Back to blog
Release
7 minutes read

Purplemet Cloud 1.22.0 New Features

Purplemet Product

July 1, 2024

Updates and new features

Purplemet Cloud 1.22.0 is now available! This new version features several updates and enhancements compared to the previous version, as described hereafter.

IP addresses

A new IP Addresses section gives users access to all IP addresses hosting or having hosted web applications monitored by the Purplemet platform. Geolocation information such as country, ASN and associated organization is available for each IP address, as well as direct acces to the web applications currently hosted on this IP address.

Purplemet Cloud IP Addresses

Detailed issue page

It is now possible to view the details of each vulnerability reported by the platform on a dedicated page, where all the information consolidated from the various data sources used by Purplemet to build its knowledge base is brought together. The following information is available:

  • The CVSS score used to define the severity of the flaw, as well as the alternative CVSS scores published by the various data sources.
  • EPSS, CISA KEV and CWE information.
  • All references mentioning the flaw.
  • Information on the impact, remediation and mitigation of the flaw.
  • A list of links mentioning this flaw, compiled from all data sources.

Purplemet Cloud Detailed Issue Page

Extented CVE coverage for WordPress core and plugins

In response to NIST's problem of managing the growing number of CVEs to be analyzed, Purplemet took the initiative and enriched its vulnerability detection database by consolidating additional data sources, such as Wordfence. Over 17,000 CVEs were thus enriched, with 5,000 additional CVEs added to the database. The additional information provided by Wordfence is also integrated into the new issue details page.

CVE database enhancement with GitHub Security Advisory

In response to NIST's problem of managing the growing number of CVEs to be analyzed, Purplemet took the initiative and enriched its vulnerability detection database by consolidating additional data sources, such as the GitHub Security Advisory (GHSA). Nearly 20,000 CVEs have thus been enriched, with an additional 5,000 CVEs added to the database. The additional information provided by GHSA is integrated into the new issue details page.

Backporting information

Backporting is commonly used in certain distributions to apply security patches without changing the version of the component. It is therefore important to know which technologies can use this type of patching in order to know whether the vulnerabilities reported by Purplemet for these technologies might not be fixed by backporting.

In this new release, Purplemet highlights the technologies that can use backporting, either directly from the main list of technologies or by viewing the list of technologies for a web application. An explanatory section is provided within the technology detail page, including a link to the vendor's page explaining the technique used.

Purplemet Cloud Backporting Information

Purplemet Cloud Backporting Information

Technology detection information

The technology details page provides more information on the method used to detect the technology.

Purplemet Cloud Ttechnology Detection Information

Technology version datalist CVE column enhancement

The CVE column now provides a tooltip displaying the distribution of CVEs by severity. This makes easy to compare each version currently used in your perimeter for a given technology.

Purplemet Cloud CVE Column Enhancement in Technology Version List

New widget action menu

Each widget provides a menu for downloading results in CSV format or PNG for graphs. In addition, a new View All action is available for all widgets, giving access to the corresponding list of data.

Purplemet Cloud User Action Menu

Critical issue notification

A new notification is available to alert users to the discovery of a critical vulnerability in the web applications associated with their perimeter. This notification is sent for any HIGH or CRITICAL vulnerability with an EPSS score greater than 90% that has been identified by CISA KEV as being exploitable on the web.

Purplemet Cloud Critical Issue Notification

This notification is enabled by default for all users and can be controlled by the user via the Critical Notifications option in their profile.

Purplemet Cloud Critical Issue Notification

Certificate notification

New notifications are sent for certificates used by web applications covered by Purplemet, to keep track of changes in web applications, but also to prevent problems with web applications when certificates expire.

A notification is sent one month before a certificate expires if it is still being used by at least one web application, with a reminder one week and then the day before the certificate expires. This email is sent to all users whose perimeter includes at least one of the web applications using this certificate. A final notification is sent when the certificate expires.

Purplemet Cloud Certificate Notification

These new notifications are enabled by default for each user. This option can be disabled in the user profile via the Certificate Notifications option.

Purplemet Cloud Certificate Notification

New certificate changes

To identify any changes to the certificates used by web applications, new entries are added to the Changes list to indicate when a new certificate has been deployed to a web application or when a certificate has expired.

Detailed notification

It is now possible to enrich the content of emails sent for changes in the web applications analyzed, providing each type of change identified and the number of vulnerabilities identified.

Purplemet Cloud Detailed Notification

This option is enabled by default for all subscriptions and can be controlled by the customer via the Include details in notification emails option in the Subscription section.

Purplemet Cloud Detailed Notification

API updates

  • Technologies - New endOfLifeScope property to specify if the end of life date is for the specific version or the whole branch
  • Technologies - New detection property to provide details on how the technology has been detected
  • Technologies - New fullVersion property to provide long format version of the technology, when available
  • Technologies - New backportPossibility, backportInformation and backportReferenceUrl properties for technologies subject to backporting
  • Changes - New output property to provide human-readable output to describe the change that occurred
  • Changes - New details property to provide additional information on the detected change
  • Users - POST /user/{userId}/tag/{tagId} - New API method to add a tag to a user
  • Users - POST /user/{userId}/tag - New API method to add tags to a user
  • Users - DELETE /user/{userId}/tag/{tagId} - New API method to remove a tag from a user
  • Users - DELETE /user/{userId}/tag - New API method to remove tags from a user
  • Users - New enableCriticatNotifications and enableCertificateNotifications properties
  • Issues - GET /issue - Add technology.category property in response
  • Issues - GET /issue/{issueId} - Add technology.category property in response
  • Web Applications - GET /site/{siteId}/issue - Add technology.category property in response
  • Web Applications - GET /site/{siteId}/issue/{issueId} - Add technology.category property in response
  • Web Applications - GET /site/{siteId}/analysis/{analysisId}/issue - Add technology.category property in response
  • Web Applications - GET /site/{siteId}/analysis/{analysisId}/issue/{issueId} - Add technology.category property in response
  • Platform - GET /platform/probes - API to publish the list of Purplemet probes used to perform analyses
  • General - Error schema - New details object field available in error responses

Additional updates

  • The certificate currently used by a web application is now included in web application details page.
  • New certificate issuer and validity period columns.
  • New positioning of the confirmation window.

Up Next