faradaysecBy faradaysec|September 15, 2022|3 Minutes

v4.1 Released

We have some great news: the release of v4.1

Since our last version came out, we have dedicated to redesign our vulnerability panel for enhanced visualization. Now, you can tag vulnerabilities when importing them and identify them easily and fast. Plus, we added a specific risk score for every vuln that can be seen in the CVSS risk information.

Some of the highlights are:

– New ways of importing vulns: informational vulnerabilities can be ignored when importing and choosing solve hostname or not.

– Scope field: whether editing or creating a workspace, now scope is an option that can be added.

– Creation of a web vulnerability: all the fields related to the web vuln creation or editing of the same query/string/website/path/method/request/response etc. can be added.

– The vulnerability panel got bigger for better visualization.

– A specific tag can be added when importing vulns for better identification.

– In the CVSS risk field, more information on the vulnerability is shown, such as CVE or CWE options and the specific risk score of the vuln.

4.1.0 [Sep 12th, 2022]:
 * [MOD] Now error 403 will respond to json, not to html.
 * [FIX] Change resolve_hostname for resolve_hostname in agents.
 * [ADD] Add filters as params for bulk_update.
 * [ADD] Add Swagger view.
 * [MOD] Modify way of filtering dates with `filters`. Now only 'YYYYMMDD' format supported.
 * [ADD] Add cvss v2 and v3 into model and api.
 * [ADD] Now if command_id is sent in a post for hosts, services or vulns, the created object is associated with that command_id if exist.
 * [ADD] Support for tagging when running an agent has been added.
 * [MOD] Clean up of commented code that's not needed anymore.
 * [FIX] Change dns_resolution to resolve_hostname.
 * [ADD] Add CWE into model and api.

Changes in Faraday Professional & Corporate
 * [ADD] Improve the speed of bulk create by adding multiprocessing.
 * [MOD] Abort with status_code 503 when try to send vulns with ticketing tools with a template that not exists.
 * [MOD] Asset owners now can tag vulns.
 * [FIX] Fix showing data of vulns with same parent in grouped executive reports. Also separate website and path on templates.

 Changes in Faraday Corporate:
 * [ADD] Add create_date to possible fields on conditions of workflow.
 * [ADD] Add tool and external_id to pipelines.