Page Comparison

Isora v1.

...

1

May 10, 2024

API Updates

The /api/documentation endpoint now offers new fields and filtering options that provide additional details about the documentation and allow you to filter the documentation by inventory types and records:

...

New fields:

1. TBD

Filtering options:

...

Bug Fixes & Improvements:

1. NEW Third-Parties Enhancements are now launched in the New UI:

   1. NEW and improved Third-Parties View

      1. Nested Table: Manage third-party vendors, their products, and associated deployments within their organization. 

   2. Search Functionality: 

      1. Search by Vendor and Product name in the search bar. 

   3. "Mine" Filter 

      1. Description: View deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user. 

      2. Access: See the profile icon on the top right. 

      3. API Endpoint: api/orgs/all?mine=true 

   4. Assessments Sidebar

      1. Function: View all assessments related to the Vendor Product within a dedicated tab. 

   5. Vendor Details Sidebar: 

      1. Create and Delete Vendor 

         1. Create Vendor: Added a “Create Vendor” button. 

         2. Delete Vendor: Enabled the ability to delete a Vendor. 

   6. Product Details Sidebar:

      1. Create and Delete: Enabled the ability to create and delete a Vendor Product in the sidebar. 

      2. API Endpoint: api/documentation endpoint enabled in the Vendor Product sidebar. 

   7. Deployment Details Enhancements

      1. Deployment Details sidebar

         1. Function: Displays editable fields from the api/vendorproductdeployments endpoint. 

         2. Can now delete a Deployment.

         3. Can view the Contacts tab.

         4. Column Management: Enabled the ability to show/hide columns.

   8. Vendor Product and Deployment Table View 

      1. Overview: Provides an overall view of important details about the Vendor Product/Deployment in a table format.

      2. Add Deployment: Enabled the ability to add a new Deployment in the Vendor Product sidebar. 

2. Risk Register CSV upload.

   1. There was a bug with the Risk Register CSV upload, but it now correctly creates a new risk register entry with the existing Risk Category and Risk (from Settings). 

3. We added support for Hidden Attributes in the Risk Register settings:

   1. Hidden Attributes options you can choose to keep hidden:

      1. 'Inherent_impact',

      2. 'Inherent_likelihood',

      3. 'Inherent_score',

      4. 'Target_impact',

      5. 'Target_likelihood',

      6. 'Target_score',

      7. 'Target_mitigation_control',

      8. 'Notes'

4. We enabled the ability to edit these Risk Register field labels:

   1. Inherent Impact

   2. Inherent Likelihood 

   3. Current Impact 

   4. Current Likelihood 

   5. Target Impact 

   6. Target Likelihood 

   7. Notes 

   8. Target Mitigation Control 

   9. Current Mitigation Control

API Updates:

1. api/vendors: Added Vendor Hierarchy filters:

   1. Deploying unit

      1. /api/vendors?deployed_org_name=<org_name>

      2. /api/vendors?deployed_org_code=<org_code>

   2. Owning unit(s)

      1. /api/vendors?deployed_owners_orgs_code=<org_code>

      2. /api/vendors?deployed_owners_orgs_name=<org_name>

   3. Owning user(s) 

      1. /api/vendors?deployed_owners_people_username=<username>

2. api/vendorproducts: Added ‘most_recent_score’ field to api/vendorproducts endpoint.

   1. This field calculates the most recent score from the report data associated with the Vendor Product instance.

3. api/riskscores: Added ‘assigned_users’ and ‘assigned_users_info.’ Both are saved in a list.

   1. ‘assigned_users’: [‘username’]

   2. ‘assigned_users_info’: [

"username": "username", 

"first_name": "first_name", 

"last_name": "last_name", 

"email": "user_email"

]

4. api/orgs/all: Enabled a “mine” filter option that allows you to view deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user. 

   1. api/orgs/all?mine=true

5. api/apps: Added filtering options:

   1. api/apps?last_assessed_date_gt=<YYYY-MM-DD>

   2. api/apps?last_assessed_date_lt=<YYYY-MM-DD>

   3. api/apps?deployed=<true/false>

Isora v1.0.4

April 12, 2024

API Updates

1. The /api/documentation endpoint now offers new fields and filtering options that provide additional details about the documentation and allow you to filter the documentation by inventory types and records:

   1. New fields:

      1. ‘name’

      2. ‘description’

      3. ‘uploaded_at’

      4. ‘uploaded_by_info’ : {

      ‘username’

      ‘firstname’

      ‘lastname’

      ‘email’

      }

      5. ‘Expiration’

      6. links.download_URL

   2. Filtering options:

      1. /api/documentation?survey_id=<survey_uuid>

      2. /api/documentation?surveys_product_id=<vendorproduct_uuid>

      3. /api/documentation?surveys_app_id=<app_uuid>

      4. /api/documentation?exceptionrequest_id=<exceptionrequest_uuid>

      5. /api/documentation?app_id=<app_uuid>

      6. /api/documentation?product_id=<product_uuid>

      7. /api/documentation?host_id=<host_uuid>

2. We’ve upgraded the /api/config to allow customization of /api/riskscores fields

3. For those utilizing the /api/riskscores, we've introduced qualitative labels like Insignificant, Minor, Moderate, Major, and Severe, alongside the existing integer values for 'inherent' and 'likelihood' fields. Yes, you can edit these labels too!

4. We added a new deployment field to /api/assessments which will enable the ability to track third-party vendor assessments against vendor deployments and associate attester contacts to the specific deployments (coming in then next version).

Bug Fixes & Improvements

• Fixed a bug where users weren't redirected correctly after logging out. Now, you'll land exactly where you're supposed to.

• Fixed a bug where pagination for the third-party vendor table in the assessment wizard was not working.

...