New software index, with more detections

This week the new software index has moved to production. All older, decentralized data is being migrated or re-indexed and this might result in temporary issues like counts not matching in different overviews. By the end of the week all should be fine again. The data in today's weekly report is still based on the old indexes.

The new index allows for easier development of detection rules, more software detections, faster lookups and automatic false positive marking. That last one is very interesting. Under certain specific circumstances we can detect that the exposed software is actually a patched version for which the version number has not changed. If we see this, we'll automatically create a false positive entry for you and you can keep track of what is happening.

More supplier detections, more software detection rules

This week n bunch of new and improved detection rules have gone live, and more suppliers are detected. You can check out the suppliers yourself in the new suppliers index.

For now, it remains undocumented. When the software suppliers are added it's complete enough to be used, and it will be available as a report in the report library.

Sneak preview: supplier index

To better prepare and handle supply chain attacks, you first need to have a list of your suppliers. For any reasonably sized company, this can be quite a challenge. ShadowTrackr already has quite a lot of data on your hosting providers, software (including SaaS) providers, certificate issuers, domain registrars and more. All this information will now be gathered in a separate index named "suppliers". Not everything is in there yet, so it's not production ready. But, if you are interested, you can have a sneak peak with this query:

index=suppliers