Tenable Vulnerability Management 2023 Release Notes

Note: This beta feature is available to a limited pilot group and will be rolled out to a wider audience in the coming months.

• Tenable is pleased to announce new Change Result and Accept rules, which you can apply to Host Audit findings in Tenable Vulnerability Management.

• Use Change Result rules to alter the result of host audit findings and Accept rules to accept results without modifying them.

• Create and manage these new rules from two places in Tenable Vulnerability Management: Settings > Change Result/Accept and Explore > Findings > Host Audits.

Note: This beta feature is available to a limited pilot group and will be rolled out to a wider audience in the coming months.

• Get a breakdown of your Tenable products and their asset usage on the new License Information page.

• To access the License Information page, in the top navigation bar, click License Information.

• View information about each of your products in the Purchased Products section.

• View asset usage over time to spot trends such as product misconfigurations or temporary usage spikes.

• (Tenable One only) With the Usage Breakdown and Trend widget, get a snapshot of asset usage by product component.

Frictionless Assessment is now End of Provisioning, and new customers will not be able to deploy Frictionless Assessment connectors.

In line with Tenable's Life Cycle policy, on December 31, 2023, Frictionless Assessment will reach End-of-Support and will no longer receive support or updates. However, Frictionless Assessment features and connectors will continue to function until the feature is End-of-Life on December 31, 2024.

Customers seeking a cloud-scanning solution can utilize Tenable Cloud Security with Agentless Assessment for vulnerability management, cloud security posture management, and infrastructure-as-code scanning.

• New look and feel for Explore workbenches - Tenable is pleased to announce redesigned Explore workbenches with a modern layout and user interface.

• Asset tiles - Choose an asset tile to filter what data is shown. Asset tiles display the count for each asset type, which is affected by the filters you are using.

• Data visualizations - On the Assets page, click Show Visualizations to view interactive visualizations that break down your assets across a number of metrics and update based on applied filters.

• Active filters - Your current filters display at the top of the page. To remove a filter, click the X. Click Clear All to remove all filters.

• Change the grid view - Select Grid: Compact View for the default row height or Grid: Basic View for an expanded row height.

• Select a date range - Choose a date range to filter your assets by Last Seen. Select All Time to clear the filter. This filter is not available in Advanced mode.

• Customize table columns - Select or deselect columns to show or hide them from your tables.

• Drag and drop columns to arrange them.

• View info-level severity findings - Turn on the Include Info Severity toggle to show information-level severity findings. This toggle is off by default.

For more information, see Explore.

• Canned Roles - All Tenable-provided Canned Roles (i.e., Administrators, Scan Managers, Standard, Scan Operators, & Basic) can now access all licensed Tenable One applications, including Asset Inventory, Lumin Exposure View, and Attack Path Analysis (Enterprise customers only).

• Custom Roles - Administrators can control the level of access a given Custom Role user has to the Asset Inventory, Lumin Exposure View, and Attack Path Analysis applications.

For more information, see Tenable-Provided Roles and Privileges and Custom Roles.

The limit for Frictionless Assessment scans is one per day, whereas existing Frictionless Assessment connectors created before May 1, 2023 transmit inventory data more frequently. Frictionless Assessment drops data exceeding the frequency limit and does not scan it.

Note: The limitation does not apply to Tenable Container Security, Agentless Assessment, or Tenable Nessus Agent-based inventory scans.

Updated the plugin output data retention Search setting to automatically disable if unused for 35 days. Re-enable the setting to conduct a regex search on plugin output for all scans from that point onward. Only use this setting if you need to perform regular expression searches within the Explore user interface.

For more information, see General Settings.

You can now enable or disable Tenable.io from processing Info-severity plugins with the Process High Traffic Info Plugins general setting. Disabling this setting can improve export performance and end-to-end processing times per scan.

For more information, see General Settings.

As part of a continuous effort to improve the accuracy and utility of Tenable Lumin, we’re making improvements in how the Assessment Maturity scores are calculated. This may result in score changes for some customers. The change is a result of modifications in determining which assets are licensed and which assets have been authenticated within the last 90 days.

How is Assessment Maturity calculated?

• Each asset gets:

  • Scan Frequency score: based on how often the asset was scanned in the last 90 days
    

  • Scan Depth score: determined by whether or not the asset was in an authenticated scan in the last 90 days. (Previously this also incorporated Scan Policy Coverage, but that is no longer the case.)

  • Assessment Maturity score: (Scan Frequency score + Scan Depth score) / 2

• The container and/or business context scores are calculated as:

  • Scan Frequency score: the average of the asset Scan Frequency scores.

  • Scan Depth score: the average of the asset Scan Depth scores.

  • Assessment Maturity score: the average of the Assessment Maturity scores.

Overall Updates

• All features within Tenable Lumin are now part of the Tenable One Platform.

• We use a common data source for asset counts and findings.

• Assessment Maturity no longer includes Scan Policy as part of the Scan Depth calculation.

• We now rely on last_licensed_at and last_authenticated_at fields to determine which assets are licensed, and which assets have been authenticated (assessed as completely as possible) in the last 90 days. Previously, we inspected each scan to track authentication. In many cases, customers had various scans with different policies that caused limitations in our ability to maintain an accurate count over long periods of time.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

What it means if your score went down.

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

Depth Grade Updates

• Because we deprecated the Plugin Coverage widget, the “Depth Grade” score is now only based on the Authentication Coverage.

• If an asset has been assessed via an authenticated scan, it will get a Scan Depth score of 100.

• All unauthenticated assets will get a Scan Depth score of 10.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

What it means if your score went down:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the vTenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

• The scan depth score could go down if the percentage of authenticated assets has gone down. This could happen in one or both of the following ways:

  • After the change in the data platform, there may be a change to the number of licensed assets. This could lead to a reduction in the percentage of authenticated assets.

  • Under the old method of checking each scan for authentication, a greater number of assets may have been regarded as authenticated compared to the new method of using the last_authenticated_at date to assess when an asset was last authenticated.

Authentication Coverage Updates

• The Authentication Coverage Scoring widget is now using a far simpler model. We now review each asset looking only at a partial attribute, “last_authenticated”. This attribute is now available in the Tenable One platform. We now are aware of all the new scan types that were not available previously (for example, Frictionless and policy based agents). In the past we attempted to review each scan and its policy, reviewing the number of plugins and state of authentication. This model did not support the new scan types and caused issues and bugs.

Scan Policy Coverage Updates

• This widget has been deprecated.

• Because this widget is deprecated, the “Depth Grade” score is now only based on the Authentication Coverage.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

What it means if your score went down:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

There have been no changes to the Frequency Grade calculations.

As part of a continuous effort to improve the accuracy and utility of Tenable Lumin , we’re making improvements in how the Remediation Maturity scores are calculated. This may result in score changes for some customers.

Overall Updates

• All features within Tenable Lumin are now part of the Tenable One Platform.

• We use a common data source for asset counts and findings.

• The 90 day window for filtering old vulnerabilities is now a true rolling window from the current date. Previously, it was a window from the last scan on an asset.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

• Improved score is most likely down to improved visibility on coverage. With the migration to the Tenable One platform, we have also realized significant improvements with vulnerability state tracking. This provided an increase in the overall accuracy of this statistic as it is now more timely.

What it means if your score went down:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

• Additional changes to your grade/score will be directly related to the change in your Remediation Reponsiveness grade.

Remediation Responsiveness Grade Updates

• We no longer include the Average time Remediation time Since Publication data in the calculation of the Remediation Responsiveness Grade.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

What it means if your score went down:

• More/fewer licensed assets on Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

Average Remediation Time Since Discovery Updates

The VPR severity used for calculations is using the current VPR score. This ensures that severity weights are synchronized across the platform. Previously, the VPR values were taken from the day when the asset was last scanned.

Average Remediation Time Since Publication Updates

The Sensor Proxy 1.0.7 release includes the following updates:

• Updated OpenSSL to version 1.1.1t.

  For more information, see the Tenable Security Advisory.

• Updated the default linking URL to sensor.cloud.tenable.com.

• Added a local resolver to nginx.conf.

• Added support for the following operating systems:

  • Oracle Linux 8 and 9

  • RHEL 8 and 9

For more information about Sensor Proxy, see the Sensor ProxyUser Guide.

For triggered scan histories, Tenable Vulnerability Management now shows a scan history entry for each 12 hour window of the past 7 days.

You can now export cloud misconfigurations in the CSV or JSON format. For more information, see Export Cloud Misconfigurations in the Tenable Vulnerability Management User Guide.

The Widget Library page now includes a New Custom Widget button to create custom widgets for Explore dashboards. For more information, see Create Custom Widgets for Explore Dashboards.

You can now share report templates with other users within your organization. The shared report templates can be accessed from the Shared Report Templates tab. For more information, see the Share Report Templates in the Tenable Vulnerability Management User Guide.

Reduced the size of the daily plugin updates that linked Tenable Nessus scanners receive from Tenable Vulnerability Management. This size reduction minimizes the bandwidth required for updates.

For more information, see Differential Plugin Updates in the Tenable Vulnerability Management User Guide.

You can now configure Tenable Vulnerability Management to send email notifications on completion of an export. The recipients receive an email and from the link in the email, the recipients can download the export results file by providing the correct password.

For more information, see the Export topics in the Tenable Vulnerability Management User Guide.

For vulnerability management scans, you can now hover over the scan status to view more status information in a pop-up window, such as the number of targets scanned and the elapsed or final scan time.

The scan status bar has also been updated with a new status: Publishing Results. This status shows while Tenable Vulnerability Management processes and stores the scan results.

For more information, see Scan Status in the Tenable Vulnerability Management User Guide.