Isora v1.
...
1
May 10, 2024
API Updates
The /api/documentation
endpoint now offers new fields and filtering options that provide additional details about the documentation and allow you to filter the documentation by inventory types and records:
...
New fields:
TBD
Filtering options:
...
Bug Fixes & Improvements:
NEW Third-Parties Enhancements are now launched in the New UI:
NEW and improved Third-Parties View
Nested Table: Manage third-party vendors, their products, and associated deployments within their organization.
Search Functionality:
Search by Vendor and Product name in the search bar.
"Mine" Filter
Description: View deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user.
Access: See the profile icon on the top right.
API Endpoint: api/orgs/all?mine=true
Assessments Sidebar
Function: View all assessments related to the Vendor Product within a dedicated tab.
Vendor Details Sidebar:
Create and Delete Vendor
Create Vendor: Added a “Create Vendor” button.
Delete Vendor: Enabled the ability to delete a Vendor.
Product Details Sidebar:
Create and Delete: Enabled the ability to create and delete a Vendor Product in the sidebar.
API Endpoint: api/documentation endpoint enabled in the Vendor Product sidebar.
Deployment Details Enhancements
Deployment Details sidebar
Function: Displays editable fields from the api/vendorproductdeployments endpoint.
Can now delete a Deployment.
Can view the Contacts tab.
Column Management: Enabled the ability to show/hide columns.
Vendor Product and Deployment Table View
Overview: Provides an overall view of important details about the Vendor Product/Deployment in a table format.
Add Deployment: Enabled the ability to add a new Deployment in the Vendor Product sidebar.
Risk Register CSV upload.
There was a bug with the Risk Register CSV upload, but it now correctly creates a new risk register entry with the existing Risk Category and Risk (from Settings).
We added support for Hidden Attributes in the Risk Register settings:
Hidden Attributes options you can choose to keep hidden:
'Inherent_impact',
'Inherent_likelihood',
'Inherent_score',
'Target_impact',
'Target_likelihood',
'Target_score',
'Target_mitigation_control',
'Notes'
We enabled the ability to edit these Risk Register field labels:
Inherent Impact
Inherent Likelihood
Current Impact
Current Likelihood
Target Impact
Target Likelihood
Notes
Target Mitigation Control
Current Mitigation Control
API Updates:
api/vendors: Added Vendor Hierarchy filters:
Deploying unit
/api/vendors?deployed_org_name=<org_name>
/api/vendors?deployed_org_code=<org_code>
Owning unit(s)
/api/vendors?deployed_owners_orgs_code=<org_code>
/api/vendors?deployed_owners_orgs_name=<org_name>
Owning user(s)
/api/vendors?deployed_owners_people_username=<username>
api/vendorproducts: Added ‘most_recent_score’ field to api/vendorproducts endpoint.
This field calculates the most recent score from the report data associated with the Vendor Product instance.
api/riskscores: Added ‘assigned_users’ and ‘assigned_users_info.’ Both are saved in a list.
‘assigned_users’: [‘username’]
‘assigned_users_info’: [
"username": "username",
"first_name": "first_name",
"last_name": "last_name",
"email": "user_email"
]
api/orgs/all: Enabled a “mine” filter option that allows you to view deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user.
api/orgs/all?mine=true
api/apps: Added filtering options:
api/apps?last_assessed_date_gt=<YYYY-MM-DD>
api/apps?last_assessed_date_lt=<YYYY-MM-DD>
api/apps?deployed=<true/false>
Isora v1.0.4
April 12, 2024
API Updates
The
/api/documentation
endpoint now offers new fields and filtering options that provide additional details about the documentation and allow you to filter the documentation by inventory types and records:New fields:
‘name’
‘description’
‘uploaded_at’
‘uploaded_by_info’ : {
‘username’
‘firstname’
‘lastname’
‘email’
}
‘Expiration’
links.download_URL
Filtering options:
/api/documentation?survey_id=<survey_uuid>
/api/documentation?surveys_product_id=<vendorproduct_uuid>
/api/documentation?surveys_app_id=<app_uuid>
/api/documentation?exceptionrequest_id=<exceptionrequest_uuid>
/api/documentation?app_id=<app_uuid>
/api/documentation?product_id=<product_uuid>
/api/documentation?host_id=<host_uuid>
We’ve upgraded the
/api/config
to allow customization of/api/riskscores
fieldsFor those utilizing the
/api/riskscores
, we've introduced qualitative labels like Insignificant, Minor, Moderate, Major, and Severe, alongside the existing integer values for 'inherent' and 'likelihood' fields. Yes, you can edit these labels too!We added a new
deployment
field to/api/assessments
which will enable the ability to track third-party vendor assessments against vendor deployments and associate attester contacts to the specific deployments (coming in then next version).
Bug Fixes & Improvements
Fixed a bug where users weren't redirected correctly after logging out. Now, you'll land exactly where you're supposed to.
Fixed a bug where pagination for the third-party vendor table in the assessment wizard was not working.
...