[6.27.0.0] - 2025-11-15
Added
- Policy Generator RegML Agent for automated policy creation
- Questionnaire Visual Rule Builder for dynamic conditional logic
- Cost Savings analytics integrated into:
- RegML Evidence Mapper
- RegML Control Author
- RegML Explainer
- Dashboards with new cost savings visualizations
- Search and date filters added to Scorecard filters
- Deep linking support added to Tenant Form
- Status column added to Supply Chain List View
- Org field added to Components
- Programs enhanced with KPS and hierarchical support
- RegML Audit History Report with improved gauge interaction
- Introduced Vulnerability Module
- New table and list views for easier management
- Tenant-level configuration options including SLA support
- Assets Impacted field for improved traceability
- Disposition column and filters on the Vulnerability Status Board
- Issue and Bulk Action features for streamlined triage and updates
- Vulnerability Scorecard with enhanced analytics and visualization
- Enhanced prioritization of known exploited vulnerabilities (KEVs)
- Task Assignment bulk action and task count synchronization
- Corrected casing, mapping, and validation behaviors within vulnerability data
- Templating System
- Create/Edit form and catalog list view introduced for easy management
- Template utilities added for SSP and Components modules
- Parameters Builder importer added for template population
- Report Builder support for custom fields in list-type reports
Changed
- Questionnaire Assignment workflow and UX improved with modal enhancements and additional options
- Grid views display loading indicators during data retrieval
- Workbench optimized to reduce repeat API calls and unnecessary data loads
- Security Plan and Component Status Boards optimized for faster loading
- Risk and SSP Scorecards improved with performance tuning and loading indicators
- RBAC indexing and composite indexes optimized for faster role-based access control
- Authentication logging enhanced with security fingerprinting and SIEM-friendly context enrichers
- Login startup time improved through K8s health probe and startup seeding optimizations
- Control and Security Control modules optimized for faster performance and reduced bundle size
- eMASS exports moved to a background service for improved reliability
- Font and icon loading optimized to improve client performance
- UI consistency improved across forms, notifications, accordions, and ellipsis menus
- Risk Scorecard updated to show business metrics only when data changes
- Ellipsis menu interactions smoothed for improved responsiveness
- Context searching made slightly less restrictive to return more relevant information
- Model parameter tuning implemented to better align generated responses with retrieved context
Fixed
- Questionnaire Importer loads all sections instead of stopping after the first
- Inactive account deactivation logic corrected to enforce expiration settings
- Digital Signature Settings save correctly
- Reset Password functionality restored
- Issue Screening loads QA person correctly
- Task Auto-Close now updates UI as expected
- “My Controls” filter reinstated on Scorecard
- Control Bulk Editor rebuilt and functions correctly
- Creating child Vulnerabilities properly maps parent relationships
- Org Create API now returns record ID
- Labels and capitalization on Grid Views corrected
- File subsystem progress button removed to prevent premature closing
- Response compression fixed
- Non-async blocking calls removed from Authentication Controller
- Risks can now be associated with Security Plans
- Import Threat Model loads as expected
- Risk print report includes BIA information
- Visual and layout issues resolved across textboxes, accordions, and labels
[6.28.3.5] - 2025-11-11
Fixed
Fix AWS max evidence to collect option not being honored
CrowdStrike:
Fixed an issue that was causing failures
Fixed an issue causing inaccurate results
Fixed error handling of incident command
[6.28.3.0] - 2025-11-07
Fixed
- Fix AWS control status mapping to use 'In Remediation' instead of 'Not Implemented'
Added
- QRadar SIEM integration skeleton with CLI commands for syncing security events, findings, and assets from IBM QRadar. Includes test connection functionality to validate QRadar instance connectivity.
[6.28.2.0] - 2025-11-05
Added
- Vulnerabilities connector additions:
- Logic to only populate the latest version of CVSS scores
- CVE ID suffix to the Issue title
- Issue Due date calculations and overrideable defaults based on issue severity
Fixed
- Assets being deduped outside the provided SSP ID throughout various commands
- Pieces of evidence not being processed and uploaded during AWS Audit Manager
- Incorrect operation counts in Scanner Integration logging outputs
- AWS Fixes:
- Enhanced framework-aware status mapping for control implementations
- control implementation status updates on subsequent runs & improved logging
- control pass/fail determination for AWS Audit Manager compliance sync
[6.28.0.0] - 2025-10-29
Added
- Filter validation when translating asset filters to vulnerability filters in the Vulnerability connector
- Multiple AWS integrations: CloudTrail, CloudWatch, GuardDuty, IAM, KMS, S3, SSM, Config Compliance and sync_compliance
Changed
- Improved performance in scanner integration during issue lookup indexing
Fixed
- Scanner integration KeyError for NotAssigned severity in due_date_handler (added default 364-day timeline)