Tenable.ad 3.29 On-premise (2022-10-20)
Scalability — Optimization of IoA memory consumption.
Attack Path Navigation Drawer — Opens a window on the side when you select a node that has too many siblings.
DNS Admins Indicator of Attack — Detects the successful editing of the dangerous registry key ServerLevelPluginDll. For more information, see DNSAdmins in the Tenable Identity Exposure Administrator Guide.
Ransomware Hardening Indicator of Exposure — Covers hardening steps related to common infection vectors from ransomware.
Activity Logs —
Provide precise traceability of all the actions that took place on the platform.
Provide full breadcrumbs for visited pages.
New filters for users and actions.
Security — Secured web interface for security risks according to OWASP.
Indicator of Exposure — Change in the reported deviances for the Native administrative group members IoE.
Tenable Design System — Redesign of the header bar in Tenable Identity Exposure to harmonize it with other Tenable products.
Removal of native privileges from DnsAdmins — Tenable Identity Exposure no longer considers DnsAdmins as a privileged group to conform to Microsoft's updated group privileges and to avoid false positive deviances.
Attack Path — New ability to click on a node to pin a path and keep it highlighted on the screen.
Performance — Tenable Identity Exposure increased its events queues consumption to support better Indicators of Attack.
Indicator of Exposure (IoE) — The "Reversible passwords in GPO" IoE now analyzes all derivatives of Groups.xml files regardless of their exact location — including outside the \Policies folder.
Tenable Design System — Redesign of the header and side bars in Tenable Identity Exposure to harmonize it with other Tenable products, as well as screens for Attack Path and Activity Logs.
Trail Flow — There are more event types in the Trail Flow to characterize events better.
Privileged Analysis — Tenable Identity Exposure now offers an optional privileged data collection for a future IoE.
Indicators of Attack — Improved resource footprint on domain controllers.
License — Tenable collects the license consumption when there is an available Internet access.
For installation procedures, see the Tenable.ad Installation Guide.
In addition to performance improvements, Tenable Identity Exposure version 3.29 contains the following bug fixes:
|Bug Fix||Defect ID|
|The "User Primary Group ID" Indicator of Exposure uses the correct PGID for the Guest group.||N/A|
|The "Massive Computers Reconnaissance" Indicator of Attack now puts users that appear forged on its allow list.||N/A|
|Tenable Identity Exposure can now generate the PDF file when you export Indicators of Attack (IOAs).||N/A|
|The IoA LSASS Memory correctly raises alerts on newly installed systems.||N/A|
|LDAP configuration settings now show all roles (even when there are over 8 roles.)||N/A|
|Tenable Identity Exposure correctly disregards the license when you click on the Cancel button after you upload it.||N/A|
|The Trail Flow rows now consistently use an alternate color.||N/A|
|You can now save a widget after you add or remove a dataset.||N/A|
|Tenable Identity Exposure's compliance score public API is now stricter when you provide a wrong directoryId parameter.||N/A|
|The Indicator of Attack (IoA) setup video now runs in the web interface.||N/A|
|It is now possible to upload a license on 800x600 screen resolutions on the first use.||N/A|
|Tenable Identity Exposure supports multiple Active Directory DNS partitions.||N/A|
|Tenable Identity Exposure cleans GoldenTicket events.||N/A|
|Tenable Identity Exposure shows unique events when you search for member:name in the Trail Flow.||N/A|
|Improved the RabbitMQ channel connection resiliency.||N/A|
|Cleans the memory cache for more Indicators of Attack.||N/A|
|Fixed the deviation in the SQL query to show deviant objects.||N/A|
|Resets the activity logs filters when you cancel the drawer.||N/A|
|Harmonized the compliance scores between the dashboard's widgets and the topology domain view.||N/A|
|Placed node locations on the attack path so they do not overlap.||N/A|
|Tenable Identity Exposure now maps Server Message Block (SMB) crawling and listening to the same folder.||N/A|
|Tenable Identity Exposure's Obsolete Systems Indicator of Exposure now supports Windows LTSB/LTSC versions.||N/A|
|The French localization of Indicators of Attack received improvements.||N/A|
|The Indicator of Exposure (IoE) page no longer shows unexpected compliant "No Domain" IoEs when filtering a given domain.||N/A|
|Users with roles giving them read permissions can now view the role details.||N/A|
|The MassiveComputersRecon Indicator of Attack's memory no longer leaks.||N/A|
|It is not possible to authenticate with a correct username and a blank password when you configure LDAP authentication without SASL bindings.||N/A|
|The red ribbon indicating an expired license now remains visible at the top of the page even when you resize the window or use low screen resolution, or when you click on the URL to go to the Tenable Identity Exposure license validation page.||N/A|
|Tenable Identity Exposure shows the date format in the Trail Flow's date column.||N/A|
|The Indicator of Exposure (IoE) Potential clear-text password only keeps ASCII characters when computing the entropy of a potential password.||N/A|
|The MSI installer now ensures that it uses the 64 bits version of the .NET runtime even if there is a 32 bits version installed by another product.||N/A|
|It is possible to translate the "Primary group ID" string into other languages.||N/A|
|The IIS rewrite rule for the API on a "Split SEN" deployment with TLS enabled is more specific and allows you to view the "About" page.||N/A|
|The feature allowing you to stop ignoring deviances of an IoE works again.||N/A|
|A tool tip appears when you hover over the complexity icon of an IoE to explain its remediation complexity.||N/A|
|When installing the Storage Manager on premises, the SQL drive letters appear in the summary before you proceed with the installation.||N/A|
|The MSI installer for on-premise installations does not begin the installation if there is not enough disk space available.||N/A|
|You cannot create a profile named Tenable. Tenable Identity Exposure renamed existing custom profiles with this name.||N/A|
|On the users list screen, deleting the unique user on page 2 no longer shows a "no information" error page.||N/A|
|Tenable Identity Exposure shows long incriminating attributes correctly with line breaks.||N/A|
|The API for new or existing domains does not allow another type than "ADDS."||N/A|
|Tenable Identity Exposure correctly shows attributes with a dollar character ($) in the Indicator of Attack investigation view.||N/A|
|Tenable Identity Exposure handles better foreign security principals when they are also unresolved security principals.||N/A|
|Tenable Identity Exposure supports Unicode characters in the exported PDF file of Indicators of Attack.||N/A|
|Tenable Identity Exposure replaces the \0a sequences in AD attributes with a space when sending them through SYSLOG.||N/A|
|The Accounts using a Pre-Windows 2000 Compatible Access Control Indicator of Exposure (C-PRE-WIN2000-ACCESS-MEMBERS) now reports all problematic well-known principals of the "Pre-Windows 2000 Compatible Access" group.||N/A|
|It is now possible to edit roles with removed directories in some edge cases.||N/A|
|Tenable Identity Exposure links unresolved security principals in the attack path feature to the right domain.||N/A|
|License — Tenable Identity Exposure now bases its count of active users only on the AD objects whose objectClass is strictly User, and not the objectClasses that contain User such as MSMQ-Migrated-User or strongAuthenticationUser.||N/A|
|IoA Script — It is possible again to run the Register-TenableIOA script from a domain-joined server using runas.||N/A|
|Windows Server 2022 — When installing the IOAs on a Windows 2022 Domain Controller, the server no longer needs to reboot.||N/A|
Tenable Identity Exposure version 3.29.4 contains the following patches.
|Fixed CVE-2022-37026 by upgrading the RabbitMQ library dependency.||N/A|
|The Indicator of Attack Password Spraying no longer misses attacks when Tenable Identity Exposure cannot match an IP address through the DNS Record AD object.||N/A|