# Release Notes

# April 8, 2025 | Version 1.1.10

# Enhancements

# Platform

• Fast filter tag support: Fast filters for Assets and for EASM's Ports now includes Tags as a fast filter option.

• Page loading with large data: Platform pages with large data sets, such as the Findings page with the All Findings tab as default display, or the Assent Inventory page with the All Assets tab default display, have been optimized to load more quickly.

• Notification date: All NetSPI Platform notification copyright lines have been updated with the year 2025.

• Button display for unauthorized pages: The button displayed on forbidden or invalid platform pages has been updated and displays as "Go to Landing Page" instead of "Go to Home" and brings your default landing page into focus.

# PTaaS

• Findings table Internal Notes: The Findings table now includes an Internal Notes column that displays notes you have entered in the optional Internal Notes field on the Finding Details page's Overview tab.

# Bug Fixes

# BAS

• Workspace Files and Tags tabs: The Files tab that displays on the Workspace page when you select a procedure, has updated text and font to be consistent with platform styling. The Files tab image, in the Workspace section of the NetSPI Platform help pages, has been updated to match the new text and appearance. Additionally, the Tags tab display has been updated to have consistent spacing between tag group categories.

• Uploaded files: On the Workspace page, the Files tab correctly displays uploaded file names upon upload.

• Procedure highlighting: On the Workspace page, when you select a procedure in the procedures group table, it displays as highlighted to provide visual context for the procedure details group displayed to the right.

• Run page settings: The Settings tab, that displays to the right of a selected procedure on the Run page, has updated spacing and font type to be consistent with the the NetSPI Platform style.

• Microsoft Sentinel alerts: If you have Microsoft Sentinel without Microsoft Defender, the BAS module now pulls alerts from the legacy alerts Graph API, as the v2 alerts Graph API is unavailable.

# Platform

• Global search: The global search feature had the following fixes:

  • Selecting the View All link to to view in the global search dialog box now correctly displays all findings and assets in the All Findings and All Assets tab on the Findings and Asset Inventory pages.
  • An intermittent query issue has been corrected and search results are retrieved and display correctly
  • The Most Relevant section of the results displays the correct, most relevant results at the top level
    
    

• Table pagination: Table pagination has been updated to clearly show incremental page numbers once you click through the original page numbers displayed, e.g., pages 1 through 7 display as selectable pages and once you select page six, then page 8 displays, and when you select page 7 then page 9, displays, etc.

  

• Module name display: The module names now appear in a consistent order in the top menu options (Findings and Assets) and the left navigation: PTaaS, EASM, CAASM, and BAS.

• Company asset display: The Company asset table display, accessed from the top menu Assets -> All Assets tab no longer flickers when you initially select Company in the left navigation and it displays the correct data.

• CVE sorting: The CVE column, on the All Assets tab of the Asset Inventory page, sorts correctly.

• Asset search: Searching any asset type occurs correctly and without error after selecting new columns for display in the assets table on the All Assets tab of the Asset Inventory page.

• Cloud resource correction: The IP Address column has the correct capitalization when selected and added to the Assets table.

• Cloud Resource names: When a cloud resource asset doesn't have a name, its Resource Identifier now displays in the Name field.

• Favorites: The Favorite's dialog box no longer displays the text (Optional) next to the New Favorite field as the field is required.

# PTaaS

• Tag removal: The Bulk Action to Remove Tag(s) option in the Engagements table only displays if tags are present.

# April 1, 2025 | Version 1.1.9.6

# Bug Fixes

# BAS

• BAS Client Admin role: The BAS Credentials and BAS Integrations cards now display correctly on the Settings page for NetSPI Platform users who have the BAS Client Admin role permissions.

# March 27, 2025 | Version 1.1.9.3

# Bug Fixes

# BAS

• Integration Wizard: The Integration Wizard had the following bug fixes for fields when in Edit mode:

  • Existing Data Sources and Data Component values display correctly
  • After selecting a Data Sources value from the drop-down list, the Data Component drop-down list values display as intended
  • Selecting the Visibility checkboxes (L, D, A, R, P) on one row work as intended and changes are contained to that row only
  • Data Sources values correctly carry over to the Review page after selecting the Review button
  • The Security Vendor field correctly defaults to the integrated product name and displays as intended

# March 26, 2025 | Version 1.1.9

# Enhancements

# BAS

• Operation Activity Log: A new Activity Log page is available that displays operation history for any selected procedure. The NetSPI Platform help pages have been updated to include information about using the new log.

• BAS Integrations and Credentials: BAS integrations and credentials management have moved to the Settings menu (gear icon in the upper right) under the BAS Settings card to be more consistent with platform-wide configuration tasks. Only Client Admins can access and manage these settings. The NetSPI Platform help pages have been updated to reflect this change.

• BAS tags: Both Client Admin and Client roles are now able to correctly filter BAS tables by tags.

# Platform

• Customizable home page: You now have the option to customize your default landing page that displays when you log into the NetSPI Platform. You can set your default landing page by going to My Profile and selecting an option from the Landing Page drop-down list in the new Customization section. You can view the Help pages for this new feature here.

• SLA Management: The SLA Management page has been moved out of the PTaaS Settings to be its own standalone page within the Settings page.

• Finding details slide-out panel: The following updates have been made to the Finding details slide-out panel (summary detail view) that displays when you select any row in the Findings table:

  • The Affected Asset value displays as a link that links to the Asset details page for the asset, and, if a port number is included, the port number displays in parentheses and links to the port's details.
  • The Attack Parameter field now displays on the Overview tab.
  • Any associated CVEs for the finding display linked CVE cards display the CVEs tab for the full-page Finding details, filtered for that selected CVE.
  • On the Details tab, any empty fields are now hidden, but selecting "Show Empty Properties" will display those field name titles when they have no values.

# PTaaS

• Copy link for engagement name and ID: A copy link displays next to all engagement names that, when selected, copies the engagement name and ID to your clipboard so that it can be pasted elsewhere.

  

• Client Assigned Severity: The Client Assigned Severity field for findings associated with a completed engagement can now be edited after an engagement's completion date. See the Finding states set by NetSPI Platform users section to revisit available finding states available to platform users.

# Bug Fixes

# BAS

• Timeline page: The Percentages button, on the Timeline page, now has correct font and styling in the drop-down list that displays.

• Playbooks table: The Playbooks table was updated to be consistent with tables across the BAS module pages, and includes page, filter, sort, and search functionality.

• All Operations page styling: The All Operations page correctly displays the stats (number of procedures tested, date of last activity, and interactive level) below the procedure percentages in a centered format instead of fully justified when in dashboard view.

# Platform

• Login after migration: An error that sometimes occurred upon first login for inactive users migrated from Resolve to the NetSPI Platform has been fixed and no longer occurs.

• ATTACK SIM ID: The ATTACK SIM ID field now correctly displays on the Overview tab when viewing Finding details.

• Global search: The Global Search results now correctly return asset names for host assets.

• Set Allowed Login IPs settings page: Several styling updates were made for consistency:

  • The delete and edit icons for configured Allowed List entries
  • The messaging font and appearance of the note indicating that allowed domains are not configured for your organization
  • The 403 Forbidden message that displays when a user attempts to login from a non-allowed IP address has updated text styling.
    
    

• Program Management dashboard: The print/download image icon for the Findings donut chart now displays correctly.

• Assets table: The table on the Assets page (Asset Inventory) now correctly displays the Asset Details icon (full page) and the meatball menu (Delete) for all asset types.

• Finding Details display: The Finding Details full page view displays correctly when you select the full page icon from the summary Finding Details side slide-out panel summary view.

• Asset display on All Assets tab: Assets with a large number of records now display more quickly.

• Asset: Application Instance display: When ou select a table row when viewing the Application Instance asset type, the side slid-out drawer summary view of that asset's details displays as expected.

• Assets: Discovery Source column: The Discovery Source column available for all asset types from the table's column selector.

• Fast Filter styling: The fast filter, which displays for Findings, Domain assets on the Assets page, and the Ports page for the EASM module, has the following styling updates: IP Address now displays with correct capitalization and spacing between checkboxes and fast filter groups has been adjusted for best viewing.

# PTaaS

• Migrated engagement remediation expiration date: The remediation expiration date now displays the correct date in the Calendar view for engagements migrated from Resolve to the NetSPI Platform.

# March 12, 2025 | Version 1.1.8.4

# Enhancements

# Platform

• CWE column in Findings table: The CWE (Common Weakness Enumeration) column can now be added to the Findings table (located on the Findings page) using the column selector.

# Bug Fixes

# Platform

• Allowed login IP changes: When you remove an allowed domain from the Set Allowed Login IPs page, the change is correctly saved.

• Domain asset fast filter: When you select Domain in the left navigation fast filter for All Assets, the related CVE subsection's checkboxes are now selectable.

# March 11, 2025 | Version 1.1.8

# Enhancements

# BAS

• Vendor Coverage: The Vendor Coverage and Data Sources page displays have been updated to scroll and use the page space efficiently.

• Workspace page: The Workspace page display has been updated to more efficient and performant.

# Platform

• Notifications: Notifications for findings have been refactored for faster delivery when findings are published, assigned, and tested for remediation.

• Remediation Due Date tooltip: A new tooltip has been added to the Remediation Due Date field, which displays for finding details (select any Findings table row to display the finding's details). The tooltip serves as a reminder that the Remediation Due Date is based on your SLA settings, which are set by your organization's Client Admin on the Settings -> SLA Management page.

• New Fast Filter: A new, left navigation fast filter that lets you quickly view findings and domain assets, and for EASM, ports, with states or statuses that matter to you most. The fast filters are available in the following locations:

  • Findings pages (accessed from the top menu's Findings drop-down list)
  • The Assets page for Domains
  • The EASM module's Ports page

  The images below are example of the fast filter functionality:

  

  

  The left navigation displays:

  1. Multiple fast filters for different aspects of the selected page (Severity, CVE, etc. for Findings, and Port Number, Service Name, etc. for the EASM module's Ports page)
  2. A sort button to toggle from highest to lowest count and back for each fast filter option
  3. Checkboxes that filter the table to the right, displaying all records that match the selected criteria
  4. A total count for each fast filter option as it exists in the table

# PTaaS

• Calendar display: The calendar that displays throughout the platform now displays with Sunday as the first day for each row instead of Monday, for consistency with the Resolve application.

# Bug Fixes

# BAS

• Viewing Cutoff time: The default Viewing Cutoff Time for integrations has been increased from 300 seconds to 1500 seconds.

• Read-only access: Platform users with read only access to the following BAS module components will see the following application behavior instead of a 403 error messages:

  • The Edit icon on the All Operations page no longer displays for operations
  • The table rows on the Playbooks page are no longer selectable

• Workspace page: The procedure drop-down list, at the top left of the Workspace page, no longer displays the text "undefined" when you switch the client/tenant from the Organization selector drop-down list (at the top of the page).

# Platform

• Text style consistency: Text styling from engagement data migrated from Resolve is now consistent with the original engagement in Resolve and all platform headings and subheadings have consistent styling.

• Button messaging: The button that displays When you log in from a non-allowed domain, and your organization has configured an Allow List that limits login IPs, the button text that redirects you to log in fro a allowed domain displays as Back to the login page instead of Go to login.

• Asset side panel display: The Open Findings card, on the asset details side panel that displays when you select any Asset table row, has a consistent display as the other side panel cards when you hover over it.

• Client user management workflow: When you create a new platform user account for someone in your organization, when you select Submit to save the new user account, the Submit button now correctly displays as disabled after selection.

• IdP-Initiated SSO instructions: The Setting up IdP-initiated SSO section of the NetSPI Platform Help pages has been updated to include specific endpoint values depending on if you use service provider configuration or identity provider configuration, for Okta (and most IdPs) and MS Azure.

# PTaaS

• Bulk edit of Findings: When you bulk edit findings State value, only the correct three finding states display as options: Ready for Retest, User Remediated, and Accepted Risk.

# March 3, 2025 | Version 1.1.7.4

# Enhancements

# Platform

• Resolve URL links rerouted to Platform: Once your data is migrated from Resolve to the NetSPI Platform, any links in previous Resolve emails will open in the NetSPI Platform to the migrated data, engagement, etc.

# Bug Fixes

# Platform

• Findings Affected URL: The Affected URL link, in the full page Finding Details page, now correctly opens the URL in a new browser tab as expected.

# February 25, 2025 | Version 1.1.7

# Enhancements

# Platform

• Finding details load time: The finding details side panel, which displays when you select any row in the Finding table, has been optimized to display more quickly.

• Findings table updates: When you select a finding and make an edit in the side panel, such as to the State, the Findings table value updates immediately to reflect the change.

# PTaaS

# Bug Fixes

# Platform

• Findings with Affected Assets: When a finding has an affected asset, the Affected Asset value, on the Overview tab of Finding details page (and side panel view), displays as a link that can be selected to display the Asset Details page for the asset.

• Outdated Findings table column removed: The OWASP Mobile 2016 data point is outdated and has been removed from the Findings table.

• Async Jobs: Searching the Async Jobs table for an existing async job returns results as expected, and the table column selector displays the Error column heading option only once instead of twice.

• Assets CSV exports: Exporting IP and/or domain assets from an engagement include the asset's ID in the downloaded data when you've selected ID as one of the columns to display in the table prior to export.

# PTaaS

• Home page Engagements group: The finding count, which displays for published findings for each engagement in the Engagements field group, now syncs with the Findings page every 12 minutes and displays the correct number of findings.

• Finding filters: The following filters that were available in Resolve have been added to the NetSPI Platform Findings table: Description, Business Impact, and Remediation Instructions.

• Findings table bulk edits: The Assigned To field has been reinstated so that it can be used for bulk edits on findings. The Assigned To, Client Assigned Severity, and State fields are the three fields available for bulk edit actions. See this guide's Navigation section on Bulk edits for details.

• Similar Findings tab: The Similar Findings table, which displays when you select the Similar Findings tab on the Finding Details page, displays correctly when the tab is selected.

# February 19, 2025 | Version 1.1.6.6

# Bug Fixes

# PTaaS

• Client User Management: When a Client Admin user selects one of their organization's NetSPI Platform users from the Client User Management page table, the user's page loads and displays correctly when that user's roles are not yet defined or configured for the NetSPI Platform.

# February 18, 2025 | Version 1.1.6.5

# Bug Fixes

# Platform

• Large bulk edit jobs: Several large bulk edit operation issues have been corrected:

  • When you perform a bulk edit on a large number of items (findings, assets, etc.) of 5,000 or more, the bulk edit occurs successfully and the result appears on the Async Jobs table.
  • The "Async job started" message displays correctly for bulk edits of 2,000 items or more.
  • Async jobs are successful when you bulk edit the State field for findings.

# PTaaS

• Migrated Remediation Types data: Findings migrated from Resolve to the NetSPI Platform now correctly include any pre-existing Remediation Types data.

• Migrated finding data: Findings migrated from Resolve to the NetSPI Platform now correctly include any pre-existing OWASP 2021 data.

# February 10, 2025 | Version 1.1.6

# Enhancements

# EASM

• New asset upload CSV: You can now upload a CSV file of IPs and domains for EASM assets. The EASM section of the Help guide on Adding an asset has been updated with this information.

• Attack Surface dashboard date controls: The Attack Surface dashboard now has date controls that allow you to select a view of the data in ranges of the previous 30, 60, 90, and 180 days from the current date. The Attack Surface dashboard section has been added and updated with the new date range picker.

# Platform

• Person assets: Person assets now include a Middle Name field and the email that displays for each person record has been validated.

• Table column display by module: All tables throughout the NetSPI Platform that support multiple module data, including Findings, Assets, and Ports, dynamically display column names for customizing your table display based on the modules you and your organization have access to.

# PTaaS

• Migration messaging: A new warning message displays encouraging you to not make engagement data changes if your migration from Resolve is not yet complete. NetSPI allows clients to view their engagements in the NetSPI Platform before migration completes for onboarding purposes, but data changes made there may be overwritten once the migration process is finished.

# Bug Fixes

# EASM

• IP Locations data: The IP Locations map, on the Attack Surface Dashboard, correctly fetches and displays locations as you scroll.

• Asset details Discovery tab: When you select an asset from the All Assets tab to display the Asset details slide out drawer, selecting the Discovery tab no longer cause the page to reload.

• Attack Surface dashboard: When you select the Management Ports card on the Attack Surface Dashboard, the Ports table displays the the same number of ports as displayed on the Management Ports card.

• Port Details: The Status Timeline, on the Port Details Overview tab, now loads correctly from left to right as the tab displays.

• Cloud account: When cloud accounts are scanned by EASM, but the client has blocked access to some of the cloud account services, the scan will now continue and will be designated as a failed scan.

• Discovery Chains: Attributions are now displayed when viewing the discovery chain, making it easier to understand how an asset was discovered.

• Asset Details: The Open Findings field group, ont he Overview tab of the Asset details page for any asset, correctly shows a graph for the open finding.

• EASM findings: When an EASM-discovered finding has an affected URL, the Affected URL value, on the Overview tab of the Finding details page, now displays the URL as a link that can be selected and viewed.

# Platform

• Findings with ports: Findings with ports and protocols now display the table correctly on the Ports tab when viewing the finding details and the IP Description table column has been selected for display.

• Group Assets: New Group assets get created without issue when you replace invalid content in the Raw Permissions field with valid content (valid json).

# PTAAS

• All Findings by Top 10 OWASP 2021 dashboard display: The All Findings by Top 10 OWASP 2021 dashboard now displays its graphic without error.

# January 28, 2025 | Version 1.1.5.5

# Bug Fixes

# Platform

• Permissions display on the My Profile page: When viewing your profile page, the PTaaS tab displays quickly instead of taking longer to load.

# January 27, 2025 | Version 1.1.5

# Enhancements

# BAS

• Run page History tab: On the Run page, when you switch between the Execute and History tabs, if there is only one procedure on the Execute tab, the procedure displays fully expanded to more easily view all the details.

# Platform

• Non-usage accounts: NetSPI Platform user accounts that have not been logged into for one year are now deactivated as a standard security practice.

# PTaaS

• Report images: Images in NetSPI Platform security reports now display with borders for a cleaner appearance.

• Async Job performance: The Async Jobs feature has been optimized for faster performance.

# Bug Fixes

# BAS

• Scheduled Operation dates: The scheduled date for an operation is no longer an editable field when editing a scheduled operation.

• Agents list: On the Agents page, when you select the refresh button, a loading icon displays while the page updates.

• Invalid Operation ID messaging: If an invalid operation is selected, a 403 forbidden message displays.

# EASM

• Cross module asset deduplication: When EASM discovers an asset that is also in the client's PTaaS-discovered assets table:

  • If that asset includes a subdomain, EASM sets that subdomain's monitored state to match that of its root domain
  • EASM adds an "is subdomain" notation in the database for the asset
  • A discovery chain is added for the asset
    
    

• Domain assets with subdomains: When you select the Subdomains card on the Asset Details side panel, the Asset Details page displays with the Related Assets tab in focus, with all related subdomains in view.

• Ports page screenshots: Screen shots on the Ports page display correctly when you select the Screenshot Gallery icon.

• Attack Surface Dashboard: The IP Locations map's IP markers now correctly link to the collection of IPs associated with that location. The IP markers also now display in variable sizes on the IP Locations map, reflecting the number if IPs in that location.

# Platform

• Module badge sizing: The module badges that display throughout the NetSPI Platform (PTaaS, EASM, and BAS), now display with consistent sizing.

• Notify NetSPI notifications: When you select the Notify NetSPI button on the Program Management dashboard for an engagement that is ready for retest, the notification sends successfully.

• Creating new user accounts: New user accounts are created successfully and without error when allowed email domains have been specified.

# PTaaS

• Engagement name display: Engagements with long names now display that name in a truncated, expandable "wrapped" view instead of displaying as far right as possible, which required a horizontal scroll to view completely.

• Finding details Affected URL: The Affected URL value, which appears on the Overview tab for finding details pages, now displays correctly and does not include any version headers.

• Finding Details Verifications: The Verifications tab, on the Finding Details side panel view, displays the correct name instead of "Verification Inst.".

# January 21, 2025 | Version 1.1.4.1

# Enhancements

# Platform

• Notification handling: All downstream notifications are delivered on time when a primary notification process stops or restarts.

# PTaaS

• Finding assignment: To assist with remediation efforts, the Assigned To field, in the Overview field group on the Finding details page's Overview tab, is now editable even when the engagement the finding belongs to has a State of Completed.

• Under the Radar Engagements: A new user setting defining which engagements your users can access has been added. The Under the Radar Engagements section has been added to the New User workflow that allows access to unique engagements requiring limited access. Current NetSPI Platform users will not get automatic access to engagements flagged as Under the Radar, even if their permissions are set to see All Standard Engagements. If you require access to an engagement that is flagged as Under the Radar, please contact your NetSPI CDM. The Add a new user section of this guide has been updated with an image and description for using this new feature.

# Bug Fixes

# Platform

• Cloud Asset information cards: The information cards that display on the Assets page, when the Cloud Resource asset type is selected, display correct values for the With Open Findings and Without Open Findings cards when there is a large data set.

• Adding Assets: Adding an asset for the EASM module now works without error.

# PTaaS

• Engagement Ports tab display: Selecting a row on an engagement's Ports tab (for a Bulk Action) displays the table correctly instead of a blank page.

# January 13, 2025 | Version 1.1.4

# Enhancements

# Platform

• Navigation update: The Findings and Assets navigation options have been centralized in the top navigation for a more streamlined user experience. The side navigation options focus on module-specific actions and you can continue to access findings and assets from the PTaaS Engagements page and EASM Asset Insights options as well. The NetSPI Platform Guide (Help Pages) has been updated to reflect these changes.

• New user name spacing: When adding or editing users to the NetSPI Platform, any leading or trailing white spaces will automatically be removed for First Name and Last Name fields.

# PTaaS

• Async Jobs Log messaging: The Async Jobs Log no longer lists unnecessary log messaging for some backend bulk edits.

• Findings table data: Finding page data now loads more quickly for organizations with large data sets.

# Bug Fixes

# Platform

• IP Address for host assets: The IP address field displays correctly in the Assets table on the Assets page when the Host asset type is selected.

• Port on Finding page: When adding the Port column, entering the word Port retrieves the Port column heading as intended and the Port column displays.

• Domain asset details: On the Asset Inventory page, when you select the Domain asset type and then select an asset to display that asset's details page, selecting the IP Addresses or Subdomains cards on the Overview tab puts the Related Assets tab in focus as expected.

• Text color in dark/light theme: The text color displays correctly when switching from dark to light theme.

# January 6, 2025 | Version 1.1.3

# Enhancements

# BAS

• Workspace page support for images: When you edit the Visibility tab to update the Accepted Risk, detection Levels, or Data Sources for a procedure, the Comment field that displays in edit mode now includes an image icon that allows you to upload an image with your comment. A new Editing the Visibility tab section has been added to this NetSPI Platform guide.

• New data exfiltration procedure: A new RClone exfiltration procedure has been added and can be selected when you create a new Operation.

# EASM

• AWS Organizations integration: A new AWS Organizations integration is available and documented here. This integration allows you to centrally manage and govern many AWS accounts.

• Port screenshots: Port screenshots now display as thumbnails instead of full images, optimizing page load time.

• Adding ports: You can now add Ports for IP Address and Domain assets by navigating to the Ports tab on the Asset details page for those assets and selecting the Add Port button.

# Platform

• Application and Applications instance asset types: Two new asset types, Application and Application Instance, have been added.

  • The Application asset includes the application name, version, and other static details, and findings are not created for this asset.
  • The Application Instance asset is an installed instance of an application, and findings can be associated with this asset.
    
    

• Default table display: Default table columns display consistently for assets and findings for both the module and global view.

• Keyboard controls for selecting multiple checkboxes: You can now use the following keyboard shortcuts to select a range of checkboxes (in tables) throughout the platform: shift + click for macOS and ctrl + click for Windows.

• Person asset: The Person asset type has the following new fields added that display in the Assets table:

  • Employee ID
  • Birth Date
  • Middle Name
  • Company ID
  • The Emails data type has been updated to be a an array to accommodate more than one email.
    
    

• New Operating System asset: A new asset type called Operating System has been added to the Assets table.

• Slack integration messaging: A new confirmation dialog box displays when you select the Delete (trash can) icon in order to delete your Slack integration, in order to confirm deletion.

• Asset type icon display: The asset type name and its associated icon now display on the Asset Details page for any selected asset.

• Help icon hover text: The Help icon (question mark), at the top right of the NetSPI Platform page, now includes hover text that displays "Help Pages" to enhance efficient access.

• Home page display: The NetSPI Platform home page that appears when you first log in has the following display based upon modules to which you've subscribed.

  If you have:

  • Only the PTaaS module, then the PTaaS home page displays
  • The PTaaS module plus any other module, then the PTaaS home page displays
  • Only the BAS module, then the BAS Operations (Procedures) page displays
  • Only the EASM module, then the EASM dashboards display
  • The BAS and EASM modules, then the EASM dashboards and BAS Operations (Procedures) display

# Bug Fixes

# BAS

• Heatmap Technique Details links: The Technique Details side panel, which displays when you select a technique on the Heatmap page, now has linked titles for each of the technique's procedures. Selecting a procedure title displays the Workspace page with the selected procedure in focus.

• Workspace Activity Log comments: A bug in the Workspace page's Activity Log comments feature has been corrected and you can now add comments on that tab. The Activity Log tab displays on the Workspace page when you select a procedure from the procedure group to display that procedure's details.

• Coverage tables: The tables on the Vendor Coverage page's Data Sources and Detection Strategies tabs display with a more efficient spacing for each column.

• Workspace Visibility tab display: The Visibility tab's buttons now display correctly and do not overlap. The Visibility tab displays on the Workspace page when you select a procedure from the procedure group to display that procedure's details.

• Data Source display: The Copy and Delete buttons no longer overlap the adjacent fields in the Data Sources field group that displays on the Visibility tab for a selected procedure on the Workspace page. Table styling has also been updated to be consistent.

• Vendor Comparison: The chart on the Vendor Comparison page, accessed from the Vendor Coverage page, correctly matches the corresponding data that displays in the table beneath it.

• Settings requirements styling: On the Run page, red styling has been added back to required fields for selected Procedures that require at least one agent, for example, and for Play Settings when there are required values needed in order to complete the play.

• Workspace file upload: File uploads on the Files tab in the procedure details group now load correctly.

• Editing integration settings: You can edit integration settings on the Integrations page without having to edit the Viewing Cutoff Time field.

# EASM

• Create Company button: Users with permissions to create Company assets can now access the Create Company button and the Create Asset button (for Cloud Account assets) on the EASM Assets page.

• Findings PDF report: When you select findings on the EASM Findings tab and export them to a PDF file, the following field values are now included (and the URL field is not included if it has no value):

  • Verification instructions
  • Remediation instructions
  • Affected assets
    
    

• Subdomain Name in Domain table: You can now select Subdomain Name from the column selector for the Domain table on the Asset Inventory page when Domain is selected.

• Table column selector: When you type a column name in the Column selector for Domain assets, the correct column name displays in response to your typed-search term, and the Tags column header doesn't display multiple times in the list.

• Select a Policy dialog box: The link to documentation that displays in the Select a Policy dialog box, accessed when you select the Create Policy button from the EASM Assets page, links to the correct documentation.

• Domain count: The number of domains listed in the Domain button on the EASM Assets tab correctly shows the number of monitored domains instead of every domain asset for the organization.

• Domain filtering: When you apply a filter to the Domain table on the EASM Assets tab, the results return root domains only and do not include subdomains.

# Platform

• Finding Activity log: The Activity tab on the Finding details page shows the correct Event Performer value for all logged activities.

• Comment size: Comments are now correctly limited to 2 MB in size and a message displays when you reach that limit.

• Card display: Cards, which display throughout the Platform at the top of pages and act as links or filters, maintain their same size and display when hovered over instead of increasing in size.

• Table Filter display: The Saved Filters dialog box, which displays when you select the Filter icon for any table, displays correctly on the page and the Saved Filters section scrolls as intended to view all filter options.

• Engagement Overview fields: The fields in the Overview field group on the Engagement page's Overview tab are read only and no longer change appearance when hovered over.

• Asset Details permissions: Users can correctly view the asset details on for an asset associated with an engagement to which they do not have permissions on the All Assets tab for their organization. Additionally, users limited to access of the PTaaS module, but not the global Assets, will only view assets associated with the engagement to which they have access (via the PTaaS -> Engagements side navigation).

• BAS Operations page: The home page that displays for users with the EASM and BAS modules correctly displays three operations in the lower portion of the home page as designed.

• Tags on Operating System assets: Tags created for Operating System assets are now applied correctly.

• Tags column: It is no longer possible to select the Tags column to display twice in a table. Now it displays only once and attempting to add the column again only deselects the option in the column selector.

• Finding bulk exports: Bulk exports of a large number of findings to a CSV file occurs without error. Additionally, findings export correctly when the Findings table includes the MITRE ATT&CK Technique Name and MITRE ATT&CK Tactic Name columns.

• Identified By column: The PTaaS and EASM module names display correctly in the Assets table when the Identified By column is added to the table and there are assets that were identified by both modules.

# PTaaS

• Finding name in side panel: The finding name now displays in the Finding details side panel that displays on the right side of the pages when you click anywhere in a Finding table row.

• Details side panel fields: The Show Empty Properties button, which displays in the side panel when you select any Findings or Assets table row, now functions as expected, displaying all the fields with no values when selected. The Show Empty Properties button itself also now appears as expected in the Assets side panel.

• Asset table field display: The Email and Parent Person column values display as expected for Person assets on the Assets page for the PTaaS module.

# December 16, 2024 | Version 1.1.2.7

# Bug Fixes

# Platform

• Name search fields: Searching for names with a space between the first and last name occur correctly.

• CSV exports: Exporting a CSV file from any table throughout the Platform occurs more efficiently.

# PTaaS

• Home page Engagements display: Engagements that appear on the Home page's Engagements section display in the following priority state order:

  • In Progress
  • New
  • Peer Review
  • Pending Retest
  • Completed

Completed engagements older than 30 days do not display, nor do Closed engagements. If two engagements have the same state, the one with the earliest start date displays first.

# December 16, 2024 | Version 1.1.2.3

# Bug Fixes

# Platform

• Asset Inventory page: The Tag column now displays only once in the Column selector on the All Assets tab.

# December 16, 2024 | Version 1.1.2.2

# Bug Fixes

# PTaaS

• Emails with apostrophes: NetSPI Platform accounts that have an apostrophe in the email now log in correctly.

# December 2, 2024 | Version 1.1.2

# Enhancements

# EASM

• Findings table: The EASM Findings table now includes the Affected URL value in the table data.

• Ports page: The Ports page filter can now be applied when the ports display in screenshot mode (by selecting the Screenshot icon .)

# Platform

• New Comment Slack notifications: New Comment Slack notifications now display in Slack when you have integrated your Slack instance with the NetSPI Platform.

• Admin Notifications setting: The Admin Notification table (Settings -> Admin Notification Settings) now displays the phrase "Platform and Email Notifications" instead of "All Notifications" to make it clearer which settings that column controls.

• Slack integration: The following Slack integration enhancements are now in place:

  • Prior to integrating Slack with the NetSPI Platform, the Slack Notifications column on the Admin Notification page will not display.
  • The workflow to add the Slack integration has been updated as follows:
    • Selecting the Add button for the Slack integration displays your Slack application's permission approval, actions, and channel selection.
    • After completing the above, you can visit the NetSPI Platform's Admin Notification Settings page and the Slack Notifications column displays with slider toggles enabled for only the "Comment Added" notification, with support for others coming soon. A Manage Slack Integration button at the top takes you directly to your enabled Slack Integration page when selected. There you can deactivate the integration, delete the integration or edit the integrated Slack account.

• Multiple Slack integration accounts: Slack integrations in the NetSPI Platform now only allow a single Slack account per integration, as designed, and it is no longer possible to associate multiple Slack accounts with a single Slack integration. You can create more than one Slack integration, in order to associate another, individual Slack account with the NetSPI Platform.

• Platform module tooltips: New tooltips have been added to the modules in the NetSPI Platform left navigation for modules that you do not yet subscribe to. The tooltips display text indicating more information can be viewed by selecting the module name. Information about that NetSPI Platform module displays in a new browser tab when selected.

# Bug Fixes

# EASM

• Products assets: Duplicate CVE values are now deduplicated and display unique values only on the Products page table.

• EASM notifications: Port information now displays correctly in EASM attack surface report notifications.

• IP address assets: The Monitored IPs card correctly displays data from October 23 to November 8.

• Finding discovery chains: The discovery chain now displays for all EASM findings.

• Product Details: The Cancel button is now active and may be used to close the Product details slide-out panel.

# Platform

• Top menu display: When you hover over a top menu option, a blue-line displays to indicate location instead of a bold font that resulted in some display issues.

• Table loading error: The NetSPI Platform has been optimized so that an error no longer occurs when you navigate to a page with a table that has multiple filters applied.

• Table column ordering: When you re-order a table column multiple times (selecting its header), the correct values display in the table.

• Tag management: Client Admin access ot the Tags page has been restored.

• Engagement Details asset display: Tables on the Assets (IP Address) and Ports tabs on the Engagement Details page now correctly display IP asset information when the Domain column is added to the table display.

• Adding new users: When Client Admins create another new Client Admin role, that new role can correctly add new users for the correct module.

# PTaaS

• In Platform notifications: When you select a notification from the Notifications icon in the NetSPI Platform, focus is placed on the exact engagement and location related to the notification.

• Group asset display: The Group asset, which displays for PTaaS assets, now displays correctly when you select a row to display the asset's details.

• CSV exports: A bulk CSV export from an Engagement Details' Ports tab exports correctly when the HTTP2 column is selected to display.

# November 22, 2024 | Version 1.1.1.3

# Enhancements

# PTaaS

• ID fields: The ID column and its value will not display by default for all tables in the NetSPI Platform. As always, you can modify any table display to show the ID column at will.

# Bug Fixes

# PTaaS

• Asset source: If you have both the PTaaS and EASM modules, and an asset is identified separately by both EASM and PTaaS, then the Identified By column in any Assets table displays both EASM and PTaaS as modules that have identified that asset.

• Finding table PDFs: The bulk action to export findings from the PTaaS Findings table as a PDF has been removed to avoid any confusion between PTaaS and ASM findings.

# November 19, 2024 | Version 1.1.1.2

# Bug Fixes

# Platform

• Application text display: Several corrections were made to text display were made for correct capitalization and punctuation.

• EASM Asset permissions: When your role has permissions to create, read, and merge EASM-generated assets, the EASM Asset details page displays the option to Merge Assets (from the kebab menu to the right of the Remove from Monitoring button). The EASM Assets page in this guide has been updated with this information.

• Error when switching between asset types: An error no longer occurs when you switch between the PTaaS Assets and the EASM Assets tabs.

# November 15, 2024 | Version 1.1.1

# Enhancements

# BAS

There were no enhancements for the BAS module for this release.

# EASM

• Module rename: The ASM module has been renamed EASM (External Attack Surface Management) to more clearly communicate the module's purpose in the larger security context.

# Platform

There were no enhancements for the Platform for this release.

# PTaaS

There were no enhancements for the PTaaS module for this release.

# Bug Fixes

# BAS

• Heatmap percentages: The Heatmap dashboard percentages correctly round half up (when the decimal is equal to or greater than .5) or half down (when the decimal is less than .5).

• Credentials page: The Delete button no longer displays on the Add Credential pop-out side panel.

• Optional designations removed: On the BAS Run page and the BAS -> Playbooks -> Create Playbook page, the word "optional" has been removed from the Select Procedure and Select Playbook drop-down lists.

• Run page drop-down list display: The drop-down lists accessed on the Run page no longer display separator lines between the options in the drop-down list.

• Playbook functionality: The following corrections have been made in the Playbook pages:

  • When you create a Playbook, the Procedures field's Add All Procedures button now correctly adds all procedures
  • Linux procedures now display the Linux logo, and the Mac logo has been added to Mac procedures

• Credentials page: The Credentials page displays a table that is consistent in style with tables throughout the NetSPI Platform.

• Run page: The Visibility tab, in the Procedure details field group that displays when you select a procedure, now expands properly when you select the Edit icon to edit the Visibility tab's fields.

# EASM

• Finding details: The Finding Details page now displays the Attack Parameter field value and provides a copy button for the Affected URL field on the Overview tab. The Overview tab is located on the Finding Details page for findings that have these values.

• Assets added to monitoring: When you add an IP asset to monitoring (EASM -> Assets -> IP Address -> Bulk Action -> Add to Monitoring), the Activity tab on that asset's Details Page now shows the correct "Event Performer" name (the logged-in user who added the asset for monitoring).

• Findings for non-monitored assets: When an asset (IP Address, Domain, or ASN) is removed from monitoring, any related findings for that asset are unpublished and don't display in the EASM Findings.

• Asset details display post-scan: When EASM scans an asset, the asset's detail page displays correct values for any Open Findings, Domains, Ports, Certificates, and Products.

• ASN asset scanning: ASN assets scan correctly even when their scan requires the removal of previous ASN assets.

• EASM Products page: Products with null CPE values no longer display string characters (apostrophes) and now just leave that column of the table blank when null values are present.

• EASM ports info card: On the EASM Assets page, when you select any asset table row, the Ports info card now displays its values consistently instead of displaying no values.

# Platform

• Slack integration: When the Slack integration is set to inactive, Slack notifications stop sending as configured instead of continuing to send.

• Notification name field: Notifications now correctly display the recipient's name at the beginning of the notification.

• Notification setting: A notification called 'Comment Not Marked Show In Client' incorrectly displayed in client user's Notification Settings and has been removed.

# PTaaS

• Erroneous field display: A user-defined field named 'AWS Vulnerability Category' no longer displays in the Finding Details pages.

# November 11, 2024 | Version 1.1.0

# Enhancements

# BAS

• Standalone BAS deprecation: A banner message has been added to the standalone BAS application notifying all users that it will be deprecated as of 12/31/2024. All BAS customers will use the BAS module on the NetSPI Platform from that point on.

• Run Operation page: When configuring a run operation, you can now select the procedures based on a grouping of tactics, playbooks, or tags. Selecting the Expand in tree view icon displays the Add Procedures dialog box where a new Filter displays procedures grouped by functionality.

  

This feature is documented in the NetSPI Platform guide and is also available in Playbooks.

# Platform

• Slack notifications: Slack notifications are now available for comments added in the NetSPI Platform. To receive notifications to your organization's Slack instance go to Notification Settings page (select your NetSPI Platform avatar in the upper right of the NetSPI Platform -> Notification Settings) and then select the Slack Notification for the Comment Added row.

  

  The Notifications section of the NetSPI Platform guide has an updated image reflecting this change.

• NetSPI Platform login page: The login page has been updated to display a link to the NetSPI customer portal upon login failure due to incorrect password, etc.

• Assets table: The Assets table (when selected from the top-menu's Inventory -> Assets) now displays all asset types for all modules. The Asset Details page also includes a new Related Assets tab, which displays when there are assets related to the currently selected one.

• Slack integration: The NetSPI Platform now includes a Slack integration so that you can receive notifications to your organization's Slack instance. See the Slack integration section of the NetSPI Platform guide for instructions.

• Module permissions: When creating a new user account, the NetSPI Platform offers Client Admins the ability to add new users to the NetSPI Platform's individual modules. See the Add a new user section of the NetSPI Platform guide's User management section for details.

# PTaaS

There were no PTaaS enhancements for this release.

# Bug Fixes

# BAS

• Creating Playbooks: Creating Playbooks now functions correctly.

# Platform

• Engagements Metrics graph display: The Metrics graph (Engagement -> Overview tab) displays correctly when hovering over the download options.
• Engagement retest button: The Ready for Retest Notify NetSPI button now correctly notifies your Client Delivery Manager when you select it on the Program Management Dashboard.
• Assets count: When you select the Assets card at the top of the NetSPI Platform's home page, the Assets Inventory page that displays shows the total asset count broken out by asset type, and the totals correctly match the total asset count from the home page.
• Adding assets permissions: The Add Asset button now works correctly when you have permissions to the EASM module.
• Field validation: Non-editable fields in the Engagements' Assets table no longer display erroneous field validation error messages.
• Email notification links: The View Documents button in the email notification now links correctly to the newly updated document in the NetSPI Platform.
• Asset count: The total asset count that displays throughout the NetSPI Platform in either the global (all assets) context or assets scoped to a module or group of modules has been refactored for maintainability.
• Policy asset creation: The Policy Subtype and Policy Category fields now save correctly when you create a Policy asset.
• Table display: Table pages correctly display at the top of the page when you navigate from a page where you you had scrolled to the very end.
• Submit buttons: Submit buttons throughout the NetSPI Platform function correctly and no longer respond to double clicks that mistakenly performed the request twice.
• Engagement tabs: The Engagement Document and Report tabs for Engagements display correctly when you have permissions set to view them.
• Engagement table display: When you select the table Open Findings table column to display in the Engagements table, all Engagements display properly.
• Deleting engagement assets: Bulk deleting a Domain assets for an Engagement correctly deletes the domain asset records.
• Module permissions: Adding a user to the NetSPI Platform with access to the PTaaS, BAS, and EASM modules gives correct access to all three modules even if that user's role is scoped to a single client.
• Engagement card display: The summary cards that display at the top of the Engagement's page and an individual engagement's Findings and Assets tabs on the Engagement Details page.
• Asset display across modules: Assets display correctly for both the PTaaS and EASM modules when you have permissions configured to access both.
• Permissions update: The Create Finding button only displays for EASM users with the express permission to "create finding".
• Asset Inventory page: Only the correct Asset types display on the EASM Asset and PTaaS Assets tabs.
• Engagement permissions: Permissions to access and perform actions on the Documents and Reports tab now function correctly.
• Asset permissions: Assets per module (PTaaS and EASM) display correctly according to role access.
• Tag deletion: Deleting tags now functions correctly.

# PTaaS

• Adding assets: When you add an asset, to an engagement, data entered into all fields save correctly.
• MFA regeneration: Regenerating an Authenticator App MFA now occurs correctly.

# October 21, 2024 | Version 1.0.9

# Enhancements

# BAS (Breach and Attack Surface)

• Procedure grouping options for Playbooks: When you add or edit a Playbook, you can now view the procedures by tactics, playbooks, or tags in the Add Procedures dialog box.

  

  Select the Expand in Tree View icon while on the Edit Playbook or Add Playbook page to display the Add Procedures dialog box, where you can select the new grouping options.

  

  The Playbooks section of the BAS module documentation in this NetSPI Platform guide has been updated with the information.

• Workspace Procedure group export: The Workspace Procedure group table now allows exporting the procedure data in CSV, JSON, and PDF formats.

  The Workspace section of the BAS section in this NetSPI Platform guide has been updated with the information.

• Playbook Settings tab: The Settings tab, which displays in the Playbook page's Procedure details when you add or edit a Playbook, and on the Run page when you create or edit an Operation, now allows you to configure the procedure's domain and time to sleep before and after the operation runs.

The Playbooks page and the Run page have been updated with this information.

# Platform

• Related Assets by ID API endpoint: A new "Get related asset details by asset id for a given asset type and asset ID" endpoint has been added that returns properties of the requested related asset. The API documentation has been updated to include the new endpoint.

• Recovery for locked user accounts: Client Admin users now have the option to unlock any of their organization's user accounts if they become locked. Navigating to Settings -> Users displays the Users page with all of the organization's user accounts. A locked user account displays this status in the Active column and the Client Admin can reset any locked user back to active/unlocked. The user whose account was locked will receive a reset password email allowing them to log back in.

• Notification optimization: Notifications sent when new users are added to the NetSPI Platform and when a user's passwords is reset are optimized to take top priority so that they are sent quickly.

• User account creation: When you attempt to create a duplicate user, a message displays indicating a user with the email entered already exists instead of a more generic error message.

# PTaaS

• Finding notifications: Previously, a Client would have to include the Client Delivery Manager's (CDM) or Agent's name in a finding comment for them to get notified. Now, any CDM or Agent assigned to the engagement will automatically be notified when Clients leave a comment on a finding.

# Bug Fixes

# BAS (Breach and Attack Surface)

• BAS Settings (Icons): The BAS Settings' Data Sources correctly displays icons on the Detection Strategies and Security Vendors tabs.

• BAS Settings (Data Source display): When you select any row in any of the BAS Settings' Data Sources tabs, the table now displays correctly (instead of squished) when the edit drawer pop out displays to the right.

• Playbook creation: Playbooks can be created successfully and are no longer blocked by an error.

• User login: User login has been made more resilient so that under two potential error conditions, the user will be able to log in successfully.

• Procedure name display: Procedure names now display correctly on details pages accessed from the All Operations page, Playbook page, and Select Procedure Tree View.

• Playbook deletion: Deleting Playbooks now functions correctly and no error displays.

# Platform

• CSV download date corrections: Downloaded CSV file data now shows correct date values, instead of one day prior to the actual date displayed in the NetSPI Platform table. Additionally, user data correctly displays the users' names instead of numeric value, e.g., "Created By" value, etc.

• Window/page scrolling: When you scroll to the end a window contained within a scrollable page, the page scrolling now allows you to scroll to the end of the page.

• PTaaS filtered assets: Assets are filtered by those discovered only by the PTaaS module when you navigate to PTaaS -> Assets.

• Client Admin permissions: Client Admin roles have their module permissions correctly scoped when they have access to different modules under different tenants (organizations).

• Finding CSV exports: Exported CSV findings files display only the Severity column data and no longer display the duplicate "Numeric Severity" column.

• User profile image limits: An alert now displays if you attempt to upload a user profile image that is larger than 1 MB or is an unsupported file type.

• Engagement URL access: If you copy and past an unauthorized Engagement URL into a browser window, a 403 Forbidden message now displays instead of the page attempting to load forever.

• Organization (tenant) access: When a Client Admin who manages multiple organizations within the NetSPI Platform removes access to an organization for one of their users, that user no longer sees the removed organization from the organization drop-down list in the NetSPI Platform.

• Notifications: Notifications now correctly stop being sent to you when you unsubscribe from engagement-level notifications. Additionally, when you select the View Documents button in a new document notification email, the link takes you directly to the related Documents or Reports tab.

• Integrations (Workato connector): The UpdateFinding action has been updated to include a required clientId parameter in the API call for integrations configured in Workato for the NetSPI Platform and your third-party products (Jira, ServiceNow, etc.).

• Platform searches: Text entered in a search field persists even if you click somewhere outside fo the Search field on the page before pressing the enter key.

• User account case sensitivity: Emails entered in the New User page are no longer case sensitive and duplicate user accounts cannot be easily duplicated as a result.

• User account errors: Creating and updating user accounts, including updating module access, now works as intended. Ths also resolves a bug where a user with access to only a single organization with partial engagement permissions (e.g., read only) had the PTaaS module disabled.

• Engagement filters: The Engagement -> Ports tab no longer displays non-user-generated default filters in the Saved Filters/Filters tabs.

• Engagement text update: When a Client Admin edits one of their organization's users (Settings -> Client Users Management -> select a User from the Users table), when module (PTaaS, BAS, EASM) access level is granted (Read/Write, Read, Client Admin), a new section displays beneath the Role section which is now called Engagements instead of Projects. This aligns with the NetSPI Platform consistent terminology.

• Users table columns: The Users table (accessed by Client Admins, Settings -> Client Users Management), correctly displays the users table when the user edits the table to display the "Updated On" column.

• Asset create dates: Cloud assets now display the correct Created By date upon import.

# PTaaS

• Dark theme text: Text that formerly appeared difficult to read when the NetSPI Platform was set to a dark theme display have been updated to have higher contrast and are more readable.

• Comment field formatting: Heading 4 and Code Block formatting now work correctly in comment fields.

• Engagement Comments tab: Clicking in the new comment field now allows text entry as expected.

• Report status changes: Changes to various report statuses (data collection, data analysis, and deliverables) no longer display the updated status as "undefined" in the downloaded report, and instead, now display the updated status.

• Finding CVEs: The CVEs tab, access when you select a finding and view the finding details, now displays properly instead of a blank page.

• MFA changes: Changes made to your MFA preference now save properly. MFA settings/preference can be changed by selecting your avatar in the top right of the NetSPI Platform page, then My Profile -> MFA tab.

• Merging assets: Asset merging works as intended and no longer displays an error.

# October 7, 2024 | V1.0.8.6

# Bug Fixes

# Platform

• New document upload notifications: Notifications for newly-uploaded documents are sent correctly for Client Admin accounts that have "New Document Uploaded" selected for notifications on the Admin Notification page.

# October 7, 2024 | V1.0.8.5

# Bug Fixes

# Platform

• Notifications: NetSPI Platform event notifications that exceeded 2 MB in size now send correctly.

# Platform/PTaaS

• Filter criteria: Table filters that apply to your user accounts correctly show all of the correct user names for your organization.

# October 1, 2024 | V1.0.8.3

# Bug Fixes

# Platform

• Platform permissions: When your account is configured for selected PTaaS engagements for a single client, those engagements now display correctly instead of a blank page.

# October 1, 2024 | V1.0.8.2

# Enhancements

# Platform

• Comment timestamps: All comment timestamps display the full date and time (hours and minutes) even if the comment was made within 24 hours of viewing.

# Bug Fixes

# Platform

• Documentation display: The NetSPI Platform documentation guide now displays the latest documentation when you select the Help (?) icon.

• Bulk action scope: Bulk actions (on findings or assets) now occur correctly for all NetSPI Platform modules (PTaaS, BAS, and EASM).

# Platform/PTaaS

• Port creation: Ports are now correctly created only for IP Address, Domain, or Host asset types.

• Canceled engagements: Engagements in a state of "Canceled" correctly display any Create or Update buttons as disabled.

# September 25, 2024 | V1.0.8

# Enhancements

# Platform

• Findings details display: The Findings table displays a new right side sheet with Finding Details when you select a single table row. Similar to the Assets table -> Asset Details side sheet, the Finding table -> Finding Details side sheet displays a condensed display with tabs of the Finding Details page. You can also scroll right within the Findings table to select the Eye icon, which displays the Finding Details page. The data presented is the same as the Finding Details side sheet, but displays in a full page view. The NetSPI Platform guide has been updated to include information on the Finding Details side sheet and full page icon.

• NetSPI Platform links when unauthenticated: When you click a NetSPI Platform link and are prompted to log into the NetSPI Platform, once logged in, the specific page displays that matches the selected link instead of defaulting to the home page.

• New email notification: When an engagement's status is "complete" a new email notification is sent to you as a reminder to deprovision all testing accounts created and shared with NetSPI at the engagement's start.

# Platform/PTaaS

• New User process: When Client Admins create new NetSPI PLatform users, they can now select a new Previous button to return to the user's name and email page without losing the user's details. If you select the back arrow icon instead, a warning popup dialog box displays indicating you will lose all data entered, and, if selected, returns focus to the Users table. The NetSPI Platform guide's User Management section has been updated with this information.

• Last login date and time: The My Profile page now display the last date and time you logged in, along with the date your NetSPI Platform account was created, the name of the person who created the account, and your user ID. The NetSPI Platform guide has been updated with this information in the Navigation section.

# Bug Fixes

# Platform

• Admin Notification update: The "Consultant Scope Survey Submission" setting displayed erroneously and has been removed from the Admin Notification page. Note: The Admin Notification page displays only for clients with Admin privileges.

• Findings Severity badge display: The Severity column in the Findings table now displays the correct Severity badge.

• IPR report comments: When IPR (Intellectual Property Rights) reports are deleted any related comments associated with the report are deleted from the NetSPI Platform at the same time.

• Login error: When you first log into the NetSPI Platform, the login occurs correctly and no longer displays a "403 Forbidden" message before redirecting to the login page again.

• Engagement details: The Assets tab, when navigated to via PTaaS -> Engagement -> Assets tab, shows all assets discovered during the engagement, even those that may not have the Identified By value of "PTaaS".

My Profile: The My Profile page correctly displays your last login date and time.

# Platform/PTaaS

• New user experience: When a new user logs into the NetSPI Platform and has access to a module that is not PTaaS, they can successfully view their module and data.

• Engagement details page: The Engagement details page's Activity tab now displays the correct name for the Event Performer.

• Engagement state: Canceled engagements correctly display their status as canceled in the NetSPI Platform Engagements page. The engagement also becomes view-only once canceled, same as it would if in a completed state.

# September 11, 2024 | V1.0.7.4

# Bug Fixes

# Platform/PTaaS

• Filter operators: When you create and save a table filter (applied to either engagement, finding, or asset tables) with an AND operator, the AND operator persists and displays in the saved filter and does not change to an OR operator.
• Program Management dashboard: Engagements with published Kickoff documents now correctly display them as published on the Program Management dashboard.

# September 5, 2024 | V1.0.7.3

# Enhancements

# Platform

• Add Comments dialog boxes: All Add Comments dialog boxes have been resized to be larger.
• Notifications enabled by default: Platform notifications are all now enabled by default when a new user is created.

# Bug Fixes

# Platform/PTaaS

• Home page calendar: The calendar now correctly shows all the different colored dots for all actions and events in the NetSPI Platform.
• Engagement overview: The Engagement start and end dates that appear in the Engagement Overview on the Home page correctly update when the start or end dates are modified by the NetSPI Client Delivery Manager.

# September 3, 2024 | V1.0.7.2

# Bug Fixes

# Platform

• Notifications: The NetSPI Platform notifications are working again after updating the maximum message size.

# September 2, 2024 | V1.0.7

# Enhancements

# Platform

• API rate limiting: Calls to the NetSPI Platform API now allow 10 requests per minute. You can view the API documentation for the new service here: https://platform.netspi.ai/apidocs.

• Global Findings vulnerability management: The global Findings table, accessed from the top Findings link in the NetSPI Platform, includes the following new table filters, allowing you to manage vulnerabilities independent of engagements:

  • Asset Owner (A new field is added upon new asset creation and is also visible on the Asset table (Inventory -> Assets))
  • SLA Remediation Date
  • Ticket Number
  • Remediation Owner (The Finding table's Assign To field is populated with this field's value.)
  • Security Owner (This field can be manually populated from the Finding details page, similar to the Assigned To field.)
  • Reviewer - (This field can be manually populated from the Finding details page, similar to the Assigned To field.)

• IdP-initiated SSO: Identity provider single sign-on has been added the NetSPI Platform. You can find the instructions on how to work with NetSPI to set up IdP-initiated SSO here.

• Group Asset Properties: The Group asset type now includes the following properties that can be selected for display filtering in the Assets table (Inventory -> Assets -> Group):

  • Owner
  • Fixed Role
  • Disabled

# Platform/PTaaS

• Home page calendar legend: The Calendar now displays different colored dots on days to indicate upcoming changes or actions.

# Bug Fixes

# Platform

• Global Engagements and Findings table display: Extra white space between the final row and the page navigation no longer displays.
• Platform login page: The NetSPI Platform login page no longer displays an older watermark.
• User role creation: New user roles update more quickly when you create a new user and assign them to an engagement.

• NPS Score Survey: The NetSPI Platform NPS score survey now correctly displays 90 days after the last NPS score survey, whether the survey was dismissed or responded to.
• Text dialog box lag: Entering text in the Recent Engagement Comments field saves text entered in real time without any lag.
• Policy assets: Adding a Policy asset now saves correctly.
• Engagement Assets: The Merge Asset(s) button displays correctly on an Engagement's Assets tab when you select the IP Address asset type.
• Slider button labels: The text that displays next to some slider buttons throughout the NetSPI Platform now displays in the correct font style.
• Status button text alignment: The text that displays in status buttons, such as those in the State columns of the Engagements table, are now centered vertically and are consistent with design.
• Integrations: The Workato recipe now displays the updated NetSPI logo.
• New user creation: When a Client Admin edits an existing user's account, the Update button now correctly displays as non-active after it is selected.
• NetSPI Platform Chrome tab icon: The NetSPI favicon that appears in the Chrome browser's tab is now updated to the correct logo and can be easily seen.
• Default client on Personal Profile: Changing the Default Client on the Personal Info tab of the My Profile page now saves correctly.
• Attack Path Person asset display: The Attack Path now correctly displays the person's name, if available, when a Person asset is added to the Attack Path palette.
• Email addresses with dashes: Email addresses with dashes ("-") in the email address can now be correctly added to the NetSPI Platform.
• Confirmation dialog box display: Confirmation dialog boxes no longer have an extra line displaying in the middle of the box.

# Platform/PTaaS

• Engagements read only status: Once an engagement is completed, it will become read-only in the NetSPI Platform. You can still change individual findings statuses to the following states once an engagement is read only: User Remediated, Accepted Risk, and Ready for retest. You can also still add and edit comments to the engagement and individual findings for a read-only engagement, as well as add new documents and unsubscribe from any notifications.

• Program Management dashboard retest button: Selecting the Notify NetSPI button correctly notifies all Program Managers and Client Delivery Managers assigned to the engagement.

• Reports: Several formatting issues in the engagement report display have been resolved: extra blank page, heading on same page as following paragraph, table column heading wrapping, etc.

• User CSV export: A CSV file of all users, both active and inactive, exports correctly. This action is available to Client Admins only.

• Home Page: The four tiles at the top of the page (Total Findings, Open Findings, Closed Findings, and Assets) are now selectable and display the Findings page and the Assets page, respectively. Also, the Engagements section now correctly displays engagements according the following hierarchy:

  • In progress
  • New
  • Peer Review Requested
  • Peer Review
  • QA In Progress
  • Peer Review Revisions
  • Peer Review Approved
  • Peer Review Completed
  • Pending Retest
  • Remediation Retest
  • Completed
  • Closed

• vDocument upload notifications:** Clients are now correctly notified when a new document is uploaded to a new engagement, even if there is no client user assigned to the engagement.

• MFA for new users: When client admins create new users for their organization, the MFA setting will be automatically set on or off according to the client's MFA enforcement.

• Engagement assignment: The Search box displays correctly when you select any of the user assignment fields in the Overview field group on the Overview tab for a selected Engagement.

• User account notifications: When a Client Admin updates any user profile details for a user account, no notification will be sent to the user.

• Help pages/Release note links: The following links correctly display the Platform documentation and release notes:

  • Help "?" icon on top right navigation: Opens the Help Bot, which includes a Help Pages link that opens the documentation in a new browser tab.
  • The Notification Settings page's "help pages" link displays the Platform documentation in a new browser tab with focus on the notification section.
  • The About the NetSPI Platform page's "View Release Notes" button displays the Platform documentation in a new browser tab with focus on the Release Notes section.

# August 22, 2023 | V1.0.6.6

# Bug Fixes

# Platform/PTaaS

• Notifications: Notifications are now working in the production environment.

# August 16, 2024 | V1.0.6.5

# Bug Fixes

# Platform

• New user passwords: The temporary password sent to new NetSPI Platform users when their account is first set up now displays the full temporary password (instead of a truncated version) and the new user can login successfully.
• Login with MFA field: When you log into the NetSPI Platform using a password and MFA (multi-factor authentication), the field where you enter your MFA code now displays "Please enter the 6-digit code from your authenticator app" instead of "One-time code" to clearly communicate the expected value.

# Platform/PTaaS

• Reset password field description: The login page that displays when your email has been reset by your admin now includes the following text: "Please enter the temporary password received in the email". This replaces the former "Enter your password" to clearly prompt you to enter the temporary password that was sent.

# August 14, 2024 | V1.0.6.3

# Bug Fixes

# Platform

• Password failure message: The message "Login Failed" now displays in place of the former slightly longer message, to more broadly cover multiple reasons for failed login, e.g., too many password attempts, incorrect user name, incorrect password, etc.
• Finding Filtering: Filtering findings by the 'Created At' attribute now correctly filters the findings table.

# Platform/PTaaS

• Text entry dialog boxes: Text-entry dialog boxes (Notes, Add Comments, etc.) no longer display a flash or jitter while entering text.
• Time zone discrepancies: Client users who reside in different geographic locations will see the same dates in the NetSPI Platform (e.g., engagement Start Date, End Date, or Created On date) for time zones ranging from -12:00 to +11:59:59 relative to UTC. Outside of these ranges, dates displayed may differ.
• Client names with "&": Client names that include an ampersand (&) now display correctly in the Accountability section of the Kickoff Document.
• Downloaded report dates: The date a report was published correctly displays on the report cover when you download a PDF of that report, instead of displaying the current date.
• NetSPI Platform app resizing: The left navigation displays correctly when you resize the browser window to be smaller and then maximize it again.

# August 8, 2024 | V1.0.6.2

# Bug Fixes

# Platform

• Assets page: The Discovery Source column in the Assets table now correctly displays values for related assets (e.g., IP Address and Domains) and not just for the Host.
• Typo corrections: The following two typo corrections were made:
  • On the Program Management Dashboard, All Engagements table (Dashboards -> Program Management -> All tab), the table column heading "Remediation Test Start Date" is now spelled correctly.
  • On the Findings page, the Findings table column headings "Client Assigned Severity" and "Attack Parameter" are now spelled correctly.

# Platform/PTaaS

• Document upload error: Document uploads no upload correctly on the Engagement details page's Documents tab (PTaaS ->Engagements -> Engagement -> Documents tab).
• Draft comments (Engagement details) On the Engagement details page (PTaaS -> Engagements -> Engagement -> Comments tab) draft comments are now retrieved correctly when you navigate away and then back to the Comments tab. When you return to the Comments tab, the text "You have an un-posted comment" displays in light gray text in the active (top-most) comment field, and selecting that field displays your draft, in-progress comment where you're able to complete it. The NetSPI Platform documentation has been updated to include information about this functionality.

# August 7, 2024 | V1.0.6

# Enhancements

# Platform

• Migration notification: Migration notification emails, with information on the migration date and transition details, are sent automatically to clients ahead of account migration.
• Assets table: A new Discovery Source table column indicates one of the four following asset discovery sources: PTaaS, AWS, Qualys, and Manual. The NetSPI Platform provides integrations with your AWS and Qualys accounts. See the Integrations instructions for details for implementation. The NetSPI Platform guide has been updated with this information.

# Bug Fixes

# Platform

• Bulk action error: Making bulk edits to large finding data sets (2000+) occur correctly.
• Comment formatting: The keyboard shortcut (ctrl+Shift+F) now displays for applying JSON formatting in the Add Comments dialog box's tools popup. The NetSPI Platform guide was updated to include this information.
• Client Platform account access: Deactivated client accounts are now inaccessible to that client's user accounts immediately upon deactivation.

# Platform/PTaaS

• Finding details page: The Overview section of the Finding details page now shows only one Tags field instead of two.
• Dark/Light mode: Switching between dark and light mode in the Platform now functions correctly and doesn't require a page refresh.

# August 1, 2024 | V1.0.5.1

# Enhancements

# Platform/PTaaS

• Notifications for uploaded documents: Notifications for upload documents to new engagements will notify users of the new document even when those users are not assigned to the engagement and the engagement has not get begun.

# Bug fixes

# Platform/PTaaS

• Open Findings: The Open Findings card that displays at the top of the Findings page, was not filtered correctly to show open findings. Now, the Open Findings card displays findings with the correct filter applied (e.g., only findings "Not in" the following states "Remediated," "Accepted Risk," "User Remediated," and "Exception Granted" are excluded/filtered out when calculating all open findings.) The previous filter erroneously excluded findings in the states of "Final," "Ready for Retest," "Not Retested," "Not Remediated," and "Exception Requested" when calculating open findings.
• Documentation: The Help icon (?) now links to the most current product documentation and the View Release Notes button (About the NetSPI Platform -> View Release Notes button) correctly displays the most recent release notes.

# July 30, 2024 | V1.0.5

# Bug Fixes

# Platform

• Notifications: The email you receive when you reset your password from the login page now displays the correct message and includes a password reset link that is valid for one day.
• Notifications: Welcome emails are no longer sent to new users with new accounts that are configured to be inactive.

# Enhancements and New Features

# Platform

• Assets: The following social engineering assets have been added to the Assets page:

The documentation has been updated to include the new social engineering asset functionality.

• Notifications: The following new notifications have been added to the NetSPI Platform and will display to you by email or text (depending on your selected configuration):
  • Remediation Expiration notifies you when the remediation expiration date is within 45 days of the current date.
  • Finding Remediation Overdue notifies you when a finding remediation date is past due.
  • Finding Remediation Due notifies you when a finding remediation date is due.

# July 4, 2024 | V1.0.4.2

# Bug Fixes

# Platform

• Intellectual Property Rights (IPR): IPR reports generate correction when the Verification section includes images.
• Active checkbox: The Active checkbox no longer displays when you create a new user account as the account will be set to active by default.

# July 1, 2024 | V1.0.4.1

# Bug Fixes

# Platform

• NetSPI user accounts: A new NetSPI Platform user account that is created and set to inactive no longer allows that user to log in. Only active user accounts are able to log in.

# Enhancements and New Features

# PTaaS

• Engagement Details page: The Engagement Details page now displays engagement start and end dates for engagements that have not bene published in a kickoff. Engagements that do not have a formal kickoff, but do have a start and end date, also display on the Program Management dashboard on the All tab.

# June 24 2024 | V1.0.4

# Bug Fixes

# Platform

• New user emails: Fixed new user welcome and reset password emails.
• Findings Selecting the All Findings by Type dashboard correctly displays the findings table for the selected data.
• Engagements: The Engagements table displays a 0 when there are no engagements instead of a server error.
• API token generation: User and Admin roles can now correctly generate and delete API tokens.
• Reset password: The reset password message for Admin users displays as "Password reset email sent" instead of "Password reset successful".
• NetSPI logo: The NetSPI logo now displays in all email notifications sent by the NetSPI Platform.
• Assets: Asset types, identities, and host values were updated to include new values.

# PTaaS

• Email notification: The Show to Client reminder email now correctly displays only to NetSPI internal staff.
• NetSPI Platform version: The NetSPI Platform's Version Information page now displays the correct release version and the link to release notes displays the current notes.
• Help icon: Selecting the Help icon displays the NetSPI Platform documentation in a new browser tab instead of the same tab where it was selected.
• Engagements: Selecting the Due Actions Item column in the Engagements table, correctly sorts the table by that column's values instead of an error.
• Engagements: Selecting an engagement from the engagements table displays all engagement detail data.
• Engagements: The engagement table displays correctly after selecting the Engagement Type Category from the Engagement table's column selector.
• PTaaS settings: PTaaS settings display when you select the PTaaS Settings card on the Settings page instead of individual items on the main Settings page.
• Text corrections: Several typos were corrected on the Assets tab's cards on the Engagement details page.
• FIndings: The finding counts on the Finding Trend dashboard's Overall Findings Open and Overall Findings Remediated cards is now correctly counted.
• Admin Notifications: On the Admin Notification page, the "Mentions Only" text was removed from the setting "Comment Added, Mentions Only" so that it now reads as "Comment Added".
• Engagements: A server error no longer occurs when you select the Reports tab for an Engagement.

# Enhancements and New Features

# Platform

• Assets: File and File Share asset types have been added to the Assets table. Filter options to narrow tables results to specific File Share types include SMB, NFS, RSYNC, FTP, WEBDAV, S3, Azure Blob, GCP Bucket.

# June 11 2024 | V1.0.3.3

# Bug Fixes

• Reports: Fixed formatting and spacing of code blocks in reports.
• Findings: Finding templates are correctly created upon scanned data import even if CVE data is not available.

# June 6 2024 | V1.0.3.2

# Bug Fixes

• Login page: Fixed the login page Sign In button style to match NetSPI Platform button styling.
• Engagements: Fixed the Upcoming Engagements count on the Engagements page dashboard so the correct count displays.
• Assets: Added generic asset deduplication upon import.

# June 4 2024 | V1.0.3

# Enhancements and New Features

# Platform

• Details pages: Added auto-save functionality on details pages.
• Home page title: Adjusted home page title for better clarity.

# PTaaS

• OWASP chart: The OWASP 2016 Mobile Vulnerability Chart has been replaced with the OWASP 2024 Vulnerability Chart.

# Bug Fixes

# Platform

• Email notifications: NetSPI Platform email notifications now display the correct number of notifications.
• Navigation: The left navigation popup menu now correctly disappears when you select anywhere outside the menu.
• Assets page: The Export as CSV option now displays correctly from the Bulk Actions drop-down button.
• Engagements: Engagements display correctly on the home page.
• Home page: The home page correctly displays upon login.
• Assets: Related assets can no longer be deleted independently of each other.
• Login: First-time user login display issues were fixed.
• Password reset: Users can correctly log in multiple times after resetting their password.
• Reset password bugs: Several reset password email bugs were fixed.
• Login page display: The login page's text now aligns correctly with graphic.
• Forgot password: Password reset via the Forgot Password option on the login page was fixed.

# PTaaS

• Findings table columns: The following columns were added to the findings table:

  • Mitre Attack Tactic Name
  • DCT Log Level
  • Detection Level
  • DCT Block Level
  • DCT Alert Level
  • DCT Response Level

• Risk Overview dashboard: The Risk Overview dashboard now correctly displays the Industry Risk value.

• CVSS score in reports: CVSS score for V3 and V2 are now included in reports.

# May 28 2024 | V1.0.2.6

# Bug Fixes

• Engagement Reports (CVSS Score): The CVSS V3 Base Score is now included in NetSPI Platform engagement reports.
• Engagement Reports (Fonts): Fonts now display consistently in reports.

# May 24 2024 | V1.0.2.5

# Enhancements and New Features

• Program Management Dashboard: Engagements display in ascending order by start date (oldest first) in the cards on the Active tab, and in descending order (most recent engagement first) in the table on the All engagements tab.

# Bug Fixes

• Dark mode: When you configure the NetSPI Platform to be in Dark mode, that setting now persists when you log out and then log back in.

# May 21 2024 | V1.0.2.4

# Enhancements and New Features

• Settings - User Management: An "Authentication Type" column has been added to the Users table, providing more detailed information and better user management.

# Bug Fixes

• Export as CSV: Cloud assets can now correctly be exported as a CSV file.
• Authenticator App Message: The message displayed after selecting the Regenerate option for the Authenticator App no longer has a typo.
• Engagements Table: The Engagements table now loads correctly when the Kickoff Call Date column is selected.

# May 20 2024 | V1.0.2.3

# Enhancements and New Features

• Report Branding: Report and Kickoff Templates have been updated with NetSPI's branding, providing a consistent look for all reports.
• Finding Selection: You can now multi-select individual findings and apply bulk actions, such as changing severity, making edits, adding or removing tags, or exporting as a bulk CSV file.. Bug Fixes:Bug Fixes
• Finding Overrides: An internal server error that prevented finding overrides has been corrected.
• Finding Management: Several issues with the Assigned To feature for findings have been corrected ensuring assignment tracking is accurate.
• Asset Information: Copy Asset Information functionality has been corrected in the workspace context menu, streamlining asset management.
• Engagement Display (Home Page): An engagement sort order issue on the Home page has been resolved for better organization.
• Client Escalation: The Communication and Escalation Procedures section of the kickoff document now displays correctly when the report is downloaded.

# May 14 2024 | V1.0.2.2

# Bug Fixes

# Platform/PTaaS (Images)

• Finding Verification Page: Images are now visible and are correctly adjusted in reports.
• Engagement Comments: Images added now auto-scale and display correct.
• Images: Pasting images anywhere in the NetSPI Platform now display correctly.