Tenable Security Center 5.20.0 Release Notes (2022-01-05)

Note: Tenable recommends upgrading to the patch for this release, Tenable Security Center Patch 202204.1, which includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

You can download the update files from the Tenable Security Center Downloads page.

Upgrade Notes

If you are running Tenable Security Center 5.12.0 or later, you can upgrade directly to Tenable Security Center 5.20.0. If you are running a version earlier than Tenable Security Center 5.12.0, upgrade to Tenable Security Center 5.12.0 before upgrading to Tenable Security Center 5.20.0.

If you are using Internet Explorer 11 on Windows 10 LTSB (build 14393.4104), you may need to add your Tenable Security Center installation to the “Trusted Sites” zone in order for the application to load.

If you are running Tenable Security Center 5.20.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: If your upgrade path skips versions of Tenable Security Center (e.g., upgrading from 5.9.0 to 5.12.0 to 5.20.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

New Features

Asset Host View

Added a Host View table where you can see details about the asset, associated findings (vulnerabilities), and the associated software inventory.

For more information, see View Hosts in the Tenable Security Center User Guide.

Asset Criticality Rating (ACR)

Added in automatic calculation of Asset Criticality Rating (ACR) to be used as part of a Risk Based Approach to Vulnerability Management. Automatic ACR calculation can also be overridden to reflect the most accurate picture of each of your Assets criticality to your environment. ACR can be used throughout Tenable Security Center. Note this feature requires a Tenable Security Center+ license.

Note: As part of the initial ACR score calculation which occurs after the initial Tenable Security Center 5.20.0 installation or upgrade, you must re-scan each host to ensure that Tenable Security Center has the data required to calculate an ACR score. Until that re-scan has been completed, some hosts may not have an ACR score assigned.

UI Improvements

To give our users a more updated and consistent experience across Tenable products, we have made the following enhancements:

  • Single button to refresh all dashboard components

  • Dashboard enhancements and modernization

  • Tab modernization throughout Tenable Security Center

  • Enhanced template creation experience

  • Enhanced filter experience

  • Dark mode severity colors update to align with light mode color scheme

Manage Tenable Nessus Scanners in Tenable Security Center

Added the ability to manage the Tenable Nessus scanners directly in the Tenable Security Center UI.

For more information, see Picture in Picture in the Tenable Security Center User Guide.

Backup and Restore Tenable Security Center Configuration Data

Added the ability to backup and restore Tenable Security Center configuration data.

For more information, see Configuration Backups in the Tenable Security Center User Guide.

Advanced Agent Scan Policy

Added support for adding an Advanced Agent Scan Policy directly in Tenable Security Center.

For more information, see Agent Scans in the Tenable Security Center User Guide.

Tenable Security Center File Integrity Check

Added the ability to check the integrity of critical Tenable Security Center files.

For more information, see Diagnostics Settings in the Tenable Security Center User Guide.

Enhanced Diagnostics

Added additional output items to the diagnostics capability of Tenable Security Center.

For more information, see Diagnostics File Options in the Tenable Security Center User Guide.

Updated Third Party Integrations

The following integrations have been enhanced:

  • Tenable Security Center now works with the CyberArk 2.0 APIs

  • Tenable Security Center now allows for credential support when assessing MongoDB

For more information, see SSH Credentials, Windows Credentials, and Database Credentials in the Tenable Security Center User Guide.

Changed Functionality and Performance Enhancements

Display Name in Plugin 19506

Tenable Security Center now shows the scan name in Plugin 19506.

Deprecated Shibboleth 1.3

Tenable Security Center no longer supports Shibboleth 1.3. Shibboleth 2.0 continues to be supported.

Deprecated Scan Policy Templates

Tenable Security Center 5.20.0 no longer supports the following scan policy templates:

  • Badlock detection

  • Bash Shellshock detection

  • DROWN detection

  • Shadow Brokers Scan

You cannot create a new scan policy using a deprecated template using the Tenable Security Center UI or API. If you have an existing scan policy using one of these deprecated templates, you can continue to view, edit, and use the templates in scans.

Security Updates

  • Removed the SecurityCenter Version header from all Tenable Security Center API calls to prevent unauthorized users from determining the currently running Tenable Security Center version.

Bug Fixes

Bug Fix Defect ID
Fixed an issue where upgrading to Tenable Security Center 5.19 resulted in a database backup error. 01243705
Corrected an issue where the Plugin Timestamp was displaying incorrectly. 01289970
Corrected an issue when selecting an invalid interval on the scheduling API caused a job daemon to crash. 01276243
Fixed a discrepancy when using filtering in asset lists. 01263324
Fixed an issue where Invalid Scan Zones was reported after re-adding a scanner. 01260386
Corrected an issue where the % usage of repository size was showing incorrectly. 01274320
Corrected an issue syncing Dynamic Assets to Tenable Vulnerability Management Tags when the Tenable Vulnerability Management Networks feature is disabled. 01251591
Corrected an issue where the status of Tenable Nessus Network Monitor scanners initially displays incorrectly in the Options -> Update Status screen. 01267931
Corrected an issue in Tenable Security Center Director which resulted in a Fingerprint Mismatch or Protocol Error. 01266404
Corrected a Remote Repository sync issue that occurred in rare instances under certain conditions. 01246158
Fixed an issue leading to query errors in the Vulnerability Analysis drill downs when a selected filter returned no matches. 01194875
Corrected an issue that was causing an internal port range error on the Internal PCI Audit Template. 01248527
Fixed an issue where other installations could no longer set up remote agent repositories against the current one. 01252376
Corrected an issue where under certain circumstances a regular user could view the User page. 01252321
Resolved an issue when building an SCAP results file against a large number of hosts. 01246830
Corrected a display issue when rendering a large amount of reports in the Report Results page. 01248675
Corrected an issue where a report would not generate correctly under certain circumstances. 01245189
Resolved an issue where the Output Asset Filter was removed when browsing Dashboard Component Data. 01220853
Corrected an issue where filtering by tags on the Assets page would lead to an error. 01241243
Aligned the list of ignored plugins qualifying assets against the Tenable Security Center license with that of Tenable Vulnerability Management. 01219651
Corrected an issue when filters on the Vulnerability Analysis page would incorrectly be removed upon clearing values. 01220587
Correct a rare issue where asset information incorrectly displayed information from a different asset. 01219813
Corrected a formatting issue when creating a PDF that contained certain special characters. 01193789
A version check has been added so that the Tenable Security Center RPM can't be installed on the wrong OS version. An error message will be shown and the installation will stop if the user attempts to install on the wrong OS version. N/A
Corrected an issue with Airwatch integration. 01123262
Deprecated "Network Type" has been removed from scan policy creation options. 01088164
Added optimizations when editing and deleting application-level Credentials, Audit Files, and Scan Policies to improve performance. 00711536
Corrected an issue where under certain circumstances Remediation Scans would error out. 00635591
Corrected a parsing issue in reports for the <> symbols. 00512200

Known Issues

  • Log Correlation Engine Archived Silos cannot be selected in the Tenable Security Center UI

API Changelog

For more information about the API changes for this release, see the Tenable Security Center API Changelog.

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with Tenable Security Center 5.20.0.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product Tested Version
Tenable Nessus

8.9.0 and later

OT Security 3.9.25 and later
Tenable Log Correlation Engine 6.0.0 and later
Tenable Nessus Network Monitor 5.11.0 and later