Updates and new features
Purplemet Cloud 1.32.0 is now available! This new version features several updates and enhancements compared to the previous version, as described hereafter.
Licenses – New License System
This version introduces a new license system structured around packages, designed to improve readability, predictability, and usage flexibility, while fully preserving the continuity of the existing subscription.
Continuity and No Impact
This change does not affect any ongoing commitments:
- The subscribed license volumes remain unchanged.
- Licenses that have already been consumed keep their current status.
- Existing usage patterns and behaviors are not modified.
Introduction of License Packages
Licenses are now presented as packages, which form the contractual layer of the license system. Each package defines:
- A license type (Domain Discovery, Continuous Monitoring, On-Demand Analysis).
- A license quantity.
- A validity period (start date and end date).
- A status indicating its availability.
Packages are read-only and directly reflect the active subscription, ensuring a seamless transition.
Simplified Monitoring
The Daily Analysis and Weekly Analysis licenses are now grouped into a single license: Continuous Monitoring. This license allows you to:
- Configure recurring analyses (daily or weekly).
- Automatically launch an initial analysis when monitoring is activated.
- Trigger manual analyses at any time without consuming additional On-Demand licenses.
A Continuous Monitoring license is reserved as soon as monitoring is enabled on an application, then actually consumed after the first successful analysis.
Clearer Consumption Rules
The new system clearly distinguishes between:
- License availability (via active packages).
- Actual license consumption, which depends on the actions performed.
Each license type retains its own specific consumption rules, which are now clearly exposed and aligned with real platform usage. This new model provides a clearer view of available capacity, makes operational management easier, and prepares for future offer evolutions, without any disruption for existing users.
Web Applications – Automatic Detection of Authentication Methods
This version extends the automatic detection of authentication mechanisms used by web applications. Purplemet now identifies, during analysis, the authentication methods exposed by an application without enabling authenticated scanning. The mechanisms currently detected notably include Single Sign-On (SSO), certificate-based authentication, and Basic Authentication. The following improvements have been made:
- Automatic detection of authentication methods based on the analysis of traffic and redirects.
- Identification of the SSO provider when recognized (Microsoft Entra ID, Okta, Google, Auth0, etc.).
- Identification of certificate-based authentication and Basic Auth mechanisms when exposed.
- Consistent display of authentication status in the interface, in line with other indicators.
- Availability of a dedicated column in the Web Applications inventory, allowing you to quickly see the detected authentication method.
A dedicated column is now available in the Web Applications inventory to quickly display the detected authentication method for each application. This feature provides better visibility into the authentication mechanisms in place, with no configuration required and no impact on existing analyses.
Web Applications – Passive API Detection
Purplemet can now passively detect the presence of APIs exposed by web applications, based on the analysis of network requests and responses. The following types of APIs can be identified:
- REST
- SOAP
- GraphQL
For each detected API:
- The main endpoint is identified.
- The API type is determined when possible.
- A visual indicator highlights the presence of APIs in the Web Applications inventory.
- Detected endpoints can be exported in CSV format from the application details.
- If an endpoint is detected on a new FQDN, a new web application is automatically added to the inventory.
A dedicated column is now available in the Web Applications inventory, allowing you to quickly identify applications that expose APIs.
Sensitive Services – Exit from the BETA Program
The Sensitive Services features are now officially out of the BETA program. They are now available by default for all subscriptions, with no prior enrollment required. These features enable:
- Detection of sensitive network services exposed on IP addresses.
- Identification of new web applications discovered on standard ports.
- Enrichment of the Threat Level, IP and Web Application inventories, as well as the related dashboards.
When enabling the Sensitive Services feature, Purplemet now applies a reinforced confirmation process, in line with legal requirements related to port scanning on IP addresses.
Enabling Sensitive Services is done in two steps:
At Subscription Level
An administrator enables the Sensitive Services feature from the Subscription page, Subscription Settings tab, Sensitive Services Detection section.
A confirmation window opens: the administrator must read and accept the Terms of Use, then confirm that they are authorized to enable the feature and port scanning before validating activation.
At IP Address Level
Once the feature is enabled, the next web application analyses will automatically include a port scan on the associated IP addresses. This scan detects around twenty common network services, including those identified as sensitive by the cybersecurity community.
Since port scanning may be perceived as intrusive by some firewalls, it is recommended to whitelist (allowlist) the Purplemet probe IPs before activation.
For a complete description of the feature, its impacts, and the associated views, please refer to release note 1.29.0.
Additional Updates
- Technology Detection – Artificial Intelligence - The platform is now able to detect technologies and libraries related to Artificial Intelligence. AI technologies are classified in a new dedicated category: Artificial Intelligence, which allows clear and consistent identification within the platform. This enhancement improves the visibility of AI components and facilitates use cases related to compliance and regulatory requirements.
- UI Fixes & Improvements - This release focuses on usability and consistency improvements across the platform’s various inventories such as reorganization of tabs and new sorting and filters on columns
