Tenable Identity Exposure 3.11 (2021-12-01)
Tenable Identity Exposure version 3.11 includes the following new features:
-
A new Indicator of Exposure lists dangerous permissions and misconfigured parameters related to the Windows Public Key Infrastructure (PKI).
Bug Fixes
Tenable Identity Exposure version 3.11 contains the following bug fixes:
| Bug Fix | Defect ID |
|---|---|
| Tenable Identity Exposure returns the API Score information again. | N/A |
| Tenable Identity Exposure now provides better analytics performances thanks to new SQL index. | N/A |
| The widget edition now takes into account previously selected domains. | N/A |
| Tenable Identity Exposure purges the previous version's events from internal queues after each upgrade. | N/A |
| The analytics service successfully reconnects to the RabbitMQ server after failures. | N/A |
| The indicator of exposure C-PASSWORD-POLICY is more resilient against a specific corner case. | N/A |
| Tenable Identity Exposure ignores InheritOnly ACEs when it checks ACLs to avoid false positives. | N/A |
| The trail flow no longer freezes. | N/A |
| The indicators of attack requiring Sysmon tolerate better versions of Windows event, which strengthens detection. | N/A |
Patches
Tenable Identity Exposure 3.11.7 (2022-04-06)
Tenable Identity Exposure version 3.11.7 contains the following patches.
| Patch | Defect ID |
|---|---|
| Tenable Identity Exposure correctly flushes out Login event (4624) from its cache memory after a Logoff event (4634). | N/A |
| Tenable Identity Exposure displays attacks that occur on the 1st day of the month in the correct month. | N/A |
| When you remove a GPO, Tenable Identity Exposure only displays the deleted event. | N/A |
| When the SYSVOL connection breaks, Tenable Identity Exposure renews the connection to allow the listener to fetch new events. | N/A |
| The allow lists for Credentials Roaming users and groups now accept the samAccountName format. | N/A |
This patch also updates OpenSSL-related software to address the security issue CVE-2022-0778.
Tenable Identity Exposure 3.11.6 (2022-03-08)
Tenable Identity Exposure version 3.11.6 contains the following patches.
| Patch | Defect ID |
|---|---|
| SQL services are running when upgrading from version 3.11.3. | N/A |
| Split architecture installations include TLS options. | N/A |
| Rabbit MQ correctly resumes after upgrading from version 3.1.5 to 3.11.3. | N/A |
| Event insertion no longer affects performance. | N/A |
| Events for Indicators of Attack do not consume too many memory resources. | N/A |
Tenable Identity Exposure 3.11.4 (2022-01-24)
Tenable Identity Exposure version 3.11.4 contains the following patches.
| Patch | Defect ID |
|---|---|
| The Tenable Identity Exposure installer pre-fills values for IP/ports from variables during an upgrade. | N/A |
| The upgrade correctly considers existing certificates. | N/A |
| The SQL service account can now access local certificates. | N/A |
| Tenable Identity Exposure updates group members when they change Organizational Units (OU). | N/A |
| The Security Probe installer completes after a reinstallation. | N/A |
| The Tenable Identity Exposure installer verifies that the PFX certificates are valid. | N/A |