In Beta: RPKI checks in internet standards report

The internet standards report has been in ShadowTrackr for quite some time, but so far the RPKI checks where skipped. They are now implemented and rolled out over all assets to verify if this new update works properly.

On most assets, it does. Sometimes multiple overlapping prefixes are found, with one of them resulting in an "invalid length" problem. These will be filtered out in the coming week.

The Internet standard report is by default enabled for all domains. You can add specific urls or subdomains if you want: Go to the url page and click "add to internet standards report" in the action menu (the three dots) in the upper right corner.

Sorted vulnerabilities and certificate scans

The vulnerabilities reports and the vulnerabilities overview in the GUI are better ordered now. The goal is that you can immediately see which software you should update first to reduce your risk. Last week the order changed so that the software is in the first column and the assets that run that software are second. This week the sort order changed so that the software with the worst vulnerabilities (in score and number) is now on top. The vulnerabilities per line are also ordered with the worst at the front. This should better enable you to prioritize actions.

Another update is in the way the certificates are scanned. Some edge cases were not handled properly. They are now.

Mark detected CVEs as false positive

The current update provides an option to mark a CVE as a false positive. Sometimes your vendor issues a patch that fixes the security problem but does not change the version number. This is known to happen with OpenSSH in some LTS linux distros. Up until now, if this happened to you, you were stuck with a CVE in your reports that should not be there.

Since the last update, you can go to the asset page, click the CVE, and mark it as a false positive in the dialog that pops up. You can also add a reason why it's a false positive (which is a good idea, you really should do this).

The menu on the left hand side now has a "Vulnerabilities" item. It has a submenu with your current vulnerabilities, an overview of all new vulnerabilities known in ShadowTrackr, a list of your false positives, and and overview of al CISA's Known Exploited Vulnerabilities (KEV). You can delete false positives from the overview in this submenu.

This is the first step in improving the vulnerabilities overview. The goal is to provide you a better overview of where your risks are and what your next steps should be. There are more improvements in the pipeline.