Tenable Security Center 5.20.0 Release Notes (2022-01-05)
Note: Tenable recommends upgrading to the patch for this release, Tenable.sc Patch 202204.1, which includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
You can download the update files from the Tenable Security Center Downloads page.
If you are running Tenable Security Center 5.12.0 or later, you can upgrade directly to Tenable Security Center 5.20.0. If you are running a version earlier than Tenable Security Center 5.12.0, upgrade to Tenable Security Center 5.12.0 before upgrading to Tenable Security Center 5.20.0.
If you are using Internet Explorer 11 on Windows 10 LTSB (build 14393.4104), you may need to add your Tenable Security Center installation to the “Trusted Sites” zone in order for the application to load.
If you are running Tenable Security Center 5.20.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.
Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Note: If your upgrade path skips versions of Tenable Security Center (e.g., upgrading from 5.9.0 to 5.12.0 to 5.20.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.
New Features
Asset Host View
Added a Host View table where you can see details about the asset, associated findings (vulnerabilities), and the associated software inventory.
For more information, see View Hosts in the Tenable Security Center User Guide.
Asset Criticality Rating (ACR)
Added in automatic calculation of Asset Criticality Rating (ACR) to be used as part of a Risk Based Approach to Vulnerability Management. Automatic ACR calculation can also be overridden to reflect the most accurate picture of each of your Assets criticality to your environment. ACR can be used throughout Tenable Security Center. Note this feature requires a Tenable Security Center+ license.
Note: As part of the initial ACR score calculation which occurs after the initial Tenable Security Center 5.20.0 installation or upgrade, you must re-scan each host to ensure that Tenable Security Center has the data required to calculate an ACR score. Until that re-scan has been completed, some hosts may not have an ACR score assigned.
For more information, see View Lumin Metrics in the Tenable Security Center User Guide.
UI Improvements
To give our users a more updated and consistent experience across Tenable products, we have made the following enhancements:
-
Single button to refresh all dashboard components
-
Dashboard enhancements and modernization
-
Tab modernization throughout Tenable Security Center
-
Enhanced template creation experience
-
Enhanced filter experience
-
Dark mode severity colors update to align with light mode color scheme
Manage Tenable Nessus Scanners in Tenable Security Center
Added the ability to manage the Tenable Nessus scanners directly in the Tenable Security Center UI.
For more information, see Picture in Picture in the Tenable Security Center User Guide.
Backup and Restore Tenable Security Center Configuration Data
Added the ability to backup and restore Tenable Security Center configuration data.
For more information, see Configuration Backups in the Tenable Security Center User Guide.
Advanced Agent Scan Policy
Added support for adding an Advanced Agent Scan Policy directly in Tenable.sc.
For more information, see Agent Scans in the Tenable Security Center User Guide.
Tenable.sc File Integrity Check
Added the ability to check the integrity of critical Tenable Security Center files.
For more information, see Diagnostics Settings in the Tenable Security Center User Guide.
Enhanced Diagnostics
Added additional output items to the diagnostics capability of Tenable Security Center.
For more information, see Diagnostics File Options in the Tenable Security Center User Guide.
Updated Third Party Integrations
The following integrations have been enhanced:
-
Tenable Security Center now works with the CyberArk 2.0 APIs
-
Tenable Security Center now allows for credential support when assessing MongoDB
For more information, see SSH Credentials, Windows Credentials, and Database Credentials in the Tenable Security Center User Guide.
Changed Functionality and Performance Enhancements
Display Name in Plugin 19506
Tenable Security Center now shows the scan name in Plugin 19506.
Deprecated Shibboleth 1.3
Tenable Security Center no longer supports Shibboleth 1.3. Shibboleth 2.0 continues to be supported.
Deprecated Scan Policy Templates
Tenable Security Center 5.20.0 no longer supports the following scan policy templates:
-
Badlock detection
-
Bash Shellshock detection
-
DROWN detection
-
Shadow Brokers Scan
You cannot create a new scan policy using a deprecated template using the Tenable Security Center UI or API. If you have an existing scan policy using one of these deprecated templates, you can continue to view, edit, and use the templates in scans.
Security Updates
-
Removed the SecurityCenter Version header from all Tenable Security Center API calls to prevent unauthorized users from determining the currently running Tenable Security Center version.
Bug Fixes
| Bug Fix | Defect ID |
|---|---|
| Fixed an issue where upgrading to Tenable.sc 5.19 resulted in a database backup error. | 01243705 |
| Corrected an issue where the Plugin Timestamp was displaying incorrectly. | 01289970 |
| Corrected an issue when selecting an invalid interval on the scheduling API caused a job daemon to crash. | 01276243 |
| Fixed a discrepancy when using filtering in asset lists. | 01263324 |
| Fixed an issue where Invalid Scan Zones was reported after re-adding a scanner. | 01260386 |
| Corrected an issue where the % usage of repository size was showing incorrectly. | 01274320 |
| Corrected an issue syncing Dynamic Assets to Tenable Vulnerability Management Tags when the Tenable Vulnerability Management Networks feature is disabled. | 01251591 |
| Corrected an issue where the status of Tenable Nessus Network Monitor scanners initially displays incorrectly in the Options -> Update Status screen. | 01267931 |
| Corrected an issue in Tenable Security Center Director which resulted in a Fingerprint Mismatch or Protocol Error. | 01266404 |
| Corrected a Remote Repository sync issue that occurred in rare instances under certain conditions. | 01246158 |
| Fixed an issue leading to query errors in the Vulnerability Analysis drill downs when a selected filter returned no matches. | 01194875 |
| Corrected an issue that was causing an internal port range error on the Internal PCI Audit Template. | 01248527 |
| Fixed an issue where other installations could no longer set up remote agent repositories against the current one. | 01252376 |
| Corrected an issue where under certain circumstances a regular user could view the User page. | 01252321 |
| Resolved an issue when building an SCAP results file against a large number of hosts. | 01246830 |
| Corrected a display issue when rendering a large amount of reports in the Report Results page. | 01248675 |
| Corrected an issue where a report would not generate correctly under certain circumstances. | 01245189 |
| Resolved an issue where the Output Asset Filter was removed when browsing Dashboard Component Data. | 01220853 |
| Corrected an issue where filtering by tags on the Assets page would lead to an error. | 01241243 |
| Aligned the list of ignored plugins qualifying assets against the Tenable Security Center license with that of Tenable Vulnerability Management. | 01219651 |
| Corrected an issue when filters on the Vulnerability Analysis page would incorrectly be removed upon clearing values. | 01220587 |
| Correct a rare issue where asset information incorrectly displayed information from a different asset. | 01219813 |
| Corrected a formatting issue when creating a PDF that contained certain special characters. | 01193789 |
| A version check has been added so that the Tenable Security Center RPM can't be installed on the wrong OS version. An error message will be shown and the installation will stop if the user attempts to install on the wrong OS version. | N/A |
| Corrected an issue with Airwatch integration. | 01123262 |
| Deprecated "Network Type" has been removed from scan policy creation options. | 01088164 |
| Added optimizations when editing and deleting application-level Credentials, Audit Files, and Scan Policies to improve performance. | 00711536 |
| Corrected an issue where under certain circumstances Remediation Scans would error out. | 00635591 |
| Corrected a parsing issue in reports for the <> symbols. | 00512200 |
Known Issues
-
Log Correlation Engine Archived Silos cannot be selected in the Tenable Security Center UI
API Changelog
For more information about the API changes for this release, see the Tenable Security Center API Changelog.
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.
Tenable Integrated Product Compatibility
The following table lists the Tenable product versions tested with Tenable Security Center 5.20.0.
For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.
| Product | Tested Version |
|---|---|
| Tenable Nessus |
8.9.0 and later |
| Tenable OT Security | 3.9.25 and later |
| Tenable Log Correlation Engine | 6.0.0 and later |
| Tenable Nessus Network Monitor | 5.11.0 and later |