## **Release Notes: November 2024**


:::info
Explore What’s New from Cobalt This Month

:::

## **AI/LLM Pentests**

We’ve upgraded our AI/LLM security assessment offerings to provide a more focused and efficient experience:

* Our “OWASP Top 10 LLMs” assessment is now simply “LLM.” This comprehensive assessment provides full-spectrum security coverage for your LLM applications, including their web and API connections. (Starts at 16 credits)
* “Prompt Injection” is now a standalone agile test, offering a targeted and efficient approach to identifying this specific vulnerability. (Starts at 4 credits)

These changes are reflected in the UI, making it easier to find and select the assessment that best suits your needs.

 ![](https://brainfish-storage-prod.s3-accelerate.amazonaws.com/uploads/8e42b09c-e27b-4b5a-ba0c-7a5ef138ea38/6c6ea91e-96a5-4034-a3ad-ff535d0af576/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAUPPN5IL3UDNLIUNC%2F20260412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20260412T154557Z&X-Amz-Expires=3000&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIBvjznQbAw5SKXAWrUY%2BDG%2FaOr1H4Hne%2F3nHamS036CLAiEAvSZ2O%2BqG8dCdQOEaFJ8Ei2%2BQDoYldtw5sWJ48N4h8%2BQq3QUIXBACGgwzMDgxMjU5NzUyODciDA4eYBFxw8agAS6jTSq6BeMIf5jAD8qJPrVxdQFMYIRMnmIM2XDQM1wPLzwW5N1WGjoZnjSrEYU85%2FHDboV4kdtYJfPYQxlqQd9u%2BnCLdXMANmARyK4j8QzKyv4I%2FqjPPuvLKw8U%2Bu31PTVAAAoSp9s6NoqcleWrJ9xRCDylIKuf%2FUsDLJUDHvdrgTATgXINCeHe9yHDqBJ%2FvLVuWpeuca5TjhzdpPZzRQ1LwBJotTiBzXftC5ZMw7%2FwPoHlUHQTL5mqZGjdAlpOWBqkUelqPTGAyfFQvuoImdwJcgK65n8p%2FQUMLqbyzY3klRX1obJViDzXOun45MKwEECU7DFjt3ie8CRjWNc%2FeLG2zWzx3EE4oebXktxasHINjD6pimR52bh27AS%2F9HVNEnXK5lOdOdRVaCOtcrBrUIPqhFTDn0IQ0G1VYxov%2F6F%2BMuyuiReXYRyJJjpKXO5Zd48nQPFfcMjD%2Frdxf9sOnpdP%2FWCB6quRz1Wca0UumBGriVo63CRgy1oI%2FzgoQGKLpYfDEldTqoVZBRTsn9RCdlvbIV%2FgYVkph6OCXU6qElWjPsYvsBShlsOJmfwVLOo7GkLfJ2pchjlzGHUQqcbP9vU0NYwk0bkNWN7UVnCiuF5UonBpKHv9vvBCZvHrKRCG87d5IEfe2lDP7y%2BJcc22s4FkAHLbQ6%2Fkn5esWt3cTnFCcib4UQhPT7oMr0SLZN35hxV89XNqAn9Rw3yy409k6NFVWVpjG%2BAXF6APTwMNsNkMaZJjqcrVnqMUYxWMwl0%2BOyLpWX%2Bb8Sv3aiCuYCZOrtPq5Aked25YluSCxci6y2UT46MZofbucwyQkcEgQFlycWPLQMZ5dYIPFBBYOHfPNqnlgtz2Es%2BKa1jH7vFRs5u9QOGVMlqccB0fs3DEWY6beZIj%2BnGPU%2FSATRysYjufGq%2FzGMdy%2Fnu3%2BmeKwX7v7lV0MI3q7c4GOpABi5dN33VbMZM51An%2B9x8hB9pbSBKz44r4VUg%2F5fxP7HW8oOLjXPmHPoa6wKL4oItaR1dMn0M4fIWZohU6eWfgsnIHTPu8tjBVenZMJorOsttbdtwldSIgURdW2njKSdQE4UHKRD4B7qYyNO2XywUfp1xVexTj%2Bgmb1mesCNGstFyyQd3hyqcHba78U9ZrrSXH&X-Amz-Signature=f684eb931de2ffb249309ea1ecbc3f0020a4f097e3750db84368abfb74e61a38&X-Amz-SignedHeaders=host&response-content-disposition=attachment)


---

## **Target Directory**

We’ve introduced a central directory feature that allows customers to conveniently track their targets across their Pentests, DAST, and Attack Surface, providing a cohesive and organized approach to managing these crucial units.

**Benefits**:

* The addition of the Target directory offers customers enhanced capabilities to analyze and segment their data effectively, enabling them to gain deeper insights and make more informed decisions based on the structured tracking of targets.
* Accessible through a new tab under Assets, the Target directory offers a user-friendly interface for customers to navigate and manage their targets with ease.

This **==Beta==** feature is now accessible to all customers, empowering them with improved tools to streamline target tracking and optimize their operational processes.

 ![](https://brainfish-storage-prod.s3-accelerate.amazonaws.com/uploads/8e42b09c-e27b-4b5a-ba0c-7a5ef138ea38/1f938e62-3229-485a-a6c1-7b1d10982f2a/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAUPPN5IL3UDNLIUNC%2F20260412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20260412T154557Z&X-Amz-Expires=3000&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIBvjznQbAw5SKXAWrUY%2BDG%2FaOr1H4Hne%2F3nHamS036CLAiEAvSZ2O%2BqG8dCdQOEaFJ8Ei2%2BQDoYldtw5sWJ48N4h8%2BQq3QUIXBACGgwzMDgxMjU5NzUyODciDA4eYBFxw8agAS6jTSq6BeMIf5jAD8qJPrVxdQFMYIRMnmIM2XDQM1wPLzwW5N1WGjoZnjSrEYU85%2FHDboV4kdtYJfPYQxlqQd9u%2BnCLdXMANmARyK4j8QzKyv4I%2FqjPPuvLKw8U%2Bu31PTVAAAoSp9s6NoqcleWrJ9xRCDylIKuf%2FUsDLJUDHvdrgTATgXINCeHe9yHDqBJ%2FvLVuWpeuca5TjhzdpPZzRQ1LwBJotTiBzXftC5ZMw7%2FwPoHlUHQTL5mqZGjdAlpOWBqkUelqPTGAyfFQvuoImdwJcgK65n8p%2FQUMLqbyzY3klRX1obJViDzXOun45MKwEECU7DFjt3ie8CRjWNc%2FeLG2zWzx3EE4oebXktxasHINjD6pimR52bh27AS%2F9HVNEnXK5lOdOdRVaCOtcrBrUIPqhFTDn0IQ0G1VYxov%2F6F%2BMuyuiReXYRyJJjpKXO5Zd48nQPFfcMjD%2Frdxf9sOnpdP%2FWCB6quRz1Wca0UumBGriVo63CRgy1oI%2FzgoQGKLpYfDEldTqoVZBRTsn9RCdlvbIV%2FgYVkph6OCXU6qElWjPsYvsBShlsOJmfwVLOo7GkLfJ2pchjlzGHUQqcbP9vU0NYwk0bkNWN7UVnCiuF5UonBpKHv9vvBCZvHrKRCG87d5IEfe2lDP7y%2BJcc22s4FkAHLbQ6%2Fkn5esWt3cTnFCcib4UQhPT7oMr0SLZN35hxV89XNqAn9Rw3yy409k6NFVWVpjG%2BAXF6APTwMNsNkMaZJjqcrVnqMUYxWMwl0%2BOyLpWX%2Bb8Sv3aiCuYCZOrtPq5Aked25YluSCxci6y2UT46MZofbucwyQkcEgQFlycWPLQMZ5dYIPFBBYOHfPNqnlgtz2Es%2BKa1jH7vFRs5u9QOGVMlqccB0fs3DEWY6beZIj%2BnGPU%2FSATRysYjufGq%2FzGMdy%2Fnu3%2BmeKwX7v7lV0MI3q7c4GOpABi5dN33VbMZM51An%2B9x8hB9pbSBKz44r4VUg%2F5fxP7HW8oOLjXPmHPoa6wKL4oItaR1dMn0M4fIWZohU6eWfgsnIHTPu8tjBVenZMJorOsttbdtwldSIgURdW2njKSdQE4UHKRD4B7qYyNO2XywUfp1xVexTj%2Bgmb1mesCNGstFyyQd3hyqcHba78U9ZrrSXH&X-Amz-Signature=3ad6069f5cb377309b4e7775928627c4aec0bf443e88ff4547c76e3926140aba&X-Amz-SignedHeaders=host&response-content-disposition=attachment)


---

## **Partial Scans: Reduced Scope**

Users can now quickly scan only specific parts of their applications and APIs, rather than waiting for a full scan, to focus on high-risk areas or new code changes.

* In the target settings: we added a new card for users to add + manage specific URLs to scan
* In the Scan Now modal: we added a section where users can additionally manage/override the added URLs

**Key Benefits:**

* Accelerates feedback cycles by enabling the scanning of only relevant code changes
* Minimizes scan durations by targeting specific sections of an application or API
* Prioritizes high-risk areas by focusing scans on critical or recently updated sections
* Reduces vulnerability noise, allowing users to concentrate on the most important security issues and potentially improving overall scanning efficiency.


:::info
For more information, have a look at our [Partial Scans: Reduced Scope documentation.](https://docs.cobalt.io/en-us/articles/partial-scans-reduced-scope-mNZXBlnWRW)

:::

 ![](https://brainfish-storage-prod.s3-accelerate.amazonaws.com/uploads/8e42b09c-e27b-4b5a-ba0c-7a5ef138ea38/caa2399d-e164-42a8-b39a-d29225a32604/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAUPPN5IL3UDNLIUNC%2F20260412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20260412T154557Z&X-Amz-Expires=3000&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIBvjznQbAw5SKXAWrUY%2BDG%2FaOr1H4Hne%2F3nHamS036CLAiEAvSZ2O%2BqG8dCdQOEaFJ8Ei2%2BQDoYldtw5sWJ48N4h8%2BQq3QUIXBACGgwzMDgxMjU5NzUyODciDA4eYBFxw8agAS6jTSq6BeMIf5jAD8qJPrVxdQFMYIRMnmIM2XDQM1wPLzwW5N1WGjoZnjSrEYU85%2FHDboV4kdtYJfPYQxlqQd9u%2BnCLdXMANmARyK4j8QzKyv4I%2FqjPPuvLKw8U%2Bu31PTVAAAoSp9s6NoqcleWrJ9xRCDylIKuf%2FUsDLJUDHvdrgTATgXINCeHe9yHDqBJ%2FvLVuWpeuca5TjhzdpPZzRQ1LwBJotTiBzXftC5ZMw7%2FwPoHlUHQTL5mqZGjdAlpOWBqkUelqPTGAyfFQvuoImdwJcgK65n8p%2FQUMLqbyzY3klRX1obJViDzXOun45MKwEECU7DFjt3ie8CRjWNc%2FeLG2zWzx3EE4oebXktxasHINjD6pimR52bh27AS%2F9HVNEnXK5lOdOdRVaCOtcrBrUIPqhFTDn0IQ0G1VYxov%2F6F%2BMuyuiReXYRyJJjpKXO5Zd48nQPFfcMjD%2Frdxf9sOnpdP%2FWCB6quRz1Wca0UumBGriVo63CRgy1oI%2FzgoQGKLpYfDEldTqoVZBRTsn9RCdlvbIV%2FgYVkph6OCXU6qElWjPsYvsBShlsOJmfwVLOo7GkLfJ2pchjlzGHUQqcbP9vU0NYwk0bkNWN7UVnCiuF5UonBpKHv9vvBCZvHrKRCG87d5IEfe2lDP7y%2BJcc22s4FkAHLbQ6%2Fkn5esWt3cTnFCcib4UQhPT7oMr0SLZN35hxV89XNqAn9Rw3yy409k6NFVWVpjG%2BAXF6APTwMNsNkMaZJjqcrVnqMUYxWMwl0%2BOyLpWX%2Bb8Sv3aiCuYCZOrtPq5Aked25YluSCxci6y2UT46MZofbucwyQkcEgQFlycWPLQMZ5dYIPFBBYOHfPNqnlgtz2Es%2BKa1jH7vFRs5u9QOGVMlqccB0fs3DEWY6beZIj%2BnGPU%2FSATRysYjufGq%2FzGMdy%2Fnu3%2BmeKwX7v7lV0MI3q7c4GOpABi5dN33VbMZM51An%2B9x8hB9pbSBKz44r4VUg%2F5fxP7HW8oOLjXPmHPoa6wKL4oItaR1dMn0M4fIWZohU6eWfgsnIHTPu8tjBVenZMJorOsttbdtwldSIgURdW2njKSdQE4UHKRD4B7qYyNO2XywUfp1xVexTj%2Bgmb1mesCNGstFyyQd3hyqcHba78U9ZrrSXH&X-Amz-Signature=70d834509566b635ddfc3a0916bee740ae118e1bd7916f70913e4fd72df5ecea&X-Amz-SignedHeaders=host&response-content-disposition=attachment)


---

## **Notification Preferences Enhanced for Pentests**

Certain customers, particularly Org owners, were overwhelmed by excessive notifications in their Cobalt experience, as they were automatically included in all pentests and received all related notifications unnecessarily.

We’ve introduced the ability for users to customize their default notification preferences in their Profile settings at the top right corner. Users can now choose from the following options:

* Notifications on all activity
* Notifications on @mentions and findings they participate in
* Mute notifications, except on findings they follow

Customers can still adjust notification preferences for individual pentests without altering the default settings.

 ![](https://brainfish-storage-prod.s3-accelerate.amazonaws.com/uploads/8e42b09c-e27b-4b5a-ba0c-7a5ef138ea38/219f7ff8-abec-4e0d-8a7b-19764280d899/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAUPPN5IL3UDNLIUNC%2F20260412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20260412T154557Z&X-Amz-Expires=3000&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIBvjznQbAw5SKXAWrUY%2BDG%2FaOr1H4Hne%2F3nHamS036CLAiEAvSZ2O%2BqG8dCdQOEaFJ8Ei2%2BQDoYldtw5sWJ48N4h8%2BQq3QUIXBACGgwzMDgxMjU5NzUyODciDA4eYBFxw8agAS6jTSq6BeMIf5jAD8qJPrVxdQFMYIRMnmIM2XDQM1wPLzwW5N1WGjoZnjSrEYU85%2FHDboV4kdtYJfPYQxlqQd9u%2BnCLdXMANmARyK4j8QzKyv4I%2FqjPPuvLKw8U%2Bu31PTVAAAoSp9s6NoqcleWrJ9xRCDylIKuf%2FUsDLJUDHvdrgTATgXINCeHe9yHDqBJ%2FvLVuWpeuca5TjhzdpPZzRQ1LwBJotTiBzXftC5ZMw7%2FwPoHlUHQTL5mqZGjdAlpOWBqkUelqPTGAyfFQvuoImdwJcgK65n8p%2FQUMLqbyzY3klRX1obJViDzXOun45MKwEECU7DFjt3ie8CRjWNc%2FeLG2zWzx3EE4oebXktxasHINjD6pimR52bh27AS%2F9HVNEnXK5lOdOdRVaCOtcrBrUIPqhFTDn0IQ0G1VYxov%2F6F%2BMuyuiReXYRyJJjpKXO5Zd48nQPFfcMjD%2Frdxf9sOnpdP%2FWCB6quRz1Wca0UumBGriVo63CRgy1oI%2FzgoQGKLpYfDEldTqoVZBRTsn9RCdlvbIV%2FgYVkph6OCXU6qElWjPsYvsBShlsOJmfwVLOo7GkLfJ2pchjlzGHUQqcbP9vU0NYwk0bkNWN7UVnCiuF5UonBpKHv9vvBCZvHrKRCG87d5IEfe2lDP7y%2BJcc22s4FkAHLbQ6%2Fkn5esWt3cTnFCcib4UQhPT7oMr0SLZN35hxV89XNqAn9Rw3yy409k6NFVWVpjG%2BAXF6APTwMNsNkMaZJjqcrVnqMUYxWMwl0%2BOyLpWX%2Bb8Sv3aiCuYCZOrtPq5Aked25YluSCxci6y2UT46MZofbucwyQkcEgQFlycWPLQMZ5dYIPFBBYOHfPNqnlgtz2Es%2BKa1jH7vFRs5u9QOGVMlqccB0fs3DEWY6beZIj%2BnGPU%2FSATRysYjufGq%2FzGMdy%2Fnu3%2BmeKwX7v7lV0MI3q7c4GOpABi5dN33VbMZM51An%2B9x8hB9pbSBKz44r4VUg%2F5fxP7HW8oOLjXPmHPoa6wKL4oItaR1dMn0M4fIWZohU6eWfgsnIHTPu8tjBVenZMJorOsttbdtwldSIgURdW2njKSdQE4UHKRD4B7qYyNO2XywUfp1xVexTj%2Bgmb1mesCNGstFyyQd3hyqcHba78U9ZrrSXH&X-Amz-Signature=610e4ccc3d5f80cc887452610ef7bf3a5a7ce6cf0711950c0fbd1980a28cae57&X-Amz-SignedHeaders=host&response-content-disposition=attachment)

November 2024

March 2026

February 2026

January 2026

November 2025 

August 2025

July 2025

June 2025

May 2025

April 2025

March 2025

January 2025

December 2024

October 2024

September 2024

August 2024

July 2024

June 2024

May 2024

April 2024

March 2024

January 2024

What's New

How to get started with Cobalt

Getting Started

Risk Advisories

Assets are what we pentest

Asset Types

Create an Asset

Assets

Pentests

Overview

Asset Details

Pentest Details

Scope & Test Period

Preparation

Create a Pentest

Pentest Process

Pentest States

Coverage Checklist

Pentest Expectations

Set Up an In-House Pentest

Complete an In-House Pentest (For Pentesters)

In House Pentests

Severity Levels

Finding States

Remediate Findings

Findings

Customize Your Report

Co-branded Reports

Contents of a Pentest Report

Reports

Engagements Overview

Digital Risk Assessment

Secure Code Review

Engagements

Insights

Planning

Cobalt Methodologies Overview

Web Methodologies

API Methodologies

External Network Methodologies

Internal Network Methodologies

Mobile Methodologies

Cloud Configuration Review Methodologies

Cloud Pentest Methodology

Desktop Methodologies

AI/LLM Methodologies

Digital Risk Assessment Methodology

Secure Code Review Methodologies

Methodologies

Attack Surface Monitoring (ASM)

Attack Surface

DAST Scanner Overview

Best Practices

Integrations

Partial Scans: Reduced Scope

Scans

Sequence recorder

Targets

Target Authentication

Extra Hosts

Blackout Period

DAST Scanner

Account Overview

Account Settings

Password Best Practices

Sign In to Cobalt

Troubleshoot Sign-in Issues

User Account

Collaboration Overview

Collaborate on Pentests

Groups

Manage Pentest Collaborators

Manage Notifications

User Roles and Permissions

Collaboration

Organization Overview

Manage Users

Your Cobalt Contract

How to Configure SAML 2.0 for Cobalt 

SAML Migration: Update Your Configuration

Configure SAML SSO

SCIM Provisioning Setup Guide

Configure Organization Settings

Organization

Cobalt Credits

Track Your Credits

Cobalt PtaaS Tiers

Credits

Cobalt Integrations Overview

Connect your applications

Create GitHub tickets for Findings

Send MS Teams notifications for Findings

Create Azure DevOps Work Item for Findings

Create Jira tickets for Findings

Send email notifications for Findings from Outlook

Create GitLab tickets for Findings

HTTP Connector

Import Assets from Google Sheets

Map Cobalt Pentest Finding Severity to Jira Issue Priority

Modify Jira Issue Summary to contain Pentest Title

How to Guides

Troubleshooting

Integration Builder

Jira Data Center Integration

Push Cobalt Findings to Jira

Switching to a New Jira Instance

Jira Cloud Integration

Troubleshoot Your Jira Integration

Synchronize Cobalt Severity Levels with Jira

Integrate Jira with Cobalt

Slack

Microsoft Teams

Webhooks

DefectDojo

Kenna Security

Vanta

Carried Over Findings

Create Test Finding

Cobalt API Overview

Partner Integrations

API Versions

Events

Errors

Subscription

Introduction

Authentication

EU Data Center

Organizations

Engagement Findings

DAST Targets

DAST Scans

DAST Scheduled Scans

DAST Findings

External Ticket References

Tokens

Pagination

Idempotency

Rate Limits

Create a Personal Cobalt API Token

Changelog

Get an Organization Token

Revoke Your Personal Cobalt API Tokens

Create or Modify an Asset

Import Findings to Google Sheets

Cobalt API

Glossary

Guide

Cobalt Product Documentation

November 2024

Share

Share

November 2024

Share

Share