The following describes the new features and improvements introduced in RiskVision version 9.6 released on July 28, 2021.
Threat Object Enhancements
Threat objects in the Threat & Vulnerability Manager have been updated with the following new tabs:
- Technologies (including the ability to attach technologies to threats)
- Exploits
- Related Links
- Related Threats
In addition, entity objects will now have a Threats tab and the ability to be attached to threats.
SQL Dropdown List
Users can now add custom dropdown lists that are populated by SQL queries. These can be added to any object after they are enabled.
Stage Names in Sorted Order
The workflow stage names in the ticket tree have now been sorted in alphabetical order. This will make it easier for users to locate a ticket in a specific workflow stage.
Upload Connector Data for Tickets
The Upload Connector Data button is now accessible on the Tickets grid. This will provide users with another option to upload connector data to RiskVision.
Workflow Stage Legend
All Workflows will now have a legend to make it easier for users to know which workflow stage they are in, which stages they have visited, and which stages they have yet to visit.
Jasper Drilldown to My Tickets by Specific Stage
Clicking on a specific ticket folder's hyperlink in a Jasper report will redirect you to the appropriate folder in the My Tickets page in RiskVision.
Connectors Use User Tenant Space
All connectors will now make use of User Tenant Space rather than System Tenant Space in order to fix an issue in which CPE data was correlated with vulnerabilities. While front-end users will not notice any significant changes to how they use RiskVision, they may see duplicate CPEs as a result of this change. This can be fixed by running the migrate_NVD_tenant.cmd tool.
New Tickets Grid Custom Attributes
Users will now have the option to add the following columns to the Tickets Grid:
External ID
External System
Planned Start Date
Planned End Date
Start Date
End Date
Custom Attributes
String1 … String25
Boolean1 …. Boolean5
Long1 … Long3
Float1 … Float2
Date1 .... Date 3
Custom Attributes in Ticket Navigation Tree
Custom attributes can now be set as folders in the navigation tree for the Tickets Grid.
Navigation from JasperReports to Custom Attribute in Ticket Navigation Tree
Users can enable the function to get to a custom attribute folder in RiskVision by clicking on the corresponding custom string value in JasperReports.
CPE Version 2.3
RiskVision is now compatible with version 2.3 of CPE which will allow it to properly display CPE URIs in a 2.3 format.
Wildcard CPE-Vulnerability Matching
Riskvision now has a cpe.uri.regexp.criteria property to assist with matching the CPE to vulnerabilities.
Show Technologies with Deployed Entities Only
When searching for a technology to add to a vulnerability, threat, or entity, there is now an option to only include technologies with deployed entities in the search results.
Configurable Hyperlinks
Administrators can now add static weblinks when configuring RiskVision's layout by selecting the Hyperlink message type and enclosing the URL in two # symbols on either side.
New Jasper Encryption Properties
New encryption properties exist which enable users to use Jasper drilldown reports regardless of whether encryption has been enabled on the Jasper side or not.
Flash Player End of Life
As of December 31, 2020, Adobe has stopped supporting Flash content and will no longer issue any updates or security patches to the Flash Player. It is strongly recommended that all users immediately uninstall Flash Player to help protect their systems. Please refer to the Adobe Flash Player EOL General Information Page for additional information
How it will affect RiskVision customers:
As Adobe Flash Player is no longer supported by browsers, any native, R6, or RiskVision reports (E.g., any non-Jasper based reports) that utilize Flash plugins will no longer render any Flash components. To continue using such reports, it is recommended to convert these R6 report(s) to a Jasper-based report. Contact Resolver Support for further assistance.
Compliance & Risk Score Calculation Improvements
The formulae used to calculate the Compliance and Risk Scores have been adjusted so that they now take into account the weight of controls and subcontrols to provide users with a more accurate result. The new formulae are specified in the Control Results grid.