Release 0.9.0

September 30, 2024 

What's New?

MITRE ATT&CK Enhancements

Group By MITRE ATT&CK Tactic Name and Technique Name

In Release 0.8.0, we simplified the GroupBy results for MITRE Tactics and Techniques. In our latest release, we have enhanced the GroupBy results for MITRE Tactics and Techniques by introducing two new options. These options allow you to analyze all Tactic and Technique Names in Bar, Pie, and Table charts.

  • MITRE ATT&CK Tactic Name: Use this option to access information related to specific tactics within the MITRE ATT&CK framework. The primary purpose of displaying the MITRE ATT&CK Tactic Name is to offer a clear and structured view of how potential or active threats align with known adversary behaviors. This enables more informed decision-making in threat detection, response, and mitigation.
  • MITRE ATT&CK Technique Name: Use this option to understand specific techniques adversaries use in their attack strategies. 

The following screenshot shows the two widgets in a dashboard: 

New Options are Available for QID in CSV Format

The QID option in the CSV report format now offers additional fields related to the MITRE ATT&CK framework.

You can now include: 

MITRE Tactic Name The specific tactic name associated with the QID. 
MITRE Technique Name The specific technique name associated with the QID. 
MITRE Tactic ID The unique identifier for the MITRE tactic. 
MITRE Technique ID The unique identifier for the MITRE technique.

New CISA Date Fields 

We have introduced new CISA date fields to enhance vulnerability tracking. These fields align with CISA's Known Exploited Vulnerabilities (KEV) catalog and help users prioritize remediation based on active threat intelligence.

  • CISA Added DateThe date when the vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
  • CISA Due DateThe recommended deadline for remediation, as specified by CISA to reduce exposure to active exploitation.

Benefits of Adding CISA Date Fields

Adding this information is essential for several reasons:

  • Knowing the CISA dates helps teams address vulnerabilities promptly, reducing the exposure window to potential attacks.
  • CISA date fields offer documented evidence of when vulnerabilities were disclosed and resolved, aiding organizations in meeting compliance obligations.
  • Date fields provide a clear audit trail for security teams and auditors, displaying the timeline of actions taken to mitigate risks.
  • With CISA date fields, organizations can conduct more precise risk assessments by understanding the timelines and contexts of vulnerabilities, aiding in the assessment of threats' urgency and impact.
  • Many organizations align their cybersecurity practices with industry standards, such as CISA. Adding date fields aligns with best practices for tracking and managing vulnerabilities.

View CISA Dates 

To view the CISA dates, use this token in the search bar

vulnerabilities.riskFactor.cisaKnownExploits:TRUE

Click a QID, and go to the QDS Details page or CVE Details page.

Hover over the tooltip next to the date to view the Added Date.

This field will be empty if no CISA vulnerabilities are detected.

Improved Asset Tags Selection Functionality 

Previously, in the Prioritization and MITRE ATT&CK Matrix tabs, users could view all tags, even those not assigned to them. The ones not assigned to them appeared locked, indicating that users could not select those tags.

We have enhanced this functionality by simplifying the user interface, enabling users to see only the tags that are assigned to them.

Upon upgrading to the latest release, locked tags will no longer be visible, making your interface less cluttered and more focused.

Query Settings: Default and Recommended

We have selected the following columns by default in the Columns to Display field to give you a comprehensive picture of your vulnerable assets:

Tags Name, Asset Count, TruRisk Score

We recommend using these defaults to gain holistic insights into your security posture.

New Alerting Tokens in the Responses Tab

Token Name Description
vulnerabilities.vulnerability.vendors.productName Use this token to filter or search for vulnerabilities associated with a specific product name from a specific vendor.
vulnerabilities.vulnerability.vendors.vendorName Use this token to filter or search for vulnerabilities associated with a specific vendor.

Issue Addressed

We have updated the VMDR Online Help with additional information on how the vulnerabilities.status token works. If you select the status as Fixed, the list only shows vulnerabilities fixed in the last 365 days.