Skip to content

RE 4.1.0
Compare
Choose a tag to compare
@karendm karendm released this 16 Jan 15:02
· 2 commits to develop since this release
v4.1.0
1d23e18
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Reporting Engine v4.1.0

This release of Reporting Engine (RE) includes the new features, improvements, and fixes outlined below. See README for full instructions.

New Features

  • Operator Notes (accessed via the sticky note icon on the Findings Edit and Details pages) can now be added to findings for anything that teams would like to track internally (these notes do not appear in any exported artifacts and only exist within the RE instance)
  • Findings screen now enables granular control over affected systems and their individual mitigation status
  • Multiple findings with the same name can now be added and are ordered based on the following hierarchy: severity > assessment_type > creation date/time - with this change it is even more imperative that users export all artifacts only after finding adjustments are finalized in RE so that the numbering/ordering of duplicate findings is consistent across artifacts
  • Full implementation of narrative blocks which can be used to pre-populate common attack path steps
  • Add CSV findings report export option for FAST
  • When a Narrative building block is selected, a 'Recommended' filter for tools and MITRE techniques can be used on the Narrative Details screen to select relevant tools and techniques
  • Add warnings throughout the app to flag missing data

Improvements and Updates

  • The Artifacts tab in the Activity tracker now has a CSV upload function to replace the artifact upload function that previous auto-calculated hashes - this is a temporary workaround until the SEI Design System is phased out
  • Various model and API updates
  • Since multiple findings can now be added, the External/Internal assessment type is no longer an option for findings
  • Risk score calculations (back end) are now in one central location versus distributed across multiple views - these calculations are performed each time a finding is modified/saved
  • Several dependencies have been updated - this could lead to unanticipated issues that were not detected during testing, so please be cognizant of bugs and report them via GitHub immediately
  • Add description to 'Mitigated Findings' section for FAST reports
  • Include two findings per page in 'Mitigated Findings' section for FAST reports
  • Allow users to add/remove the screenshot for each Narrative step
  • Navigation and usability improvements across the Narrative screens
  • Add 'Affected Systems' column to the Findings Summary table in the FAST report
  • Add 'First Discovered' and 'Last Validated' dates to findings for FAST
  • Remove 'Port Mapping' service from FAST GUI/artifacts
  • Remove TLP references from FAST GUI/artifacts
  • Remove acronyms table from FAST report
  • Add 'Mitigation Status' to dashboard for all assessment types
  • Eliminate redundant use of months in assessment date ranges taking place within the same month
  • Automatically replace double spaces after periods with single spaces on report generation
  • Split scope list (if lines exceed 10) into columns within the report
  • Increase character limit for Port Mapping ports and services fields
  • Update assessment ID format from RV####/RV####.## to VMA#######
  • Automatically set up dev secret
  • Warn users when the ptp.py run command is executed and existing RE containers are detected
  • Update KEV and tool database
  • Update README to include ptp.py start usage and instructions for automated daily backups
  • Exclude non-critical sections containing no data from the exported report
  • Move npm, tailwind, and vue installations to docker image build
  • Add sub-sectors to Assessment Details and JSON output
  • Update security solutions list to align with payload parser
  • Update KEV and MITRE lists
  • Add formatting to numbers exceeding three digits within exported artifacts
  • Add MITRE technique metadata to JSON output
  • Update vulnerable dependencies
  • Add initial API endpoints for automatic finding ingestion
  • Ability to upload affected systems list on findings screen instead of manually entering
  • Added invisible keyword tags to findings to improve search function
  • Added category filtering capabilities to findings to facilitate easier navigation of findings repository
  • Added status to findings to help track which findings need additional work (Draft, Needs Review, Complete)
  • More error verbosity and handling on the Assessment Details screen
  • Mitigated risk score for each finding is measured based on the percentage of affected systems marked as "Not Mitigated"
  • Artifacts now label findings as "Partially Mitigated" if a subset of affected systems are marked as "Mitigated"
  • Each unique affected system is assigned a randomized 20-character UID that is listed in the JSON to facilitate anonymized tracking
  • Add last_validated field to JSON (N/A for RVA and RPT, date value for FAST)
  • Enable Internal Narratives screen for RPT
  • Enable Phishing Campaign screen for RPT
  • Attribute findings to the user who created them on Dashboard and Finding Details
  • Add 'Mitigated Findings' appendix for FAST reports
  • Add --no-password and --cron flags to ptp.py backup function for easier automated backups via cron
  • Add start function to ptp.py to easily start exited containers

Fixes

  • RV has been replaced with VMA in JSON filenames
  • Recommended tool and technique counts have been fixed so that overlapping items across narrative blocks are only counted once
  • Fix ptp.py restore function to prevent database conflicts
  • Change "RV" to "VMA" for id field in assessment JSON
  • Revert to previous findings ordering scheme in exported reports
  • Fix images in detailed findings section for exported reports
  • Miscellaneous fixes to the ptp.py backup function
  • Move bottom TLP label (on the cover page of reports) to the next line to avoid an unintended linebreak
  • Replace 'vulnerability' email alias with the corresponding regional email alias based on the 'State' value
  • Replace instances of filler words 'in the event that' / 'in order to' with 'if' / 'to'
  • Allow report generation even when scope metrics are missing
  • Include risk scores in RPT JSON output
  • Justify text alignment throughout report
  • Remove references to ‘Assessments team’ from report
  • Change vulnerability_info email alias to vulnerability
  • Resolve line break issues in captions
  • Prevent inadvertent duplicate findings (e.g., if the save button is selected multiple times)
Assets 2
Loading