Tenable Attack Surface Management 2025 Release Notes

Explore Dashboard

Tenable Attack Surface Management now includes enhanced workflows for discovering and managing externally exposed assets. Key improvements include the new Explore page, which features the following sections:

• Categories of Security Risk: Filter inventories based on the specific security risk categories that impact them.

• Saved Queries: Create and save custom queries to filter assets to view specific security risks.

• Group by: Organize and view assets by hostnames or IP addresses.

• Manage sources: Add, remove, move sources within your inventory.

• Export: Export assets in these formats: CSV, XLSX, or JSON.

• Columns: Customize the display of asset table columns.

• Manage assets: Add, modify, or remove assets from your managed inventory.

• Assets view: View assets in either a table format or a chart format.

For more information, see Explore.

Improved User Interface

Tenable Attack Surface Management's improved user interface now match the other Tenable products' interface. Key changes include:

• New header featuring links to Inventory, Resource Center, Notifications, Settings, and Workspace.

• Side navigation panel with icons for faster navigation within Tenable Attack Surface Management.

  

• Slider panels on the Inventory page provide detailed asset details. In this panel, Tenable Attack Surface Management organizes the collected metadata into contextual tabs such as Summary, Findings, Ports, Attribution, Managed Assets, HTML.

  

• Link to access legacy inventory page.

  

View Cloud Assets in Tenable Vulnerability Management

You can now view all cloud assets detected by cloud connectors in Tenable Attack Surface Management on the Assets page in Tenable Vulnerability Management. In addition to the External Asset identifier in the Source column, all cloud assets show the ASM CloudAsset tag and their corresponding inventory name in the Tags column of the Assets page. For more information, see Cloud Assets.

View Host and Web Application Assets

Tenable Attack Surface Management now provides additional context about Host and Web Application assets on the Asset Details page, including:

• Asset merge criteria details.

• Visibility into assets already detected by Tenable Vulnerability Management.

• Security risk information based on ACR and AES scores.

For more information, see View Asset Details for Host and Web Application Assets.

Bug Fix
The default filters in the Administrator interface's Users page now include the Cloud Connector Manager role.

Cloud Connector Manager Role

Tenable Attack Surface Management now includes a Cloud Connector Manager role for integrations. This role allows users to manage, add, modify, and delete cloud connectors in addition to the Active User permissions. The Cloud Connector Manager role is mapped to Scan Operator in Tenable Vulnerability Management.

For more information, see Tenable-provided Roles and Privileges and Tenable Attack Surface Management Roles.

Integrate with Google Cloud Platform

You can now integrate Tenable Attack Surface Management with Google Cloud Platform (GCP) to add assets from your GCP accounts. For more information, see Integrate with Google Cloud Platform.

Integrate with AWS, Azure, and GCP using Keyless Authentication

Tenable Attack Surface Management now supports integration with AWS, Azure, and Google Cloud Platform accounts using keyless authentication. For more information, see the following:

• Integrate with AWS using Keyless Authentication

• Integrate with Azure using Keyless Authentication

• Integrate with GCP using Keyless Authentication

Tenable is thrilled to announce some significant enhancements to your cloud product Workspace! We've redesigned the workspace to provide you with better visibility and access to Tenable products:

• Improved Product Overview — You can now easily see both the products you've purchased and a range of other products available for exploration.

• Detailed Product Information — Access More Details to demo the product, giving you in-depth knowledge about each product.

• Product Utilization — We’ve added a utilization feature that shows the percentage of how much you’re using the subscribed products. It allows you to quickly direct you to the License Information page.

• Trial Status Visibility — If you are currently evaluating a product or have done so within the past year, you will now see the status of the trial (In Trial or Trial Expired) directly in your workspace.

These changes are designed to help you get the most out of your Tenable solutions and discover new ways to enhance your security posture. To learn more, access the Workspace page via any Tenable cloud application.

Bug Fix
The loading state now appears correctly on the Activity Logs page.
For IP ranges, Tenable Attack Surface Management now supports both the hyphen (-) and the longer versions of a dash: the en dash (–) and the em dash (—).

Bug Fix
Tenable Attack Surface Management now allows you to export assets that match a valid filter.
Tenable Attack Surface Management now validates filter expressions on both the front-end and back-end. Additionally, it shows an error message whenever a user error occurs.

Bug Fix
Tenable Attack Surface Management now ensures that elements in the Suggestion blocklist items list can be readded after deletion.

Improvement
The CVEs on the asset details page now links to Common Vulnerabilities and Exposures (CVEs).
Tenable Attack Surface Management now shows improved CVE data according to descriptions and scoring.
Tenable Attack Surface Management now features enhanced Common Platform Enumeration (CPE) resolutions for CVEs, ensuring more consistent and accurate CVE findings using Tenable sources.

Bug Fix
The Reports page in Tenable Attack Surface Management displays correctly.
Clicking the close button in the Tenable MSSP Portal impersonation overlay within Tenable Attack Surface Management now redirects to Tenable Vulnerability Management.