Attack Path Analysis 2024 Release Notes

Attack Path Analysis added support for the following:

• Enterprise Attack Path Techniques
  • Trust Modification - Find on-prem services with SSO configured to EntraID
  • Group Policy Discovery
• ICS Attack Path Techniques
  • Program Download - Engineering Stations with access to PLC
  • Remote System Discovery - All devices that are part of a backplane
  • Exploitation of Remote Services - CVEs allowing lateral movement between devices including network access validation
  • Hardcoded Credentials - Vulnerable devices configured with services allowing credential access

• PyTenable and API for Findings

• Performance improvement for multi-technique searching on the Discover page

• Attack Path Analysis added additional support for fixed Findings:

  • All findings that are resolved will be marked as Done and Archived.

  • All findings that are no longer part of an attack path will be marked as Archived within the relevant activity log.

• Attack Path Analysis includes new filters for Asset ID and Weakness ID on the Findings page. This feature allows customers to map from weaknesses to choke points.

  For example:

  • Show me all choke points leveraging weak password IoE

  • Show me all the choke points of asset XXX

• Attack Path Analysis includes new filters for Technique and Finding ID on the Discover page.

  For example:

  • Show me all attack paths using the DCSync technique

  • Show me all attack paths that go through choke point XXX
    

• Attack Path Analysis now includes an application navigator that allows users to search the entire application. When you select a search result, you automatically navigate to that page within Attack Path Analysis. You can look for pages in the application, queries in the query library, MITRE ATT&CK Heatmap categories, and more.

• Added an AI Assistant button in the canvas interaction panel.

Attack Path Analysis reduced the data pipeline execution time by 25%. Additionally, Attack Path Analysis will only process licensed assets in order to optimize COGS and reduce data processing time.

In the MITRE ATT&CK section, Attack Path Analysis now includes support for the Msiexec technique.

The Attack Path Analysis Discover section now includes an AI assistant for Asset Node and Attack Path explainability.

• The MITRE Att&ck page now includes support for the Remote Access Software technique.

• Attack Path Analysis has decreased the Top Attack Paths processing time from an average of 7 minutes to 1 minute, and the maximum processing time from 86 minutes to 45 minutes.

• The Query Library now includes the following built-in queries:

  • Internet to Critical Assets

  • Computers without SMB Signing

  • Computers with LLMNR enabled

• The Discover page now includes support for the SecurityControl/SecurityControlAgent search parameters.

Attack Path Analysis now supports the following Ransomware Queries within the Query Library:

• LPHV Blackat

• CL0P

• LockBit

• 8base

• Akira

Beginning in this release, users can see which users created/updated a bookmark within the Attack Path Analysis Query Library.

• In the MITRE ATT&CK section, we have extended External Remote Services technique support for SSH and VNC protocols.

• On all Discover/Findings pages, all additional information now appears in the side details panel.

• On the Discover page, we removed the Tactics List in the canvas bracket to avoid flooding the screen with text.

Beginning in this release, the definition of the Path Priority Rating has changed:

• Path Priority Rating (new metric) - prioritization metric for attack paths based on the exposure of the source, criticality of the target and the number of steps of the attack path.

• Choke Point Priority (previously known as Path Priority Rating) - prioritization metric for attack techniques based on the number of attack paths exploiting the attack, the number of critical assets it leads to, and the complexity of the attack.

The new Discover landing page will now show the top attack paths by default. Additionally, you can now perform a search for asset nodes separately from attack paths by using the Asset Query Builder.

Attack Path Analysis now includes the following generative AI capabilities:

• Attack Path Summarization - transforms the graphical representation of an attack path to natural language including title and executive summary. This enables our users to better understand the impact of attack paths and improve their ability to communicate it with the relevant stakeholders.

• Mitigation Guidelines - The Findings Details page now includes the ability to get more practical mitigation guidelines. This improves the efficiency of users asking to act on findings and eliminate attack paths.

The attack path table is now the first step when searching attack paths. Each attack path has a title and summary. Each path has a new metric of Path Priority Rating, so users can better visualize the attack path.

When a user views an attack path, they can now drill down to the choke points (findings) that were found as part of the attack path.

Tenable is pleased to announce the redesigned License Information page, which streamlines how you view cloud license details on the Tenable platform.

On the License Information page, you can:

• In Tenable One only, use visual overviews by product or time period to spot trends.

• View license information for all Tenable products in your cloud container.

• View license usage snapshots, such as total assets or available assets.

• View license resource counts for all your cloud products.

The License Information page is available to all users. To learn more, see License Information.

Attack Path Analysis has added support for the following techniques:

• Windows Credential Manager MITRE Attack Technique
  

Additionally, Attack Path Analysis now supports the following Trending Attack Paths:

• APT28

• APT33

• Scattered Spider

• Lockbit_3.0

• Medusa