Attack Path Analysis 2023 Release Notes

• New MITRE Att&ck techniques added to the Attack Path Techniques Library:

  • Path Interception by PATH Environment Variable

  • Firmware Corruption

  • Domain Trust Discovery

  • Services File Permissions Weakness

  • LLMNR/NBT-NS Poisoning and SMB Relay

  • Network Logon Script

  • Scheduled Task

  • Windows Command Shell

  • Unix Shell

• Added support for Attack Path Count and Critical Asset Count columns on the Findings page.

• Added support for devices without SMB Signing enabled (Plugin 57608) in the Discover section.
• Added support for devices with LLMNR enabled (Plugin 160301) in the Discover section.
• Removed asset view limitations and fixed issues with sorting the Created column on the Findings page.

• Attack Path Analysis no longer overrides properties/relationships when facing duplicated assets. When facing duplicated assets, the Attack Path Analysis pipeline only ingests the latest one based on when it was last observed by sensors (VM/AD/WAS/etc). This fix does not completely solve the issue but is expected to improve its symptoms.

The Workspace page appears when you log in to Tenable. In addition, administrators can change which custom roles can access which Tenable One apps.

• To set a default app on the Workspace page, click on the app tile and select Make Default Login. This app now appears when you log in.

• To remove a default app on the Workspace page, click on the app tile and select Remove Default Login Page. The Workspace page now appears when you log in.

• (Tenable One-only) To control which custom roles can access which Tenable One apps, use new role settings. For more information, see Create a Custom Role.

Select a default app to appear when you sign in to Tenable, replacing the Workspace page. Or, remove your current default app.

This feature is for Tenable One customers only.

• To select a default app, on the Workspace page and the app tile, click and select Make Default Login.

• To remove a default app, on the Workspace page and the app tile, click and select Remove Default Login Page instead.

Users can view and interact with the Mitre Attack Heat Map within Attack Path Analysis, which provides a holistic view of your data based on the enterprise tactics and techniques from Mitre Att&ck.

Attack Path Analysis is introducing a brand new landing page called the Attack Path Analysis Dashboard, which gives you a high-level view of your vulnerable assets such as the number of vulnerable critical assets, the number of attack paths leading to these critical assets, the number of open findings and their severity, a matrix to view paths with different AVR and ACR target value combinations, and a list of trending attack paths.

Attack Path Analysis now includes a new query in the query library that users can generate to view attack paths related to the recent Capital One breach.

This release includes improved data consistency across all dashboard metrics and drill downs. Additionally, load times have been reduced from 10 seconds to 2 seconds.

Attack Path Analysis now includes the following features:

• Users can add and view comments on their Attack Path Analysis Findings.

• Users can share and print their findings, or copy and share the URL of specific findings details pages.

• Results from queries using the Built-in Query generator are now disabled if there are no matching attack paths for the query.

Attack Path Analysis now includes a Log History page to provide the following information about a finding:

• State of the finding: Open or Archived.

• Any change in the status of the finding: To Do, In Progress, In Review, Or Done.

• Changes in the priority level of the finding: Critical, High, Medium, or Low.

The Discover tab now includes the following enhancements:

• The Query Builder pane now includes the Standard, Blast Radius, and Asset Exposure options on a single card.

• Improvements to the Search box to match the user interface.

• The Standard Query mode includes a Swap button to swap between Source and Target assets.