Attack Path Analysis 2024 Release Notes
These release notes are listed in reverse chronological order.
April 18, 2024
-
Attack Path Analysis includes new filters for Asset ID and Weakness ID on the Findings page. This feature allows customers to map bfrom weaknesses to choke points.
For example:
-
Show me all choke points leveraging weak password IoE
-
Show me all the choke points of asset XXX
-
-
Attack Path Analysis includes new filters for Technique and Finding ID on the Discover page.
For example:
-
Show me all attack paths using DCSync technique
-
Show me all attack paths that go through choke point XXX
-
-
Attack Path Analysis now includes an application navigator that allows users to search the entire application. When you select a search result, you automatically navigate to that page within Attack Path Analysis. You can look for pages in the application, queries in the query library, MITRE ATT&CK Heatmap categories, and more.
-
Added an AI Assistant button in the canvas interaction panel.
Bug Fix |
---|
[Findings] Fix “View Path” for a specific finding returning no results |
April 8, 2024
Attack Path Analysis reduced the data pipeline execution time by 25%. Additionally, Attack Path Analysis will only process licensed assets in order to optimize COGS and reduce data processing time.
March 18, 2024
In the MITRE ATT&CK section, Attack Path Analysis now includes support for the Msiexec technique.
Bug Fix |
---|
[GA] Fix invalid Subnet CIDR |
March 12, 2024
The Attack Path Analysis Discover section now includes an AI assistant for Asset Node and Attack Path explainability.
-
The MITRE Att&ck page now includes support for the Remote Access Software technique.
-
Attack Path Analysis has decreased the Top Attack Paths processing time from an average of 7 minutes to 1 minute, and the maximum processing time from 86 minutes to 45 minutes.
Bug Fix |
---|
[Side Panel] Fix Password nodes not clickable |
[Side Panel] Extend max displayed characters for node properties (25 to 50 characters) |
[Query Library] Fix built-in queries that are being processed show as enabled instead |
February 20, 2024
-
The Query Library now includes the following built-in queries:
-
Internet to Critical Assets
-
Computers without SMB Signing
-
Computers with LLMNR enabled
-
-
The Discover page now includes support for the SecurityControl/SecurityControlAgent search parameters.
Bug Fix |
---|
[Findings] Fix total findings count when navigating between pages |
February 15, 2024
Attack Path Analysis now supports the following Ransomware Queries within the Query Library:
-
LPHV Blackat
-
CL0P
-
LockBit
-
8base
-
Akira
Bug Fix |
---|
[Data] Improve identification of network access from external device. If a device is found in Nessus scan, it will be treated as internal. If the device is unknown or found in Tenable Attack Surface Management, and has a public IP address, it is identified as external access |
Fix filter search to be case insensitive |
February 12, 2024
Beginning in this release, users can see which users created/updated a bookmark within the Attack Path Analysis Query Library.
-
In the MITRE ATT&CK section, we have extended External Remote Services technique support for SSH and VNC protocols.
-
On all Discover/Findings pages, all additional information now appears in the side details panel.
-
On the Discover page, we removed the Tactics List in the canvas bracket to avoid flooding the screen with text.
January 30, 2024
Beginning in this release, the definition of the Path Priority Rating has changed:
-
Path Priority Rating (new metric) - prioritization metric for attack paths based on the exposure of the source, criticality of the target and the number of steps of the attack path.
-
Choke Point Priority (previously known as Path Priority Rating) - prioritization metric for attack techniques based on the number of attack paths exploiting the attack, the number of critical assets it leads to, and the complexity of the attack.
The new Discover landing page will now show the top attack paths by default. Additionally, you can now perform a search for asset nodes separately from attack paths by using the Asset Query Builder.
Attack Path Analysis now includes the following generative AI capabilities:
-
Attack Path Summarization - transforms the graphical representation of an attack path to natural language including title and executive summary. This enables our users to better understand the impact of attack paths and improve their ability to communicate it with the relevant stakeholders.
-
Mitigation Guidelines - The Findings Details page now includes the ability to get more practical mitigation guidelines. This improves the efficiency of users asking to act on findings and eliminate attack paths.
The attack path table is now the first step when searching attack paths. Each attack path has a title and summary. Each path has a new metric of Path Priority Rating, so users can better visualize the attack path.
When a user views an attack path, they can now drill down to the choke points (findings) that were found as part of the attack path.
January 23, 2024
Tenable is pleased to announce the redesigned License Information page, which streamlines how you view cloud license details on the Tenable platform.
On the License Information page, you can:
-
In Tenable One only, use visual overviews by product or time period to spot trends.
-
View license information for all Tenable products in your cloud container.
-
View license usage snapshots, such as total assets or available assets.
-
View license resource counts for all your cloud products.
The License Information page is available to all users. To learn more, see License Information.
January 22, 2024
Attack Path Analysis has added support for the following techniques:
-
Windows Credential Manager MITRE Attack Technique
Additionally, Attack Path Analysis now supports the following Trending Attack Paths:
-
APT28
-
APT33
-
Scattered Spider
-
Lockbit_3.0
-
Medusa
Bug Fix |
---|
[Discover] Fix invalid last active date for Nessus AD identities |
[Findings] Fix filters badge not visible when navigating from discover to findings |
[Findings] Add truncation for the long names in the findings table |
[Discover] Fix bookmarks deletion bug |