New: Supplier Dependency Report

ShadowTrackr has been gathering supplier information for your assets for while now, and we've been expanding that. For each supplier, we now track where the corporate seat is and if it is Sovereign European (focused on having EU only dependencies), Fully European (no outside EU control), a European Subsidiary (non-European controlling party), or Non-European.

Given the current drive in Europe to achieve more independence from Non-European countries, the new Supplier Dependency Report might be of help. It shows a worldmap with the countries where the suppliers of your assets, and allows you to drill down on details.

Here are some example queries to see results for your organization:

$supplier_dependency_report country="united states"

$supplier_dependency_report control="Non-European" 
    or "European subsidiary"

Set Custom IDs for assets

If you have an internal asset management system or CMDB that has its own IDs, you can now add those as custom IDs to ShadowTrackr through the API. The IDs will come back with API results and can be used to select in queries. If set they are also shown in the GUI (but you cannot set them there at the moment). A custom_id does not have to be unique. You can have a single ID for multiple ip addresses or urls.

Automatic False Positive detection update

The TLS and SSL tests come up with quite a lot of results for some older vulnerabilities. These might be a thing for legacy systems, but are almost always fixed in modern systems. That does not always show on the outside and clogs up the vulnerability overviews. You can of course mark them as false positives, but since there can be quick a lot we changed the default. The following vulnerabilities are now by default marked as false positive: CVE-2011-3389, CVE-2013-0169, CVE-2013-3587, CVE-2014-0224.