White shape | Hexiosec Logo

New ASM Features and Improvements | June 2025

Tim Cowell
2 July 2025
|
5 min Read
|
Tim Cowell

Contents

Introduction

June 2025 saw the Hexiosec development team continuing to work on new visualisations and checks in Hexiosec ASM, which we’ll be bringing to you soon. But the team have also released some great new features. Please read on to hear about a few of these, including:

  • Expandable description rows for risks
  • Scan complete notifications for all scan types
  • Support the use of Auth0 for SSO

I will also introduce a change, coming in July, to how we describe the assets found by Hexiosec ASM.

Risks slide in pane

The first update to highlight this month is a change to how you can view risks in Hexiosec ASM. The team have updated the Risks page to allow you to see details of a risks in a much more intuitive way, and allowing you to choose to see the details of multiple risks at once.

Simply, now when you click on a risk’s row, unless selecting a linked item, it will expand that row to display details of a risk.

Risks page in Hexiosec ASM showing an expanded row with detailed risk information, including risk title, description, and action buttons. The interface displays a list of risks in a table format, with one row expanded to reveal additional details. The environment is a modern web application dashboard, with a clear and organized layout. Visible text includes risk titles, descriptions, and action options such as view details and resolve.

We believe this way of displaying the data is natural for the user, and an additional benefit is that it allows you to expand the details of multiple risks at once, or all risks you have selected. You can use the chevron for each risk to expand and collapse selected risks, or you can choose to expand all risks currently shown by filters you have applied.

Several risk rows expanded in the Hexiosec ASM risks page, each showing detailed information such as risk title, description, and action buttons like view details and resolve; the interface is a modern web dashboard with a clear, organized layout; visible text includes risk titles, descriptions, and action options; the environment is professional and informative, designed to help users efficiently review and manage multiple risks at once

We are also planning to expand the feature to display more details, and enable Hexiosec ASM to display additional information as we add new capability to Hexiosec ASM.

Notifications for scan completion on all types

Hexiosec ASM already has various notification options for emails you can choose to receive when a scan completes and updates, and these can be configured at an organisation and at a user level. We’ve enabled the option to receive an email on every scan update (‘Every scan completion’) to all scan types, even if there are no changes, but there are still risks.

A scan completion email

Choosing to receive an email every time a scan is updated is a useful way to keep track of changes, and to have the confirmation that the attack surface is being checked. You may have scans that run less frequently - weekly or monthly - and receiving alerts when they have updated saves you having to check. Or knowing when a colleague has updated (rescanned) a shared scan.

If you choose to enable this new feature, and if you also have notifications for scan changes enabled, you will receive one of two emails:

  • If a scan, with risks, updates without notifiable changes, you will receive the scan completion email
  • If a scan updates with notifiable changes, you will receive the scan changes email

To receive an email for every scan update, you need to first enable this at an organisation level for each scan type.

Organisation settings page in Hexiosec ASM displaying the new notification option for scan completion. The main section shows a settings interface with a checkbox to receive an email every time a scan completes even if there are no changes. Other visible options include notification preferences for scan changes and risk updates. The layout is clean and organized with a sidebar menu on the left and a content area on the right. The tone is professional and user-focused designed to help administrators manage notification settings efficiently.

Users who want to receive this email will then need to enable it in their own account settings.

User preferences page in Hexiosec ASM displaying the new notification option for scan completion. The main section shows a settings interface with a checkbox to receive an email every time a scan completes, even if there are no changes. Other visible options include notification preferences for scan changes and risk updates. The layout is clean and organized, with a sidebar menu on the left and a content area on the right. The tone is professional and user-focused, designed to help users manage their notification settings efficiently.

For most Hexiosec ASM tiers it is disabled by default for organisations and users.

Our SSO now formally supports Auth0

Hexiosec ASM already allows you to use your existing Microsoft Entra accounts to sign-in with SSO (Single Sign-On), and we can now happily confirm that we also support Auth0 for SSO.

You can read Andrea’s February 2025 update on how Hexiosec ASM works with SSO, but this paragraph by Andrea nicely covers why you should use it.

“Why use SSO? The use of SSO in your organisation helps centralise account security for your team, including access to external applications, as well as reducing the number of credentials needed. Rather than your ASM users having to remember/store/write on a Post-it (😱) another password, ASM will use your existing login which of course brings all of the security you already have in your user authentication environment.”

If you are on our Enterprise tier and use Auth0, please get in touch and we can get you and your team setup with SSO, and centralise your account security.

Coming soon! Out of scope name changes

This month we also wanted to make you aware of a terminology change, which is coming soon. We are changing our use of “in scope” and “out of scope” to “primary” and “secondary”, which we believe better reflects the importance of all the assets Hexiosec ASM discovers.

Preview showing the Hexiosec ASM interface with the new terminology for asset classification. The main section displays two labeled categories: Primary and Secondary, replacing previous terms In scope and Out of scope.

We are not changing how Hexiosec ASM works and your existing scan results will not be impacted; this is a wording change to make our scan results clearer. The changes you will soon see can be summarised as follows:

  • In scope assets will now be referred to as primary
  • Out of scope assets will be be referred to as secondary
  • The Out of Scope page will now be called Secondary Assets, and will be moved to the Asset Management sidebar item.

On our public API we will be adding new endpoints for the new wording, but any existing endpoints using the scope terminology will remain available, just marked as DEPRECATED.

You can expect to see these updates go live in early July, and we will be updating the user guides to match this update.

Coming Soon

We’re continuing to work on new TLS checks in Hexiosec ASM and the display of EPSS (Exploit Prediction Scoring System) values:

  • TLS version checks: Add TLS version checks to our existing TLS checks, including new risks if old versions of TLS are offered, e.g. TLS 1.0.
  • EPSS visualisations: To complement our CVE and KEV checks, we’re adding EPSS visualisations, to allow you to search and filter discovered CVEs based on their exploitability.

Related Posts


Hexiosec ASM May 2025 update blog banner
New ASM Features and Improvements | May 2025
Tim Cowell
9 June 2025
Hexiosec ASM April 2025 update blog banner
New ASM Features and Improvements | April 2025
Tim Cowell
10 May 2025
Hexiosec ASM March 2025 update blog banner
New ASM Features and Improvements | March 2025
Tim Cowell
1 April 2025

About Tim Cowell
Tim is an experienced software engineer, who has worked across the Defence, Government and Commercial sectors for over 20 years. After leading a diverse range of projects Tim has a strong background in Cyber Security, software engineering, research and development practices.
Tim Cowell