and malware tags for increased accuracy.

Predictive Models:

  • The training approach for models has been modified to enhance the distinction between positive and negative classes.
  • Utilization of the threat object to expand NER tags

Metadata Model:

  • Introduction of normalization of metadata scores for vulnerabilities without a threat.
  • Integration of MSRC exploitability into the metadata threat factor

 
SBOM Updates

  • Package Coverage - Pypa and Go sources ingested.
  • Packages and their corresponding impacted versions, for the sources ingested so far, are now available in the vulnerability endpoint under affectedSoftwareConfiguration

 
Fix done for NVD API updates released recently.
 
UI Changes

  • Affectedversions and product categories displayed under affected platforms
  • List view - Column Selection -> No of threats vs no of exploits/malware made mutually exclusive
  • TOTP setup moved to the settings page
  • RBAC -  few changes on the display of data for trial users.

Release 23.12.1 [15-Dec-2023]

Mitre TTPs – CVE to Mitre TTPs
  1. Mitre Tactics and Techniques have been successfully integrated into the platform..
  2. Direct associations have been established from CVE to CWE to CAPEC to TTPs
  3. Three new APIs have been exposed:
    1. Tactic Endpoint: Provides information on a tactic, including all related techniques and vulnerabilities
    2. Technique Endpoint: Offers details about a technique, including associated techniques, tactics, and vulnerabilities.
    3. TTPs-to-CVEs: Given a tactic or technique, this API lists out all vulnerabilities associated with it.

Data Coverage & Fixes

  1. CWE Prediction - CWEs have been predicted for ~ 25K CVEs that previously lacked CWEs, utilizing a prediction algorithm. This is now accessible through the API and UI views
  2. Data Coverage - CVE - New CVEs from Oracle are ingested into the platform.
  3. Product Categories - As part of the first iteration, we've introduced product categories based on certain affected product/vendors for CVEs. The current algorithm associates product categories with nearly 20K CVEs, and this information is now accessible through the API.
  4. ThreatWatch Alerts - Additional source URLs from SecurityAffairs and Zdnet have been incorporated into ThreatWatch Alerts

Release 23.11.2 [28-Nov-2023]

Data Coverage & Fixes   
  1. Nuclei Template: Vulnerabilities info and templates from Nuclei are being ingested into the platform and is available in the vulnerability API under the plugins with category as Templates. As of now, UI shows the templates under the plugin tab with the Nuclei icon. 
  2. CVE coverage  - Ivanti - Data is ingested into the platform
  3. Curated threats - Exploits - Canvas, White Phosphorus, D2Sec Elliot one-time feed ingested using the corpus file.
  4. Advanced Search fix done in UI for threat Aliases.
Keycloak
  1. We have moved to Keycloak for authentication. Any new users created in VI will now be authenticated from Keycloak. Both UI and API changes are completed for this.

Release 23.11.1 [15-Nov-2023]

  1. RBAC Driven Show/Hide/User Messaging of Menu Items and Tabs - Implemented in landing page, vulnerabilities, Weakness and Sidekick.
  2. Securin Copilot (Chatbot) - Implemented Chat history where user can continue from where they left. 
  3. Risk Index Filter and sort added in the List view
  4. Weakness API - Added new filters and standardized few fields. 
  5. Cisco - In the wild keywords refreshed.

Release 23.10.2 [2-Nov-2023]

Data Coverage & Fixes
  1. Curated CVEs - A new corpus for CVEs have been introduced where researchers can add CVEs/attributes as and when they come across and we need not wait for the actual source to be ingested into the platform. 
  2. CVE - Debian/Redhat - fixes done for packages
  3. Threats - Metasploit - Manually curated and Ingested threats from additional exploit modules
ThreatWatch
  1. ThreatWatch email alerts is build in VI platform against 7 sources to start with - (bleepingcomputer.com, securityaffairs.co, Zdnet, Bitdefender, thehackernews.com, swarm.ptsecurity.com, anomali.com, Verfassungsschutz)
Scoring/ML
  1. Risk Index - Formula modified for threats and without threats, vulnerability type refreshed with the new CWE prediction. 
Tech Debts
  1. Audit log introduced for Microsoft, first.org, Github_Advisory
  2. NVD Feeds completely stopped and cleaned up from Securin flow.

Release 23.10.1 [11-Oct-2023]

  1. Naming of the Posts type has been standardized to Deep & Dark Web, Social Media
  2. Weakness API - Changed the response structure to include only the vulnerability id in the vulnerability block, other attributes for vulnerabilities are removed and can be queried using the vulnerability API separately.
  3. Automated the APT and Ransomware corpus to pick from the G-sheet directly. No manual intervention required now to upload to S3.
  4. Delete logic handed for CISA

Release 23.9.2 [28-Sep-2023]

New Features / Enhancements
  1. Definitive VRS - Changed to handle score 0 scenarios
  2. Replaced deprecated CWEs in CVE-to-CWE Associations
  3. Threats - Coresecurity: Change in the published and modified dates
API Changes
  1. Include/Exclude feature : Users can now control what fields they get to see as part of the response of the vulnerability API by using this include/exclude option in the request body. 
  2. Trial role - New Trial role introduced which would show only limited information in the response of the vulnerability API
  3. Sidekick added as a mandatory role to access Sidekick functionalities
Risk Index Improvisations
  1. Microsoft Exploitability Index added
  2. Score fluctuations controlled
UI Changes
  1. VI Chat Bot: ChatGPT is integrated into the VI UI. This can be used only with the required entitlement for it.
  2. Minor changes - Integrated with V2 timeline API, Sidekick CPE to CVE name change, Sort parameters changed, moved to searchAfter for better performance
SBOM
  1. Maven & Go : Packages and vulnerabilities are extracted from Github and the respective package versions are being extracting from the corresponding Package Manager.
  2. Package API - The data for Maven and Go is also available as part of the package endpoint. 

Release 23.9.1 [15-Sep-2023]


New Features / Enhancements

SBOM :  PyPi & NPM Packages  : Source - Github Advisory.
  1. Framework set up to get all the Package versions and vulnerabilities
  2. API - New Endpoint created for packages - Given a Package URL /s, vulnerabilities associated will be returned.
AutoLabel Algorithm
  1. Refined / added new keywords

Release 23.8.2 [6-Sep-2023]

New Features / Enhancements

  1. Debian CVE source ingested into the platform

  2. Reddit - Enriched with more handles

  3. Integrated with Twitter V2 API and added new handles

  4. Train 3 brought back in Production Flows for Predictive Scores Comparison W/ Risk Index

API Changes
  1. New fields - Weakness count and affectedProductCount added to vulnerability API
  2. Sidekick Role will now have all Sidekick modes supported
  3. Timeline API V2 - New Endpoint V2 [Posts/Discussions] created with standardized Fields

Release 23.8.1 [18-Aug-2023]

New Features / Enhancements in UI/API

  1. Standardizing all the request input parameters of the vulnerability API

  2. Added Risk Index to the list view and detailed view and can be viewed only if you have the required entitlement for it. 

  3. Single User ID (email-ID)  provisioned with both UI and API Access

  4. Changes to Detailed View – Posts/Discussions – Limit to Recent 10 + Show More

  5. Weakness Module –  Refreshed Mitre ranks, Added No of CVEs in List View

  6. Added additional filters for plugins

  7. Links in the footer updated with the right links

  8. Counts added to all relevant filters and tabs in the detailed view

  9. Column attributes in list view upon click navigates to the respective tabs with appropriate filters applied in detailed view

  10. Added filter for reference tags

  11. HackerPost discrepancies corrected

  12. Timestamp format in API made consistent across all date fields

Other Changes
  1. Data Coverage - CVE - ICS Advisories ingested (first 100 pages)
  2. Published date fix for scanners
  3. Retaining only the latest 10 relevant posts in the vulnerability API
  4. Real-Time Update of CVE to CWE Associations & Counts

Release 23.7.2 [27-Jul-2023]


New Features / Enhancements

  1. Nessus - Plugins from nbin files are also extracted in addition to nasl files and the data is now available in the platform

  2. Nessus, Nexpose and Qualys - Deprecated plugins also handled

  3. Few changes - Scanner name added to the sources list, published date of a cve changes, source name corrected for Qualys threats.  

Release 23.7.1 [21-Jul-2023]

New Features / Enhancements

  1. NVD Feeds to API : NVD feeds are now switched to API for both CVE and CPE.

  2. Curated Threats : A new corpus for threats (in the wild) have been introduced where researchers can add threats as and when they come across and we need not wait for the source to be ingested to get this into the platform. 

  3. Modified Date removed for Github for CVE.

  4. Temporal Metrics - Undefined renamed to Not Defined. 

    . 

UI/API Changes

  2. Sidekick UI And API changes for file format and naming, Change in download templates for all modes (Sidekick, Sidekick CPE to CVE, Software CPE, CVE Research) 
  3. Added new documentation spec files
  4. Fixed threats published date, published month and year fields

Release 23.6.2 [23-Jun-2023]

New Features / Enhancements

  1. CVE  - GitHub Advisories is being ingested into the platform.  

  2. Temporal Metrics - Coverage extended to Qualys, Nessus, PacketStorm and few rules modified.

  3. 2 additional threatWatch sources ingested

  4. BaseScore, Impact Score, Exploitability score is now calculated in the platform from the available vector string. Not all sources were providing these scores.

  5. Modified date is ignored from Scanner plugins for a CVE

  6. Mcafee - Published dates refreshed. 

UI/API Changes

  1. Scores entitlement - A new entitlement for SCORES is added to API users and API users assigned to that role will be able to see only score related attributes and summary level details of the vulnerability.
  2. EPSS is now available in the UI. 
  3. Few Changes - Consistent representation of Predictive indicators, Definitive VRS, Predictive VRS & CVSS, Code Snippet represented with a boolean value,  TOTP issues.
  4. Timeline API is now retrieving all posts

Release 23.6.1 [6-Jun-2023]

New Features / Enhancements
  1. CVEs from CNA sources not present in Mitre/NVD has been brought into the system based on certain product rules
  2. Fixes/Changes - Nessus UI extraction issues, Palo Alto link fix, Microsoft threat fixes, Ransomware escape characters fixes, Packetstorm incremental changes, Cisco Url changes, VMWare vector fixes
  3. Alerts for Pipeline jobs - Alerts have been set up for the main data pipeline jobs.
  4. Data Coverage - [Threats] - Github Horizon AI - Ingested into the platform
UI/API Changes
  1. Sidekick CPE to CVE - A new option is being provided in sidekick where the user can enter product, vendor or CPE to get the associated vulnerability details. Sample file is also provided for each option for the user to download and input accordingly. 
  2. Weakness tab - New tab is being exposed for weakness including the list view and detailed view with the details available in the platform now
  3. Detailed View changes - Back button introduced in the detailed page, spacing issues, description handling, Predictive indicator display and deprecated plugin filters
  4. TOTP issues - Blank issue rectified for new users
  5. Predictive VRS filter fixed to handle decimal issues. 

Release 23.5.2 [19-May-2023]

New Features / Enhancements

  1. Fixes/Changes - Apple one-time feed for missing cves, Qualcomm, Samsung and cisco changes, scanner score changes to handle additional scenarios
  2. Description for handling reserved and rejected CVEs when title is available
  3. Vulnerability API 2.0 - This is now capable for handling full loads within 2 hrs using searchAfter.
  4. Predictive VRS filter for API - fixed

Release 23.5.1 [5-May-2023]

New Features / Enhancements

  1. CISA - Additional fields from CISA - addedDate, dueDate, requiredAction is now available as part of Vulnerability API.
  2. NVD Scores : NVD baseScores are now available as a separate object baseUSNVDMetrics in the vulnerability API
  3. Fixes - Apple fixes for publishedDate for CVEs post 2016, Scanner score metric fixes done
  4. EPSS - EPSS scores (probability) is now available as part of Vulnerability API
  5. Vulnerability API 2.0 - Error handling for invalid search parameters, active plugin vs deprecated plugins retrieval controlled by a flag now
  6. UI - Login page has been revamped and documentation of the API updated with the new fields

Release 23.4.2 [26-Apr-2023]

New Features / Enhancements

  1. UI Admin - Admin screen is now available in the UI, We should be able to create a user, Edit/end a user, create an organization, search for a user and list all users here. Only users with Admin privileges will be able to view this tab

  2. Detailed View of Vulnerability Changes

    • Detailed Page - Right Panel - Indicators - On click takes the user to the corresponding tab

    • Alignment of tags under threats and sources in threats clickable

    • Timeline - Multiple events falling on the same date combined to one

    • References is now including all references for CVE, exploits, malware

    • Detailed Page - Right Panel - Predictive Indicators moved to separate line items

Release 23.4.1 [21-Apr-2023]

New Features / Enhancements

  1. Data Coverage - [Threats] - Packetstorm  is being ingested into the platform and autolabel is also being computed for the records. 
  2. Exploit-DB - Additional information - tags, aliases and modified date is also brought into the platform. 

Release 23.3.3 [24-Mar-2023]

New Features / Enhancements

  1. Data Coverage - CVE - CVE data from Nessus, Qualys, Nexpose (CVSS, published/modified dates from the respective plugins) have been integrated and is now available in the platform
  2. Data Coverage - [Threats] - Qualys - Exploits and Malware from Qualys as a source is ingested into the platform. 

Release 23.3.2 [18-Mar-2023]

New Features / Enhancements

  1. Data Coverage - [Threats] - GitHub source - Nomi-Sec & Huntr.dev have been ingested into the platform.
  2. UI change : All tags are now displayed under threats in detailed view. 

Release 23.3.1 [9-Mar-2023]

New Features / Enhancements

  1. Data Coverage - CVE - NVD API full load has been integrated and the vulnerability information - CVSS attributes and weakness from non-Nist sources has been added for additional data coverage.
  2. Data Coverage - CVE - VMWare one-time feed for data prior to 2020 has been ingested.
  3. Exploit published date - The exploitPublishedDate in the vulnerability API now has the earliest date of all the threats that is available in the system for the respective CVE.
  4. CVSS source field - A new source field is introduced under CVSSV2 and CVSSV3 which holds the source from which the CVSS is extracted.
  5. UI changes - Login page image has been changed as per the new Ux design.
  6. API documentation - UI - The new changes done for the API is reflected in the documentation now

Release 23.2.2 [2-Mar-2023]

New Features / Enhancements

Vulnerability API  - Version 2.0

  1. Incremental API - API has the capability to get vulnerability incremental updates based on the viUpdatedDate.
  2. Other changes - Predictive filters, Patch filters and malware filters are all now pointing to the new data and UI also has this reflected.

Release 23.2.1 [24-Feb-2023]

New Features / Enhancements

Vulnerability API  - Version 2.0

  1. Fixes & Exploits - Availability of Patch is moved under fixes in the API.  Fixes has a new structure including sources and references. This includes CNA data as well. Availability of Exploits is also taken out and will be covered under threats.
  2. New fields added - malwareCount, pluginCount, isExploitedInTheWild, version details are also being populated and  added newly as part of the response and few cleanups are also done.
  3. Vulnerability Full Load API - A new API is implemented which is more efficient in pulling the full load data and would be useful for customers who would require full load of the vulnerability data. Full load gets completed in 15-20 mins now. 

Data Coverage

  1. [CVE] - Apple prior to 2008 one-time feed has been ingested and is available in the platform now.
  2. [Threats] - Exploit Markers - Exploit Markers from US-NVD have been ingested into the threat flow.

UI Changes

  1. Detailed UI - The detailed view of a CVE is being enhanced as per the new Ux design and is also reflecting the new details like plugin information, reference tags. All threat information is now combined and shown under the threat section with appropriate filters, timeline view is now a compact view which has only the important events in the system.
  2. Other Changes - New colors, icons, pagination effect and few suggestions from Ux team have been incorporated

Release 23.1.2 [17-Jan-2023]

New Features / Enhancements

  1. Data Coverage - Scanners - Plugin Information is extracted from the scanner Nexpose and is associated with the vulnerability view in the pipeline.
  2. Temporal Metrics - This is being enhanced to account for the exploit markers and the undefined metric for exploitability. This is also being refactored to reduce the overall runtime.
  3. API - Predictive score severity is also being populated in the pipeline and is available in the comprehensive API.

Release 23.1.1 [12-Jan-2023] 

New Features / Enhancements

  1. Data Coverage - [CVE] - Vulnerability Information is now being extracted from one more CNA source -  Palo Alto
  2. CPE-CVE - A new mapping has been established explicitly between CPE and CVE to ensure the sync process between CPE and CVE is seamless.
  3. Nessus - Few fixes for Category and family names are being addressed
  4. Beta API - This is to be used only for internal purposes. This API is similar to comprehensive API but contains the new scores from Train 2.1 for product team to review and finalize.

Release 22.12.4 [22-Dec-2022]

New Features / Enhancements

  1. Temporal Metrics - Few changes have been incorporated to improve the current metrics wrt Alienvault, XSS checks and threat sources.
  2. Data Coverage - [CVE] - Vulnerability Information is now being extracted from one more CNA source -  VMWare.  Note data is from 2020 onwards.
  3. Train 2.1 - New Models and features for train 2.1 is deployed to production. Please note these scores will not be show up in the UI or APIs or vulnerable_ranking collection. So we should not see any impact on any existing customers. A new pipeline with new components is created for this and this would help the team internally to evaluate in real-time how the models are performing and come up with modifications for Train 3. 

Release 22.12.3 [08-Dec-2022] 

New Features / Enhancements

  1. Data Coverage - [Threats] - Exploit Markers - Exploit Markers from CISA Catalog, Alienvault OTX, MSRC, Cisco, Apple have been ingested into the threat flow and VRS is being considered as weaponized for these records thereby reflecting the appropriate VRS scores.
  2. Definitive VRS - Inclusion of Malware types/ Exploit kits are in place now for VRS calculation.

Release 22.12.2 [07-Dec-2022] 

New Features / Enhancements - UI

  1. Data Coverage - [Trends] - We have ingested the trends for Microsoft threats in the Securin pipeline flow and lastTrendingDate for the Microsoft threats is now available as part of the comprehensive API.
  2. UI Quick Change - We have removed the content (Name of the author etc) from the login page and have also updated the About, Privacy and terms of use links to point to Securin links. Total CVEs Informational text change to info.
  3. API Documentation - A new public facing url has been exposed which has the documentation for the API -https://www.developer.securin.io/

Release 22.12.1 [06-Dec-2022]

New Features / Enhancements - UI

  • Securin Branding - The new color pallets and skins are now live.

  • Total CVE Widget - P-VRS Widget is also added new, the horizontal bars are changed to vertical and added legends. This is still with the old scores. Once train 2.1 is released ew can see the new scores reflecting.

  • Trends Screen - New Trends screen is developed with Mock Data and with the appropriate sort and filters views

  • Search button - Enabled with Enter key now in list and landing page.

  • Comprehensive API ( V2) is being switched with the new structural changes and UI is also modified to adhere to the new structure of the API.

  • List View - Tagging of new CVEs which came into the system past 24 hours and additional columns have been added - cvssv2, cvssv3 and no of exploits. Limited to <=7 columns at any point of time.  

  • Detailed View - Vulnerability tags added for lastTrending and CISA.

  • Timeline Component - New time line component is added in the detailed view. This will be a growing list - To start off with we have - cvepublishedate, firstexploitseendate, maxcyratingdate and cisaddeddate plotted. Note: This detailed view is getting changed shortly.

  • Temporal Metrics V2 and V3 : This is now available in the detailed view under scores tab.

  • Advanced Search - Multi-Select enabled for attackClassifcation

  • Comprehensive API - Able to query based on viupdatedDate - Incremental enabled. Please note backend changes for the predictive side is not yet completed for the updatedDate. The Limit of the rows to be queried in one shot  is modified from 50 to 100 now.

  • Stats API - This is enhanced to include the body parameters so that we know what users are querying on. 

Minor Fixes/Enhancements

Release 22.11.3 [23-Nov-2022]

New Features / Enhancements

  • Data Coverage - Scanners - Scanner pipeline has been established and Plugin Information is extracted from the scanners Nessus and Qualys and is associated with the vulnerability view in the pipeline.


    Comprehensive API - Plugin data is now exposed as part of comprehensive API and also within Posts - Author field is newly introduced. This is populated newly in the pipeline jobs.

Release 22.11.2 [15-Nov-2022]

New Features / Enhancements

  1. We have migrated the data and developed a new weakness API with the authentication mechanisms in CSW platform so that ASPM team can start consuming this. We will be shutting down the Securin APIs once ASM and ASPM teams confirm we are good and the cooling period is over.

Release 22.11.1 [10-Nov-2022]

New Features / Enhancements  

  • All APIs - Increased the session timeout from 24 hrs to 7 days now. This is applicable across all APIs and  with UI as well. This will also give enough time for new users to set up within 7 days.  

  • Microsoft Threats - We identified a few gaps as not every version in Microsoft is active all the time. So we manually fed those additional old versions for better coverage.

  • Auto-labeling changes - Included threat behavior also to compute the autolabel for microsoft threats to get more accurate results.

  • CVSS changes for attack Vector (ADJACENT and ADJACENT_NETWORK) to match NVD standards and its corresponding VRS changes. 

  • Additional Websites added  - Deep & Dark Web (1 - Forum, 3- Repos) and 1 clearnet site.

Release 22.10.1 [20-Oct-2022]   

New Features / Enhancements  

  • Threat Coverage - Added additional sources for threats - McAfee [Exploit Kits]

  • Additional Websites added for Deep & Dark Web (1)

Release 22.9.2 [8-Oct-2022] 

New Features / Enhancements

  • Landing Page - CVE Distribution - By Severity - The widget has been enhanced to accommodate the severity levels

  • Vulnerabilities - List View - This has been enhanced to include the download of CVEs along with the key attributes in the list view and the select column menu where the user can select columns to display in the list view.

  • Sidekick - Additional option - CVE Analysis introduced to extract close to 50+ attributes for the CVEs being provided by the user. This is going to help the research team on any analysis of the vulnerabilities that are ingested into the system.

  • Sidekick - View Results - Apart from the downloading the results to a file, user can also view the CVEs in the list view using the view result option.

  • API  - Beta API with the structural changes is completed ( changes possible at the API end)  and the API documentation is also updated in the UI.

Release 22.9.1 [29-Sep-2022]    

New Features / Enhancements

  • Definitive VRS - Scoring  - VRS algorithm is migrated to CSW platform and is also now getting calculated for CVEs where CNAs provide the attributes when it is missing from NVD. This also includes access complexity change in the algorithm from medium to low.

  • Threat Coverage - Added additional sources for threats - Exploits & Malware - Microsoft

  • POC and PentesterFramework tags added as part of the threat view and flags set accordingly.

  • Software_CPE -  CPE official dictionary collection is created and a elastic view with its corresponding CVEs and its important attributes is created so that we can query based on CPEs directly. Deprecated CPEs along with the deprecated by information is also provided so that we get to know the new CPE (if any)  if it is deprecated. Whenever a CPE or CVE information is getting updated, this view will also get refreshed.

  • Temporal Metrics V2 and V3  - Temporal metrics is now available under CVSSv2 and CVSSv3 for all CVEs as per the respective standards and is present as part of the Beta API.

  • Few bug fixes - Corrected the source of NVD to US-NVD, description field, CPE cache issues CWE removal, Core Security duplicates and Auto-label algorithm fixes.

Release 22.8.2 [30-Aug-2022]  

New Features / Enhancements

  • Comprehensive API with structural changes (70% complete)  suggested by the product is available in the Beta version of the API -https://apigargoyle.com/v1/vulnerabilities/rankings/comprehensive/beta. Once we have the new domains in place we can switch to that completely along with the UI integration. Documentation is pending for this. Please note that the backend changes in unifying the data are still pending for the new fields. We will get there by Q4.

  • Landing Page - Summary of all the counts - This is live data now, previously we had mock data. Search bar also introduced where the user can search on CVE id from the landing page itself.

  • Landing Page - Total CVEs Widgets

    • CVE distribution by CVSS Severity and VRS Severity - Rows are made clickable and opens up the list view with the appropriate filters.

    • CVE Distribution - D-VRS vs CVSS - Each cell is made clickable and opens up the list view with the appropriate filters.

  • Landing Page - Exploit Widgets

    • CVE distribution by Attack classification - Rows are made clickable and opens up the list view with the appropriate filters.

    • Top 10 CVEs by no of Exploits - Each CVE is clickable and opens up the detailed view of the CVE in the list view with the exploit filter set. View more options also takes the user to the list view with the appropriate filters

  • Landing Page - CISA KEVs Widgets

    • Newly added CVEs - Lists out the CVEs that were published by CISA in the past 24 hours, past week and past month. CVE is clickable which takes the user to the detailed view of the CVE in the list view

    • CISA KEVs by D-VRS - List the top CVEs in CISA sorted by Definitive VRS. The view more option takes the user to the list view with the appropriate filters.

  • Landing Page - Affected Vendors Widgets

    • Vender Overview - Drop down list of the vendors which gives the funnel of  total CVEs, weaponized,  RCE/PE and trending. It also gives the count of CVEs having Ransomware, part of CISA KEVS, and threat actors. Each of these icons /tabs are clickable taking it to the appropriate list view. Weaponized alone is pending.

    • Top Vendors by Vulnerabilities - Lists out the top 10 vendors by vulnerability count and also list the most vulnerable product. Each row is made clickable and opens up the list view with the appropriate filters.

  • Landing Page - Ransomware - Widget - List the top CVEs by ransomware associations - Each CVE is clickable and opens up the detailed view of the CVE in the list view with the ransomware filter set. View more options also takes the user to the list view with the appropriate filters

  • Landing Page - Trending CVEs (Widget 1 is mock data) - Widget 2 - Top Trending CVEs by definitive VRS - Each CVE is clickable and opens up the detailed view of the CVE in the list view with the ransomware filter set. View more options also takes the user to the list view with the appropriate filters

  • Landing Page - ThreatActors - Widget  - List the top CVEs by threatActor counts - Each CVE is clickable and opens up the detailed view of the CVE in the list view with the threatActor filter set. View more options also takes the user to the list view with the appropriate filters

  • List View and Detailed View - icons are clickable now which opens up the respective tabs in the detailed view of the CVE.

  • Advanced Search feature enhanced

    • Malware Names -  Ransomware name suggestions show up in the UI while the user starts typing in and user can search on a particular ransomware.

    • ThreatActors - ThreatActor name suggestions show up in the UI while the user starts typing in and user can search on a particular threatActor.

  • CVSS filter added in list view

  • Login - Removed the text and call feature.

Release 22.8.1 [22-Aug-2022] 

New Features / Enhancements

  • Data Coverage - [CVE] - Vulnerability Information is now being extracted from more CNA sources -  Cisco, Samsung,  Apple and Qualcomm

  • Threat Coverage - Added additional sources for threats - Canvas.

 

Release 22.7.1 [18-Jul-2022]   

New Features / Enhancements

  • Data Coverage - [CVE] - Vulnerability Information is now being extracted from the CNA sources -  Microsoft - 9033 CVEs, RedHat - 27315 CVEs. New streaming architecture and Parsers built in the platform for this so that the data flows in real time and not in batch.

  • Threat Coverage - Added additional sources for threats - CoreSecurity. There was an additional de-duping logic that was also implemented which would be useful in removing the duplicates in the upcoming threat sources as well. Next to be released will be Microsoft threats.  

  • API & UI - Changes to accommodate the additional information from CNAs

Release 22.6.1 [28-Jun-2022]   

New Features / Enhancements

  • List View of all vulnerabilities with Filters on

    • Vulnerability Tags - CISA, Trending

    • Definitive and Predictive VRS range

    • Definitive Indicators - Exploits, Ransomware, Threat Actor

    • Predictive Indicators

    • Patch Availability

  • Sort capabilities on

    • CVE id

    • Definitive VRS

    • Predictive VRS

    • CVSS

    • No of Threats - Exploit count + Ransomware Count.

  • Search capabilities on

    • CVE id(s)

    • Published time period

    • Attack-classification - RCE, PE, WebApp, DoS and Other

    • Vendor and Product. A new Product-Vendor API is being developed where the Vendor and Product suggestions show up in the UI while the user starts typing in.

  • Detailed View of the CVE which shows the description, Affected Vendors, Indicators and has the below additional tabs to show more details about that vulnerability.

  • Scores tab - CVSSV2, CVSSV3 & Temporal Metrics, VRS

  • Changelog trends for Predictive Score - Shows the graph and model which led to the derivation of the score.

  • Definitive details - More details on the Exploits, Ransomware and Threat Actors for that vulnerability.

  • Predictive details which was part of Cyr3con already - Hacker discussions, POCs, Pen tester Frameworks, Exploits in the wild.

  • Weaknesses

  • Affected platform

  • Patch availability and references which was part of Cyr3con data already.

  • Login Flow

    • Users can login with their email id now for both API and Users.

    • 2FA flow enabled  - TOTP, Send Mail, Send Call, Send Text (For US customers only for now)

    • Forgot Password flow with the direct link to Reset Password page.

    • Settings for Change Password. Please note the New user set up flow is pending and for now Admin can be thru the old UI only. This is planned for Q3.

  • Sidekick and Software CPE - User can input their own CVEs in a csv file and will be able to download few details of those CVEs and view the history of the requests made as well.

  • Landing Page displaying the counts and widgets for Ransomware and ThreatActors with mock data.   
    Documentation of the Comprehensive API available in the UI.

  • Base VRS - Predictive Score for all CVEs

    • Components changed to pull in all CVEs that do not have mentions to assign a base score of 1. This would be enhanced in Q3 with multiple tweaks and changes in the model to assign the score as per the models.

    • Point worth mentioning here is a UAT test environment has been set up newly which would split the whole pipeline into 6 phases where snapshots of each phase can be taken and restored through scripts. This will help save a lot of time as we can resume at the phase which has any issues rather than running the whole set up all the time

   

Release 22.5.1 [17-May-2022]   

New Features / Enhancements 

  1. Trending CVEs from Google - a new field lastTrendingOn is added as part of the VI API and would capture the trending date of the CVE if it is trending in the last 7 days.
  2. Auto-labeling - For each threat (exploit) in VI platform associated with a CVE, the attack classification will be calculated using Securin's Auto-labelling Algorithm. This is available in the response of the VI API against the respective CVE.
  3. A new Comprehensive API containing both definitive and predictive data is available in production now for internal use only. To make this customer ready, we would need to work on the performance testing and standardizing the schema.
  4. APT Name is also merged to the APT associated groups so that the associated groups have all the names and alias.
  5. CISA Alerts - This job runs every 4 hours. VI platform will process that and these flags will appear in the response of the VI API against those respective CVEs. The automation script that pulls all the data for CISA CVEs is already  in place. Email alerts containing the required data for these CVEs are being triggered as and when we have new CVEs published in CISA.  
  6. VRS - Definitive Score is enhanced to include the new Auto labels, trending info and the weaponized flow is also set based on the prioritized flag (CSW,CISA).  We finally have VRS score 10 coming up for few CVEs.
  7. Product-Vendor API is available in production now where we can list out all the products given the vendor name and vice-versa. The source for this is NVD-CPE.

 


    • Related Articles

    • Risk Index Release

      Summary: A high-level overview of the Risk Index and how this change will impact platform users. Overview Securin is excited to announce the latest scoring methodology to simplify managing vulnerabilities: Risk Index. Risk Index will replace ...