Release Notes

Open Raven Platform Release: Driving Downstream Actions Through Tagging, APIs, Integrations, And Dynamic Asset Group Scanning

Hamilton Yang
Director, Product Management
September 2, 2022

Our August releases focused on automation and remediation in support of operationalizing data security. We tackled this in two ways. The first drives downstream actions – asset tagging, data exploration through APIs, and ticket creation. The second enables scheduled scans to dynamically target new assets introduced after the previous scan. Let's dive into the details.

Driving Downstream Actions 

Once you've identified your data footprint, the natural question is, what next? We’re proud to announce a few additions that make it easier to follow up on data findings.

Tagging: Driving Workflows in AWS

Here’s an example: Open Raven data scanning identified PII residing in S3 buckets related to a defunct application. After checking with the application owner, it’s clear the buckets were left behind by accident, and it would be prudent to delete them entirely for security and cost reasons. 

Users can now do just that from our Data Catalog page using the newly released tagging feature. You can use filters on the Data Findings page and apply the tags to one or multiple objects. Once a tag is applied, it will be visible in both Open Raven and AWS. Continuing the example, the application owner can search for S3 buckets with the tag set by the Open Raven user and delete it from their AWS console.

Applying a tag to multiple S3 buckets
Tag addition confirmation window
Asset tags shown in the asset detail view

Explore Data Findings With APIs 

Automation through APIs is a key force multiplier for security teams. It enables proactive discovery of potential security issues, reduces response time, and enables organizations to stay on top of existing and emerging risks. In August, we released critical tools allowing security teams to programmatically manage their data security operations. First, our Data Catalog API enables users to explore the data that Open Raven has found in their environment. Then, our ScanFinding API enables our users to extract details about individual findings. Combined with regularly scheduled dynamic asset group scans (also newly released in August - scroll down to see more), these two APIs equip Open Raven users to continuously and programmatically gain visibility into their data landscape.

JIRA Integration is GA

Having put our JIRA integration through its paces during the Beta period, it's now generally available. With JIRA integration enabled, users can add a 1-click escalation to "Create a JIRA Issue," saving valuable time. JIRA Issues populate with all the rich data context collected during asset mapping and data scanning—even down to censored previews of data findings. This integration streamlines response by taking the manual effort out of ticket creation and escalation.

Creating a Jira ticket in the violation details window

Stay On Top of New Assets With Dynamic Asset Group Scanning and Scanning UI Improvements

Want Open Raven to perform a data scan on all S3 storage belonging to a particular account on a weekly basis? With Dynamic Asset Group Scanning, you can now set up recurring scans for a dynamic asset group, and every subsequent scan of that same asset group will pick up and scan any new assets introduced after the last scan run.

To utilize Dynamic Asset Group Scanning, you only need to do two things: first, create a dynamic asset group with filters, and second, launch a scan from the asset group. You’ll know that you’ve successfully created a dynamic asset group scan when you don’t see an option to deselect individual assets; to adjust this dynamic scan, you will have to adjust it at the asset group.

Example of a scan configured to use a dynamic asset group

Previously, upon starting a data scan, it would take a dynamic asset group, determine what assets were in scope, and then create a static list of assets to scan. Because the list of assets was static, additional runs of the same scan would not pick up any new assets added to that group, making it difficult for Open Raven users to keep up with new assets introduced in their targeted list.

Users can still scan a static list of hosts by utilizing checkboxes to individually select assets they would like to scan. Below is an example of a scan targeting a static asset list.

Configuring a scan to target a static asset list.

Bug Fixes & Enhancements

  • Resolved an issue involving intermittent availability of AWS organization or user information
  • Reduced the load time on the Data Scans page
  • Corrected email notifications when a scan exceeded its set budget
Don't miss a post

Get stories about data and cloud security, straight to your inbox.