[CORE] Multi-domain SSO
Key changes
Single Sign-On (SSO) aims to simplify login across several applications within a company by allowing users to connect with a single password. Organisations can now configure multiple domains directly within their Business Unit (BU).
Impact
Organisations can now easily manage access to a BU for multiple entities/domain names.
Audience
Business Unit Owners (BUO) and Managers (BUM)
Usage
ℹ️ Organisations cannot have multiple SSO configurations with the same domain name.
⚠️ An SSO configuration does not replace an invitation to a BU or a program. Invite your team members to grant them access to the BU or programs.
Go to the “Admin Panel”
Click on “SSO” in the left-side menu
Click on “Add a configuration”
Enter the “domain”
Click on “Add”
A new window will open to complete the configuration
Your configuration now appears in the list
Click “Add a configuration” to set up a new SSO for another domain
ℹ️ Learn more about Single Sign-On (SSO) configuration here.
⬆️[CORE] Management of all email notifications with a single click
Key changes
From User Settings, users of the YesWeHack platform can now activate or deactivate email notifications with a single click. They can always configure each type of notification individually.
Impact
Organisations can now select, in a granular way, which types of emails they want to receive to avoid unnecessary notifications.
Audience
All YesWeHack users
Usage
Click on “User settings” in the dropdown menu
Select “Notifications”
Click the toggle button to enable or disable email notifications
⬆️[CORE] Report activity notifications
Key changes
Organisations can now select which types of report activity alerts they want to receive: Status updates, metadata updates, comments and trackers.
ℹ️ In-app notifications are enabled by default and cannot be disabled.
Impact
Organisations can now customise which report activity notifications they receive, helping to reduce unnecessary messages.
Audience
All YesWeHack users
Usage
Go to the dropdown menu
Click on “User settings”
Click on “Notifications”
Click on “Advanced report activity” in the Report Activity section
Configure your notification preferences
⬆️[ANPT] Overview now focuses on Hosts
Key changes
The key metrics available in the Overview tab have been improved to focus on hosts:
The metrics and table now count and list hosts;
The program coverage in the Overview now counts covered hosts (not services, technologies, duplicate assets, etc.);
The 90-day host evolution has been removed to avoid misunderstandings.
Impact
Organisations can now better understand key metrics of their attack surface.
Audience
All Autonomous Pentest users
Usage
Go to the Attack Surface tab
Click on “Overview” from the left-side menu to access the key metrics
[ANPT] New Top 10 Hosts table
Key changes
The goal of this table is to alert organisations on hosts with Accepted vulnerability reports that still need to be fixed.
Note: Their priority is based on asset value, CVSS score, and exploitability.
ℹ️ The table only includes accepted vulnerability reports.
Impact
Organisations can now quickly identify and prioritise high-risk hosts in their remediation process.
Audience
All Autonomous Pentest users
Usage
Go to the Attack Surface tab
Click on “Overview” from the left-side menu
The “Top 10 hosts” table now displays the 10 hosts with the most critical vulnerabilities.
ℹ️ Notes:
The most critical vulnerability corresponds to the most critical accepted report of the Host according to its priority.
The table can mix hosts from different BUs according to the BU filter.
Available buttons
View report: Open the vulnerability report
Go to Host: Open the Host page
Add new primary asset: Add this host as a primary asset
View in Vulnerability Center: Access reports sorted by priority
ℹ️ Note: If the user doesn’t have any report on any hosts, an empty state will be displayed
⬆️[ANPT] Filter Hosts and Technologies by End-of-Life statuses
Key changes
A new “Version support” filter is now available in the Hosts and Technologies pages to help organisations prioritise vulnerabilities on technologies that are no longer supported or nearing end of support.
Audience
All Autonomous pentest users
Usage
Go to the “Attack Surface” tab
Click on “Technologies” in the left-side menu
Select a technology
A new “Version support” filter is now available
Select the different options to filter the instances list
ℹ️ This filter is also available in the Hosts tab: “Hosts > Add filter > Techno.version”
⬆️[ANPT] Visibility of detected technologies referenced in KEV in the Hosts list
Key changes
New information about vulnerable technologies are now displayed in the Risks column of the Hosts list, to help organisations identify technologies with or without KEV.
Impact
Organisations can now quickly identify vulnerable technologies with KEV on their hosts and prioritize their remediation.
Audience
All Autonomous pentest users
Usage
Go to the “Attack Surface” tab
Click on “Hosts” in the left-side menu
In the Hosts list, find new information about vulnerable technologies (ie. with or without KEV) in the Risks column
Icons glossary
Orange icon: no techno with KEV
Red icon: at least one techno with KEV
[ANPT] Hosts tab: A new icon displays open reports
Key changes
A new icon in the Risk column of the Hosts list shows the number of reports and their priority for each host. This icon is also available on each host page.
Impact
Organisations can now see which hosts have open reports and their priority at a glance, simplifying vulnerability report management.
Audience
All Autonomous Pentest customers
Usage
Go to the “Attack surface” tab
Click on “Hosts” in the left-side menu
Find a new icon related to open reports on hosts in the “Risk” column
Hover over the icon to see the breakdown of reports by priority
When opening an host page, this new icon is displayed in the top-right corner:
[ANPT] Detection log in the report description
Key changes
Organisations can now download detection logs for a detected issue directly from the vulnerability report.
Impact
By downloading this file, organisations can reproduce detected issues, helping them better understand vulnerabilities and support remediation.
Audience
All Autonomous Pentest customers
Usage
Go to the “Vulnerability Center”
Open a vulnerability report related to a detected issue
Click on “Download detection logs” to download a .Json file
The file is downloaded to your computer’s Downloads folder
⬆️[BUG TRACKER] Vulnerability reports in PDF
Key changes
When creating a new Jira configuration, organisations can now choose to receive the vulnerability reports in PDF.
Audience
All organisations using the YWHxBT solution (Jira)
Usage
This feature is only available on Jira configurations.
To receive your vulnerability reports in PDF, check the “Report in PDF” box when creating a new configuration
On your Jira Ticket, the description is replaced by a link to the PDF file
[MISC]
[CORE] [ORGANISATION] - The Metadata Completion feature is now configured to “auto” by default for new users of the platform. Learn more about “Metadata suggestions” here.
[CORE] The Notifications configuration panel, previously visible in the Admin Panel > Attack Surface, has been renamed to “Email Settings” and removed from the Attack Surface tab.
[PTM] Auto-closed status reports have been removed from the Audit Report.
[ANPT] The coverage has been removed from the “Primary Assets” tab and is now only displayed in the Hosts tab to help users better understand this figure. Note: Currently, the coverage percentage of each primary asset is collected from its Hosts.
[ANPT] Previously, created reports from Autonomous Pentest have been retroactively updated to include a filled-in Host field.
[HUNTER] In the Hacktivity tab, a new closed status now appears in the status column. It refers to Duplicate, Not applicable, Invalid, Out of scope, Spam, RTFS, Won’t fix, Informative and Auto-closed reports.
[HUNTER] Hacktivity tab: the design of the status column in the reports list has been changed.