Updates and new features
Purplemet Cloud 1.26.0 is now available! This new version features several updates and enhancements compared to the previous version, as described hereafter.
Collection of domain information via RDAP
A large amount of domain-related information is now collected during the domain discovery phase:
- The domain registrar
- The domain registration date
- The domain expiration date
- The date of the last domain information update
- The registration statuses provided by the registrar
- The name servers for the domain
This information is retrieved via the RDAP server that manages the TLD (Top-Level Domain) of the domain.
Adding this data makes Purplemet a valuable tool for monitoring clients' domains, as it allows them to verify the registrar used and the expiry date, ensuring they maintain control over their domain.
Note #1: Not all TLDs, notably .io, have a dedicated RDAP server. Therefore, this information is not available for all domains.
Note #2: This feature requires a new "Domain discovery" to be launched at the domain level.
Retrieval of Domain DNS Records
Domain discovery now retrieves the list of published DNS records for the analysed domain, eliminating the need for credentials from the registrar managing the zone file. All DNS record types are supported, and each entry is presented in detail:
- A breakdown of the entry to clarify values
- The list of RFCs defining the entry
- An explanatory section on the entry and its usage
These entries can be exported like all platform data lists, especially in a “zone file” format commonly used by registrars.
Note: This feature requires a new "Domain discovery" to be launched at the domain level.
A new DNS Records column is available to let users know how many DNS entries have been retrieved for each domain.
Any detected change in DNS entries results in a Change entry in the list.
Once DNS entries have been collected for a domain, the Download Zone File option appears on the domain details page, allowing you to download all the entries as if they were defined in a zone file.
CAA Policy Implementation Check
A CAA (CertificationAuthority Authorization) DNS record enables domain owners to specify which certificate authorities (CAs) are authorised to issue SSL/TLS certificates for their domain, thereby enhancing security.
Purplemet now allows users to monitor the implementation of CAA policies across all their domains. A new CAA column has been added to indicate whether the policy has been set and whether there are any errors or suggestions.
The domain details page contains a new section called CAA - Certificate Authority Authorization, which provides more information on this policy, including its purpose, the relevant RFCs and the implemented DNS records.
Note: This feature requires a new "Domain discovery" to be launched at the domain level.
DNSSEC Implementation Check
DNSSEC (Domain Name System Security Extensions) is a security protocol which adds a verification layer in the form of cryptographic signatures to DNS responses, ensuring their authenticity and integrity.
With a new DNSSEC column showing whether it is active or if any errors or suggestions are present, Purplemet now enables users to check the DNSSEC status for each domain.
The domain details page contains a new section called DNSSEC (Domain Name System Security Extensions), which provides further information on the purpose of the mechanism, the RFCs and the DNS records.
Note: This feature requires a new "Domain discovery" to be launched at the domain level.
SPF Policy Implementation Check
SPF (Sender Policy Framework) is a DNS-based mechanism that enables domain owners to specify which IP addresses or servers are authorised to send emails on behalf of the domain, thereby combatting spoofing and spam.
Purplemet now allows users to monitor the implementation of SPF policies with a new SPF column that indicates whether the policy has been set, as well as any associated errors or suggestions.
The domain details page includes an SPF (Sender Policy Framework) section, which explains its purpose and the RFCs and the DNS records.
Note: This feature requires a new "Domain discovery" to be launched at the domain level.
DMARC Policy Implementation Check
DMARC is a DNS-defined email security policy that enables domain owners to specify how to handle emails that fail SPF or DKIM checks, as well as how to handle fraud reports.
Purplemet now enables users to monitor the implementation of their DMARC policies with a new DMARC column that shows whether the policy has been set and any related errors or suggestions.
The domain details page includes a section on DMARC (Domain-based Message Authentication, Reporting and Conformance), which describes its function, the RFCs and the DNS records.
Note: This feature requires a new "Domain discovery" to be launched at the domain level.
Asset Geolocation
The IP address location, expressed in terms of latitude and longitude, can now be found on the IP address and hosted web application detail pages. A world map is also displayed for a visual representation.
Domain Dashboard
The Domains section now provides a dedicated dashboard summarizing key domain information:
- Total number of active domains, grouped by last discovery status
- The next 10 domains to expire
- The 10 most recently registered domains
- The top 10 registrars used
- Status of security protocol implementations: CAA, DNSSEC, SPF, DMARC
The Domains navigation menu has been updated to access different domain-related sections:
- Dashboard – Default section
- Inventory – Domain list
- Deleted Domains – List of removed domains
- Documentation – External link to domain documentation
Certificate Dashboard
The Certificates section now provides a dashboard summarizing key certificate data:
- Total number of certificates by status: Active, Expired, Revoked
- Top 10 upcoming expirations
- Last 10 expired certificates
- Top 10 certificate authorities (issuers)
- Distribution by type: single-domain, multi-domain, wildcard
- Distribution by lifespan, SANs (Subject Alternative Names), signature algorithm, encryption key
IP Address Dashboard
The IP Addresses section provides a dashboard summarizing IP address data:
- Total IPs by threat level
- Last 10 discovered IPs
- Distribution by hosted web apps
- Top 10 countries, ISPs, and ASes (Autonomous Systems)
Domain Reports
Users can now generate security reports for domains including:
- Domain summary
- Registrar info
- Name server list
- DNS record type distribution
- Summary of associated web apps
- Detailed web app list with technologies and issues
Report actions are available on the domain list and detail pages.
Certificate Reports
Users can now generate reports for certificates including:
- Main certificate information
- Supported domain names
- Identified issues
- Web app summary and details
Report actions are available on the certificate list and detail pages.
IP Address Reports
Users can now generate reports for IP addresses including:
- Main info, ISP, and AS
- Threat level overview
- Hosted web app summary and details
Report actions are available on the IP list and detail pages.
Tag Reports
Users can now generate security reports on web apps by tags, including:
- Tags with associated web app lists
- Web apps within each tag with technologies and issues
Report actions are available on the tag list and detail pages.
Default User Account Configuration Options
A new feature allows administrators to define default settings for all newly created user accounts. These settings are available under the "Subscription" page.
These values apply when a user account is created, but users can still change them in their profile.
The Notifications and Preferences tabs are now consolidated into a single Subscription Settings tab.
Additional Updates
- Verify the existence of the domain before launching discovery.
- New sections dedicated to deleted assets.
- Automatic deletion of assets (web apps and domains) after a warning period.
- New changes created when the severity of an issue is updated.
- Backporting information is now included in reports.
