March 28th, 2024 ⫘
- Fixed a cosmetic issue with dashboards and graphs
- Fixed an issue with Fortinet FortiClient reporting incorrect out-of-date software
- Fixed an issue with displaying Saved Search results
- Fixed an issue with deleting Edge Services belonging to a disabled team
- Added a concurrency limit option to throttle Edge Service scans
March 14th, 2024 ⫘
- Updated vulnerability detections related to Fedora End of Life
- Updated vulnerability detections related to Cisco IOS End of Life
- Continuous updates to improve scan completion reliability
- Fixed an issue where Saved Searches were returning an error upon creation
February 16th, 2024 ⫘
- Added ability to perform partial CVE name searches
- Fixed an issue where DHE vulnerabilities were not being detected correctly
January 19th, 2024 ⫘
- Released the ability to automatically supress a majority of security alerts that VDR scanning can cause in XDR
- Fixed an issue where scans terminated when using hyphenated port exclusions
- Improved vulnerability grouping with PHP vulnerabilities
- Added ability to do relative date searches. This can be accessed via the advanced search dropdown
December 7th, 2023 ⫘
- Fixed multiple issues with scan reliability
- Decreased load time for Panopticon instances
- Upgraded NGINX detection capabilities
- Fixed multiple, small UI issues
- Updated grouping strategy for Microsoft SQL Server detections
October 26th, 2023 ⫘
- Fixed an issue where some vulnerability exports were not completing
- Fixed an issue with NGINX out-of-date software not being correctly identified
- Fixed an issue where remediated vulnerabilities were appearing as still live under the Assets tab
- Fixed multiple vulnerability grouping issues
October 12th, 2023 ⫘
- Completed migration of VDR infrastructure to Taegis infrastructure
- Continued refinement of additional Microsoft-specific detection feed
- Fixed multiple, small VDR UI bugs
August 31st, 2023 ⫘
- Migrated VDR Support and VDR Support Chat from Hubspot to Zendesk
- Mitigated an issue with blank report generation
- Fixed an issue where the Servers page was not displaying OS version
- Fixed an issue where vulnerabilities were sometimes automatically being added to a new remediation plan
July 26th, 2023 ⫘
- Incorporation of additional vulnerability detection feed to improve VDR's Microsoft-specific detection capabilities
- Improved platform reliability
June 22nd, 2023 ⫘
- Corrected a permissions issue relating to the creation of remediation plans
- Fixed multiple, small VDR UI bugs
June 8th, 2023 ⫘
- Released Saved Search feature that allows you to save, view, and schedule reports on vulnerabilities or assets using VDR's search functionality. For more information, see Saved Searches
- Please redeploy your VDR Edge Services with the latest version due to EOL for Ubuntu 18.04. For more information, see Edge Service Ubuntu Update
- Updated VDR's documentation structure and added additional articles
May 11th, 2023 ⫘
- Please redeploy your VDR Edge Services with the latest version due to EOL for Ubuntu 18.04. Information can be found at Edge Service Ubuntu Update
- Fixed an issue with port discovery
- Fixed an UI issue present when trying to build Scan Rules
- Fixed an issue where Vulnerability reference links were not working
- Improved multiple vulnerability detections
April 13th, 2023 ⫘
- Fixed an issue where authentication would show success even though no credentials were applied
- Fixed an issue where updated scan rules were not displaying under the asset details
- Fixed an issue with VDR Scanning to allow scans to complete successfully
- Fixed an issue where vulnerability reference URLs were not parsed correctly
- Fixed an issue where Emergency Stop was not visible in dark mode
March 30th, 2023 ⫘
- Incorporated CVSS3 scoring for vulnerabilities that do not have CVSS2 scores due to the deprecation of CVSS2. You can expect to see some prioritization and health score impacts in your environments
- Due to the continuous addition of prioritization factors in VDR’s Contextual Prioritization Engine additional weighting for those factors in the external factors category have been introduced. You can expect to see some prioritization and health score impacts in your environments
- Fixed an issue with scans not completing due to infrastructure scaling
March 16th, 2023 ⫘
- Completed migration of VDR’s scanning infrastructure. Scans now originate from
216.9.204.0/22
.74.217.31.64/26
can be removed from network safelists as this is no longer used by VDR - Fixed an issue where users could inadvertently delete a server that hosts a web application that is being manually deleted
- Addressed scanning related issues that caused a degradation in scanning performance on 3/14/2023
- Fixed an issue where servers with no open ports were inadvertently being given a failed scan status
- Fixed an issue where scans would terminate unnecessarily on Linux hosts when SMB credential tag was applied
- Fixed an issue where manually added assets wouldn’t validate
February 16th, 2023 ⫘
- Added Apply Gentle Scanning scan rule. Gentle scanning lowers the intensity of the scan by allowing more gracious timeouts, reducing concurrency, and cutting out expensive detections entirely. It can help with completing scans on low-powered assets; however, it does reduce the detection quality and can increase the overall duration
- Added Disable Default Password and Common Credential Checks scan rule. This disables VDR’s password and credential detections that can result in account lockouts
- Continued migration and scaling of VDR’s scanning infrastructure has been done. Please ensure both
74.217.31.64/26
and216.9.204.0/22
are safelisted in your environment
February 2nd, 2023 ⫘
- Added Assume static IP Address scan rule. This disables reallocation of assets in VDR based on fingerprinting and the IP is taken as the asset identity. This can be useful in environments where DNS is unreliable or when multiple assets expose the same fingerprints (SSL certificate, SSH identities, etc.) in order to avoid potential asset duplication
- Disabled the old Panopticon URL. The current url is https://panopticon.c.vdr.taegiscloud.com/
- Multiple UI bug fixes
January 19th, 2023 ⫘
- New Feature! Added the ability for users to exclude specified ports on chosen assets during VDR's scanning process. This can be accessed via Settings→Scan Rules. For more information, see Scan Rules in the VDR documentation
- Fixed an issue where Microsoft PowerShell remote code execution vulnerability was flagging incorrectly on PowerShell 7.2.8.0
- Fixed an issue where VDR could report false positives for Google Chrome and Microsoft Edge
- Added the ability to subscribe to the RSS feed for VDR release notes; access this from the top right of this page
January 5th, 2023 ⫘
- Added new VDR CPS Prioritization factors:
- The patent pending ACP (Attack Class Predictor) factors use Secureworks CTU data together with known vulnerabilities, known exploits, and known malware as historical data to predict future attacks based on a vulnerability and what type of attacks could target it
- A factor based on the CISA known exploited vulnerabilities catalog, to provide additional context about whether vulnerabilities with exploit code available have been known to be exploited
December 8th, 2022 ⫘
- Fixed an issue where discovery could find and label multiple assets with the exact same fingerprints
- Fixed an issue where some vulnerabilities for Windows Server 2019 were not populating in the VDR UI
- Enriched and expanded the information presented when attempting to execute bulk actions within the VDR UI for creating and editing remediation plans
- Created a module in the UI under the Vulnerabilities tab for signing up for VDR research to improve our presentation of vulnerabilities. If interested, please navigate to the Vulnerabilities tab and sign up. Thank you!
November 17th, 2022 ⫘
- Added the ability for users to delete Teams from the VDR user interface
- Enriched and expanded the information presented when attempting to execute bulk actions within the VDR user interface
- New password validation for VDR requires at least 16 characters (alpha-numeric-special). Existing passwords are not impacted
- Fixed an issue with the Qualys connector for invalid token setup
- Fixed an issue with a false positive on X11 servers
- Released a new and updated user interface for VDR Panopticon, which is VDR’s organization management platform
October 20th, 2022 ⫘
- Fixed an issue where Chrome was not being detected based on certain installation scenarios
- Fixed an issue where search parameters were being overwritten on subsequent queries
- Ad-hoc scan requests now honor the asset retry policy
- Updated swagger documentation to include sorting values for API queries
October 6th, 2022 ⫘
- Deleting connectors within connector settings is now supported
- Ongoing improvements to the lighter scanning strategies
- Fixed an issue where PCI Report compliance status was showing pass despite having failed vulnerabilities within the report
- Fixed an issue where some tags were cut off when viewing schedules
- Fixed an issue with positioning of CVSS and CPS score values
- Fixed an issue affecting alignment of text in relation to the Vulnerability Prioritization charts on the dashboard and within vulnerabilities
- Fixed an issue with a false positive Apache Range Header DoS detection
September 14th, 2022 ⫘
- Fixed an issue where assets with failed scans or scan interference detected during a PCI scan were missing from the PCI Report
- Fixed an issue where report completed notifications were sent even though the export was still in progress
- Fixed an issue where newly identified assets did not have the new/Nouveau label
- Fixed an issue where hard refreshing in the browser caused the VDR UI to freeze
- Fixed an issue where PDF exports would error when a team filter was selected
- Ongoing improvements to the lighter scanning strategies
- Fixed an issue with false positive cisco-ios detection
September 1st, 2022 ⫘
- New PCI Scanning functionality: VDR can now be used as part of an ASV solution. See PCI Scanning Documentation for more information.
- Improved the lighter scanning strategies for certain assets
- Added new specific detections for VMWare, Oracle, OWA, CKEditor, DNS & NTP
- Fixed an issue where certain user roles did not allow edition of IP ranges
- Fixed an issue where tags were not being applied when importing assets via CSV
- Ongoing changes to improve the VDR login process, normal use should not be impacted
August 18th, 2022 ⫘
- Fixed an issue where CPS scoring was not being generated for a specific VDR instance
- Removed a misleading message in the UI referring to normal scanning processes for Edge Services
- Multiple bug fixes for the new VDR UI
August 4th, 2022 ⫘
- Increased the timeout length for scans on assets with a large amount of open ports
- Multiple bug fixes for the new VDR UI
- Fixed an issue with false positive NGINX detection
July 21st, 2022 ⫘
- Streamlined the vulnerability prioritization process for VDR's Contextual Prioritization Score. This should result in a dramatic decrease in the time it takes for prioritized vulnerabilities to update in the UI
- Multiple bug fixes for the new VDR UI
- Fixed an issue where remedation plans would take a long time to update
- Fixed multiple issues where the "Select All" box was not working as intended
- Fixed an issue to reduce the occurance of certain types of errors presented in the UI
- Fixed an issue with the bulk deletion of items that have duplicate entries across Edge Services
July 7th, 2022 ⫘
- Multiple bug fixes for the new VDR UI
- Fixed an issue where vulnerabilities would inadvertently populate a remediation plan
- Fixed an issue where some website scans would time out
- Fixed an issue with VDR incorrectly detecting CBC Ciphers
- Added the ability to search for vulnerabilities that are included or not included in a remedation plan. Use
has:plan
to search for vulnerabilites assigned to a plan and-has:plan
for those not assigned to a remediation plan
June 23rd, 2022 ⫘
- Multiple bug fixes for the new VDR UI
- Added time picker to Activity Logs filter
- Added additional Cisco CVEs
- Added additional JIRA CVEs
- Fixed an issue to reduce the amount of VDR errors presented to users
- Added a detection for Open Source Point of Sale Default Credentials Vulnerability
- Added a detection for Windows FTP Server Denial of Service Vulnerability
- Added a detection for Apache Tomcat Insecure Temporary File Handling Vulnerability
June 9th, 2022 ⫘
- Multiple bug fixes for the new VDR UI
- Fixed an issue where VDR wouldn’t generate and populate the vulnerability name included in scan results
- Improved VDR’s capabilities to identify and avoid the creation of duplicate assets during discovery
- Added additional vulnerability description and context for certain VDR detections
- Added detection coverage for Confluence Atlassian vulnerability CVE-2022-26134
May 12th, 2022 ⫘
- New Azure/O365 authentication available for VDR MSSP partners
- Multiple bug fixes for the new VDR UI
- Addressed 3rd party data import issues with grouping and “unknown vulnerability” identification
- Addressed an issue where the Dashboard CPS graph was not showing the correct count of severities
- Addressed an issue where the export would not finish for certain assets without OS information
- Fixed an issue with a MS13-006 and MS12-020 detections
- Improved open FTP detection
- Improved certain Apache vulnerabilities description and remedy information
- Improved certain TLS detections reliability
- Improved blind and non-blind crawling resiliency
- Improved NTLM Authentication detections
- Improved certain Struts vulnerability detections reliability
- Added certain non-CVE-listed Wordpress vulnerabilities
- Added a detection for Telnetd CVE-2020-10188
April 28th, 2022 ⫘
- Multiple bug fixes for the new VDR UI. The old UI is now officially deprecated
- Improve report generation reliability for certain long running exports
- Improved autodiscovery reliability for certain cases where it would fail preemptively
- Added internal throttling mechanism for certain vulnerability scan steps
- Added detections for specific software versions (PHP, Oracle, Telerik) in addition to regular detection updates
April 14th, 2022 ⫘
- Multiple bug fixes for the new VDR UI. Continued for this release, the new UI is the default UI experience. You can access the legacy UI by using the toggle on the top right of VDR
- Fixed an SSH Server Public Key detection
- Added “OS Family”, “OS Name”, and “OS Type” to Vulnerability CSV export
- Updated detection for Windows Server 2016 and 2019 to display the correct CVEs
- Fixed an issue where vulnerability rankings were listed as 100 and 200 instead of 1,2,3...
- Added to default password list for default credential detections
- Fixed a detection for SSL certificate name mismatch
- Added additional detections for Struts vulnerabilities
- Added a detection for CONNECT Method
- Added detections for mail services with plain text authentication
- Added detections for Windows TCP/IP Remote Code Execution vulnerabilities
- Addition of CVEs for Oracle Database Server Vulnerability
- Addition of CVEs for vulnerability in Windows that could allow security feature bypass
March 31st, 2022 ⫘
- Multiple bug fixes for the new VDR UI. Continued for this release, the new UI is the default UI experience. You can access the legacy UI by using the toggle on the top right of VDR
- From the Vulnerabilities tab, users can now directly add discovered vhosts to websites for scanning
- Fixed an issue with editing bulk ranges using the public API
- Fixed an issue where VDR would trigger printers to begin print jobs
March 17th, 2022 ⫘
- Multiple bug fixes for the new VDR UI. As of this release, the new UI is the default UI experience. You can access the legacy UI by using the toggle on the top right of VDR
- Fixed a detection for default/ blank password for FTP servers
- Added
vulnerability_identity
field to vulnerability CSV export. Note thatvulnerability_identity
is unique per asset but not necessarily globally unique - Added a detection for a Cisco NTP vulnerability
- Updated a detection for FreeBSD Obsolete/EOL software and added applicable CVEs for FreeBSD buffer overflow vulnerabilities
- Fixed a detection where VDR could fail to discover the correct OS on Windows Servers
- Updated a detection for Generic HTTP Injection vulnerabiltiies
- Fixed a detection for Winshell Backdoor
- Added a detections for session cookie detected, login form submission, and basic authentication over HTTP
- Added multiple CVEs to Outlook Web Access vulnerabilities
- Updated multiple openSSH CVEs for applicable vulnerabilities
- Addition of multiple VMware ESX CVEs
March 3rd, 2022 ⫘
- Multiple bug fixes for the new VDR UI. This new UI will continue to remain behind a toggle for this release
- Fixed an issue where duplicate CVEs could be presented for a single CVE entry
- Fixed an issue where TLS Triple Handshake Vulnerability was incorreclty being reported on Windows Server 2016 and 2019
February 16th, 2022 ⫘
- Multiple bug fixes for the new VDR UI. This new UI will continue to remain behind a toggle for this release
- Removed a duplicate PHP detection
- Fixed an issue where VDR could report a false positive on log4j vulnerabilities
- Fixed an issue where VDR could report a false positive for a Windows SMBv3 Client/ Server Remote Code Execution detection
- Fixed an issue where vulnerabilities from the sample third-party data connector weren't being prioritized
February 4th, 2022 ⫘
- Multiple bug fixes for the new VDR UI. This UI will continue to remain behind a toggle for this release
- Addition of multiple Atlassian Jira CVE detections
- Addition of Apache Tomcat DOS detection
- Addition of TLS Padding Oracle vulnerability detection
- Addition of NFS vulnerability detections
- Updated Invalid Certificate Chain detection
- Addition of CVEs to SSH Brute Force detection
- Updated SSH Server Key minimum size detection
- Addition of SSL Certificate FQDN mismatch detection
January 20th, 2022 ⫘
- We have released a new UI for VDR! This beta version can be reached via the toggle on the top right of VDR; users can toggle back and forth as needed
- Fixed an issue where users were unable to properly provision Edge Services
- Improved port handling across multiple detections
- Added detections for Atlassian Jira Servers
- Added detection for Apache Tomcat Denial of Service
- Updated CVEs for SSL Cipher-Suite Cipher Block Chaining Ciphers Status detection
- Updated CVEs for RPC Portmapper Service detection
- Updated CVEs for PHP detection
- Updated CVEs for Apache Server detections
- Added detection for Windows Server 2008 Beta EOL
December 15th, 2021 ⫘
log4j
vulnerability detections began continuous release on December 13th, 2021; new detections are released when available- Added detections for outdated Apache Struts software
- Included additional CVEs to HTTP Directory Transversal detection
- Included additional CVEs for Apache HTTP Server detections
- Improved multiple detection grouping for certain varying naming schemes
- Improved SSL key length issue detections
December 2nd, 2021 ⫘
- Fixed an issue where the Web Exploits filter in the vulnerabilities view did not show up
- Fixed an issue where VMWare hosts could be flagged incorrectly as FreeBSD
- Fixed an issue where scans could be marked as successful even when a portion of it failed
November 11th, 2021 ⫘
- Microsoft IIS 7.5 Detection— Fixed an issue where the Microsoft IIS 7.5 Software Outdated detection was flapping
- TLS Triple Handshake Vulnerability for CVE-2015-6112 Detection — Fixed an issue where CVE-2015-6112 was detecting on multiple operating systems. This detection is specific to Windows OS and the CVE was being incorrectly assigned. This has been fixed.
- Fixed an issue where scheduled scans for a large number of assets was getting stuck
- Fixed an issue where when selecting and scheduling multiple ad-hoc scans, the scans get properly scheduled only on a subset of the total selected scans
- Fixed an issue where when trying to cancel ad-hoc scans, the UI shows that the cancel request has completed but is not reflected in the console
- Fixed an issue where FreeBSD and Ubuntu EOL operating systems were not being correctly identified
- Fixed an issue where Cisco IOS EOL/Obsolete Operating System was not being correctly identified
October 29th, 2021 ⫘
- Added a new IP range from which the scan originates:
216.9.204.0/22
in conjunction with the existing IP range. For more information on IP ranges, see What IPs/Ranges are the Internet & Perimeter Scans Conducted from? - Added detections for additional POS software & their vulnerabilities
- Updated VDR Logo to new brand guidelines
- Updated email sending domain to new vdr.secureworks.com domain
- Improved unauthenticated scanning reliability on response timeouts
- Fixed an issue where Fixed In Verson was not included in the exported CSV report
- Fixed an issue to re-enable the Web Application Exploit Availability factor for CPS scoring
October 15th, 2021 ⫘
- Improved detection for default accounts on Apache Tomcat by ensuring the detection is running against the correct port
- Fixed issue with IP parsing for Apache Tomcat default accounts detection
- Fixed an issue where filtering in the Remediations tab was displaying mismatched values
- Added an invalid certificate duration date detection
- Improved vulnerability grouping for certain OpenSSH detections with mismatched versions format
September 30th, 2021 ⫘
- Added two new columns to CSV export representing the vulnerability group name
group_description
and differentiatorgroup_differentiator
- Fixed an issue with the Twitter component of the VDR External Context CPS Factor
- Improved reliability and coverage of detection for OracleDB Vulnerabilities
- Improved reliability and coverage of HTTP headers vulnerabilities
- Adjusted messaging for mislabeled outdated SSLv2 vulnerabilities
- Improved grouping of certain pfSense vulnerabilities without CVE numbers
September 9th, 2021 ⫘
- Added a mechanism for MSSPs to have the ability to review scanned assets within a predetermined timeframe
- Fixed an issue with using the API to export vulnerabilites into a CSV file
- Fixed an issue with asset discovery through AWS Connector
August 30th, 2021 ⫘
- Fixed an issue with AMI Edge Service not fetching the correct configuration URL
- Addition of pfSense Security Advisories to non-CVE based detections
- Fixed an issue where user modified severity was not being displayed correctly in remediation plans
- Fixed an issue with AWS Inspector import
August 26th, 2021 ⫘
- The status and notifications page has moved to status.vdr.secureworks.com
August 12th, 2021 ⫘
- Improved rendering of the "Edge Service" column in the CSV exports
- Improved detections for certain older Tomcat findings
- Improved detections for certain Webmin findings
- Improved rendering of certain CTU™ factors not being displayed correctly
- Fixed an issue that prevented HAR files to be displayed for certain blind-crawled files
- Fixed an issue where SMS OTP would not get sent correctly
- Fixed a long-standing issue that caused elements in focus to be lost when changing tabs
July 30th, 2021 ⫘
- Improved third-party connector reliability
- Improved reliability for certain additional detections recently released
- Improved rendering of lengthy vulnerability descriptions
- Improved rendering of CTU™ factors
July 16th, 2021 ⫘
- Fixed an issue with certain ES deletion not triggering
- New detection for critical CVE-2021-34527 (released in the continuous detection feed)
- Improved rendering of remediation graph
- Improved rendering of Github exploit links
- Improved the speed at which vulnerabilities are added to a remediation plan
July 1st, 2021 ⫘
- New Secureworks® CTU™ Threat Intelligence Prioritization factors
- Identified Malware / Threat Actors
- Threat Intel Mentions
- Advisories Mentions
- Threat Analysis Mentions
- iSensor® Rules Targets
- New unauthenticated detections added for over 20k CVEs
- Improved Website scan resiliency
- Fixed discrepancies in display of fixed vulnerabilities between plan & fixed view
June 17th, 2021 ⫘
- New fingerprinting and tracking documentation available
- New remediation plans documentation available
- Improved detections for Tomcat default credentials
- Improved resiliency of scans for severely underprovisioned assets
- Improved SAML domain handling across shared instances
June 3rd, 2021 ⫘
- Improved resilience of scan completion for scans with unusually large results
- Improved stability of remediation plan creation
- Improved detected services rendering in the UI
- VDR's Open Source asset fingerprinting library can now be installed through Pip
pip install dab==1.0.0
- Additional references for vulnerability detail that can be fetched through the API
May 20th, 2021 ⫘
- Fixed an issue with Edge Services port allocation & re-use
- Fixed an issue with Edge Service data corruption preventing them from being visible in the UI
- Fixed an issue with offline notification emails being sent for removed Edge Services
- Fixed an issue with tags creation through the public API
- Addressed multiple scan resiliency issues
- Improved resilience of authenticated scans connectivity time-outs
- Improved listing of vulnerability details, remedy & references to the CSV exports
- New authenticated scanning infrastructure for Windows-based machines
- Added a new distinctive MS KB data element to the CSV exports
May 6th, 2021 ⫘
- Fixed an issue preventing the display of the scoring graph in remediation plans
- Fixed an issue with scans display in the schedule view
- Fixed an issue with password strength meter not displaying correctly
- Improved authenticated Web scan reliability on certain login forms
- Improved Web scan retries reliability under heavy load
- Improved detections for SolarWinds vulnerabilities
- Added the NBT (Netbios) Hostnames in the CSV exports
- Addressed a few rebranding leftovers in the documentation
April 22nd, 2021 ⫘
- Improved prioritization performance for all ML-based models
- Improved scan reliability across repetitive scans
- Added OS categorization for the sample third-party data connector
- Fixed an issue preventing the removal of exclusions on discovery ranges
- Fixed an issue on the reporting of authentication failures
- Fixed an issue over scan targeting on fast-changing DHCP ranges
- Improved documentation on license management and scan period computation
- Addressed a few rebranding leftovers
April 1st, 2021 ⫘
- New APAC zones AWS AMI ES images
- Improved prioritization performance for initial analysis
- Improved IKE scan detection capabilities
- Improved license validation efficiency on very large networks
- Fixed AWS AMIs ES images connectivity issues
March 18th, 2021 ⫘
- New authenticated & remote detections for MS Exchange out-of-band vulnerabilities (delivered before the release).
- New API endpoint to bulk-modify assets (Team, Edge Service, Description, etc.)
- Improved final score reporting through API vulnerability-group endpoints
- Improved third-party data autodiscovery efficiency over limited APIs
- Improved third-party data vulnerability grouping
- Improved large asset bulk action efficiency
- New application URLs to access VDR available at *.vdr.secureworks.com
March 4th, 2021 ⫘
- Improved third party data ingestion error messages on scan failures due to API limits
- Improved third party data asset tracking on aggressive DHCP networks
- Improved prioritization scoring processing times over significantly large vulnerability datasets
- Addressed issues with sample/demo connector data reliability
- Improved Web scans reliability
- Addressed a few rebranding leftovers
February 18th, 2021 ⫘
- New SolarWinds vulnerability detections
- Improved third party data ingestion reliability
- Improved hostname matching for asset fingerprinting
- Improved documentations on third party data connectors, JWT generation & usage, ServiceNow ITSM integration
- Addressed a few rebranding leftovers
February 4th, 2021 ⫘
- New ServiceNow ITSM integration (Early Adopters) for remediation plans
- New third party data migration tool for certain data sources
- New support for third party ingestion of Web assets & vulnerabilities
- New Scan ID copy function within scan logs
- Improved vulnerability grouping on third-party data
- Fixed Web scans blind crawling issue causing premature scan termination
- Fixed invalid exploit links presented in the interface
- Fixed some duplicate assets not being adequately identified
January 21st, 2021 ⫘
- New support for RHEL8 vulnerabilities in authenticated scans
- Improved support for very large third party vulnerability datasets (Millions of vulnerabilities) on limited APIs
- Improved display for last used credentials for third party data connectors
- Improved SSH key handling for certain authenticated scans
- Improved speed & detail display for sample data connector
- Fixed French translation labels
- Fixed connector credential caching issues
December 3rd, 2020 ⫘
- New initial release of an integrated vulnerability & asset data migration tool
- New detections added for older CVEs being newly exploited
- Updated Vane architecture for more release agility
- Improved asset fingerprinting data display
November 19th, 2020 ⫘
- Improved API vulnerability identifiers with more trackability
- Improved logging output for certain authenticated scans with conflicting results
- Addressed issues with empty elements returned in the API
- Improved OVAL parsing for certain compressed formats
November 5th, 2020 ⫘
- New tag existence search grammar keyword
- Improved existing data ingestion connectors
- Improved the scoping of remediation plans per team
- Improved display of machine identifiable elements in the interface
- Additional API parameters to auto-launch scans on asset creation
October 9th, 2020 ⫘
- New vulnerability variation graph severity breakdown & detail
- Improved PDF reporting for single assets, scoring & hostname data
- New SSO function for RC TDR
- Product rebranding
September 16th, 2020 ⫘
- New auto-cleanup function for unreachable assets
- New Remediation Plan filtering mechanism
- Improved timeline tracking for Remediation Plans
- Improved API Client ID removal mechanism
- New API parameters for ranges scan frequency configuration
September 2nd, 2020 ⫘
- Improved fixed vulnerability tracking within Remediation Plan context
- Enhanced custom data connector capabilities
- New Webhooks-based reporting API calls available
August 19th, 2020 ⫘
- New CVSS/CPS-based search function for specific assets
- Improved scoring reporting in CSV exports
- Improved Remediation Plan historical tracking
- New custom data connector available
August 5th, 2020 ⫘
- New API Endpoints for bulk scan actions
- New self-training tours
- Improved Remediation Plan asset listing
- New fingerprint data search function
July 21st, 2020 ⫘
- Full markdown notes can be added to Remediation Plans
- AWS Inspector Connector available to the Prioritization Engine
July 8th, 2020 ⫘
- Exploit Publication Prediction Score and Vulnerability Trend Score
- Specify deadlines for Remediation plans
June 25th, 2020 ⫘
- Prioritization graph in the Remediation section
- Dashboard metrics are now available in the public API
June 10th, 2020 ⫘
- New Connector for the importation of third-party data
- Added a search field when adding users to a team
- Display of prediction probability for factors
May 27th, 2020 ⫘
- Search filters in software/port lists
- Clearer factors display
- Tours for new users
April 29th, 2020 ⫘
- Removal of team selection in the UI for teams with only a single team
- Exposed port and binary path information shown in the software panel
- Sorting of vulnerabilities within a group
- New parameter for PowerBI compatibility
April 15th, 2020 ⫘
- Listing of fingerprints used for asset identification
- New status page and notifications available at https://status.vdr.secureworks.com/
- Translation of API messages
- Font size adjustment on the dashboard
April 1st, 2020 ⫘
- French version of the interface (excluding reports and vulnerability details)
- Improved exploit URL display
- Additional grammar rules to filter vulnerabilities by discovery and last seen date
- Addition of Edge Service management in the Public API
March 18th, 2020 ⫘
- New link to view vulnerability details in the Vulnerabilities tab rather than in a side-panel
- List of vulnerabilities found in past reports are available with a drop-down from the asset listing page
- Custom date picker added to filter dashboards over a specific timeframe
February 19th, 2020 ⫘
- Addition of the prioritization graph on the VDR AI dashboard and the vulnerability listing; Per-vulnerability, predicted remediation time and exploit URLs also presented in the applicable sections
- The vulnerability listing now includes the same asset information as the asset listings, including tags, edge service, access to HAR, etc.
- The vulnerability listing also presents the open ports and an indicator when a note is set on the vulnerability
- Remediation management now enabled for all customers
- Password creation now has a password strength meter
- Twitter data feeds are now being polled to get trends and provide additional external context to prioritization
February 4th, 2020 ⫘
- Addition of the interactive prioritization graph in the asset listings
- Fixed an issue with the empty filter
- Additional improvements to discovery with improved conflict resolution when mapping discoveries to the current model
- 15-minute edge interface now validates the DNS servers to make sure they respond
- Added an exploit publication prediction factor to the prioritization