Tenable Vulnerability Management 2023 Release Notes

Tenable has standardized Windows operating system (OS) name values that appear in the Tenable Vulnerability Management user interface. All Windows OS name values collected from credentialed scans now appear using the following format: <vendor> <os> <version> <edition> <update> (for example, "Microsoft Windows 11 Enterprise Build 22621").

Before this update, Windows OS name values would appear with minor variations based on whether Tenable Nessus scanners or Tenable Nessus Agents generated the data.

If you have built filters, saved searches, and tags that are filtered on expected variations of specific OS values (for example, Microsoft Windows Server 2019 Datacenter 10.0.17763), Tenable recommends updating these saved filters.

Note: This update only applies to Windows OS data in the English user interface. Tenable plans to release similar updates for other languages and OS types in the future.

For more information, see the Tenable Windows Host Data Normalization FAQ.

Tenable Vulnerability Management now shows tags or labels for assets imported from AWS, Azure, and GCP.

The Host Assets table now includes the following columns for cloud tags:

• Resource Tags — Specifies the tags or labels imported from the cloud provider. This field appears for assets with source as Cloud Discovery Connector.

  Note: Tenable Vulnerability Management imports tags and labels with the following considerations:

  • For AWS and Azure, the limit is 50 tags per resource.

  • For GCP, the limit is 64 labels per resource.

  • Tenable Vulnerability Management does not support importing JSON strings for Azure tags.

• Cloud Provider — Indicates whether the asset is from AWS, Azure, or GCP

For more information, see Host Assets.

The Assets filters now include the following Host Asset filters:

• Cloud Provider — The cloud provider for the asset — AWS, Azure, or GCP

• Resource Tags (By Key) — The key in the key-value pair of the tags or labels imported from the cloud provider.

• Resource Tags (By Value) — The value in the key-value pair of the tags or labels imported from the cloud provider.

• Source — Includes a new value for the source of the scan: Cloud Discovery Connector.

  Note: Tenable Vulnerability Management shows this source for compute assets with imported resource tags.

  • For existing assets, the Source column shows Cloud Discovery Connector along with the existing source (AWS, Azure, or GCP).
  • For new assets, the Source column shows Cloud Discovery Connector.
  • See the Cloud Provider column to view from where the asset is imported from.

For more information, see the Host Assets section in the Asset Filters topic.

Tenable has added new filters and columns to the Findings workbench. These additions enhance how you work with asset tags.

• With the Asset Tags filter, search the Findings workbench for vulnerabilities or host audits that contain the asset tags you specify.

• In the Asset Tags column on the Findings workbench, view all asset tags for a finding.

For more information, see Findings Filters.

You can now transmit Tenable OT Security assets and findings data to Tenable Vulnerability Management by setting up OT connectors. Once you create and enable an OT connector, you can see all your Tenable OT Security assets and risks in the Tenable Vulnerability Management workbenches.

Use the OT Connectors tab in the Sensors menu to create, modify, and delete OT connectors. For more information, see OT Connectors in the Tenable Vulnerability Management User Guide.

Tenable has simplified the Plugin Output filter on the Findings workbench. This filter now uses operators instead of regular expressions.

For more information, see Findings Filters.

Tenable is pleased to announce the Relocate Open Port Findings setting, which simplifies how open ports are displayed across Tenable Vulnerability Management, unlocks new filters and tag rules, and speeds up your scan times.

Administrators can enable this feature in Settings > General > Scanning.

Relocate Open Port Findings does the following:

• Adds a new Open Ports tab on the Asset Details page for host assets.

• Adds a new Open Ports asset filter to the Assets workbench.

• Adds a new Open Ports tag rule to the Tags page.

• Adds the ability to export open port data from the Assets workbench.

• Disables the High-Traffic Info Plugins setting, which Tenable plans to retire.

For more information, see General Settings.

The Workspace page appears when you log in to Tenable. In addition, administrators can change which custom roles can access which Tenable One apps.

• To set a default app on the Workspace page, click on the app tile and select Make Default Login. This app now appears when you log in.

• To remove a default app on the Workspace page, click on the app tile and select Remove Default Login Page. The Workspace page now appears when you log in.

• (Tenable One-only) To control which custom roles can access which Tenable One apps, use new role settings. For more information, see Create a Custom Role.

Tenable Vulnerability Management now trims cells longer than 32,000 characters in Findings CSV exports so they will appear correctly in Microsoft Excel. To turn this feature off, select Untruncated Data.

For more information, see Export Findings.

Set a default app to appear when you sign in to Tenable, replacing the Workspace page. Or, remove your current default app.

This feature is for Tenable One customers only.

• To set a default app, on the Workspace page and the app tile, click and select Make Default Login.

• To remove a default app, on the Workspace page and the app tile, click and select Remove Default Login Page instead.

The Sensor Proxy 1.0.8 release includes the following updates and bug fixes:

• Enabled agent profile caching.

  For more information about agent profiles, see Agent Profiles.

• Updated OpenSSL to version 3.0.10.

  For more information, see the Tenable Security Advisory.

• Increased proxy buffer sizes for response reading to improve response handling (related to defects 01501252 and 01604236).

• Enabled TLS SNI for connections to Tenable Vulnerability Management (related to defect 01642584).

For more information about Sensor Proxy, see the Sensor Proxy User Guide.

Tenable has updated the Tenable Vulnerability Management user interface with the ability to create and manage agent profiles. You can use agent profiles to apply a specific version to your linked agents. This can be helpful for agent version testing; for example, you may want to schedule a testing period on a subset of your agents before upgrading all your agents to a new version. An agent profile allows you to apply a newer version to a subset of your agents for a limited time, and more broadly, allows you to upgrade and downgrade agents to different versions easily.

You can manage agent profiles in the Profiles tab under Settings > Sensors > Nessus Agents in the Tenable Vulnerability Management user interface.

Note: You cannot set agent profiles to versions earlier than 10.4.1. Agent profiles do not affect agents on versions earlier than 10.4.1.

For more information, see Agent Profiles.

• Ability to toggle access to licensed applications for Custom Roles:

  • Administrators can now control which custom roles have access to which Tenable applications.

  • Access toggles are available for the following apps:

    • Asset Inventory

    • Tenable Attack Surface Management

    • Attack Path Analysis

    • Tenable Cloud Security

    • Tenable Lumin

    • Lumin Exposure View

    • Tenable Vulnerability Management (formerly Tenable.io)

• Auto-provisioning SAML users with Role Mappings:

  • Previously, all users provisioned using SAML were assigned "Standard" role and required the Administrator to manually change their role.

  • Now, we support auto-provisioning SAML users and mapping their Role within their IdP. E.g. Tenable IT can both create a Tenable Vulnerability Management user and map them to a given role from within Okta.

  • We also added an option to reset the SAML user's role back to what was configured in the IdP. That is, if an Admin accidentally or intentionally changes a user's role manually, this will reset the user back to the role defined by IdP at each login.

Tenable has made enhancements to asset hostname detection in Tenable Vulnerability Management. These enhancements may result in updated hostnames for some assets, which will appear in the Explore workbench following a new scan. In addition, CSV exports of asset scans will now properly display hostnames or FQDNs where applicable.

Tenable is pleased to announce that the Explore workbenches in Tenable Vulnerability Management now display your actual finding or asset counts when that number exceeds 1,000, instead of only stating that there are more than 1,000.

For more information on the Explore workbenches, see Explore.

• From the Settings > Language panel, change your account's user interface language to English, French, or Japanese. Legacy workbenches are not supported.

• From the Settings > General panel, change the plugin language for all users in your container to English, Japanese, Simplified Chinese, or Traditional Chinese.

For more information, see Language or General Settings in the Tenable Vulnerability Management documentation.

Note: This beta feature is available to a limited pilot group and will be rolled out to a wider audience in the coming months.

• Tenable is pleased to announce new Change Result and Accept rules, which you can apply to Host Audit findings in Tenable Vulnerability Management.

• Use Change Result rules to alter the result of host audit findings and Accept rules to accept results without modifying them.

• Create and manage these new rules from two places in Tenable Vulnerability Management: Settings > Change Result/Accept and Explore > Findings > Host Audits.

Note: This beta feature is available to a limited pilot group and will be rolled out to a wider audience in the coming months.

• Get a breakdown of your Tenable products and their asset usage on the new License Information page.

• To access the License Information page, in the top navigation bar, click License Information.

• View information about each of your products in the Purchased Products section.

• View asset usage over time to spot trends such as product misconfigurations or temporary usage spikes.

• (Tenable One only) With the Usage Breakdown and Trend widget, get a snapshot of asset usage by product component.

Frictionless Assessment is now End of Provisioning, and new customers will not be able to deploy Frictionless Assessment connectors.

In line with Tenable's Life Cycle policy, on December 31, 2023, Frictionless Assessment will reach End-of-Support and will no longer receive support or updates. However, Frictionless Assessment features and connectors will continue to function until the feature is End-of-Life on December 31, 2024.

Customers seeking a cloud-scanning solution can utilize Tenable Cloud Security with Agentless Assessment for vulnerability management, cloud security posture management, and infrastructure-as-code scanning.

• New look and feel for Explore workbenches - Tenable is pleased to announce redesigned Explore workbenches with a modern layout and user interface.

• Asset tiles - Choose an asset tile to filter what data is shown. Asset tiles display the count for each asset type, which is affected by the filters you are using.

• Data visualizations - On the Assets page, click Show Visualizations to view interactive visualizations that break down your assets across a number of metrics and update based on applied filters.

• Active filters - Your current filters display at the top of the page. To remove a filter, click the X. Click Clear All to remove all filters.

• Change the grid view - Select Grid: Compact View for the default row height or Grid: Basic View for an expanded row height.

• Select a date range - Choose a date range to filter your assets by Last Seen. Select All Time to clear the filter. This filter is not available in Advanced mode.

• Customize table columns - Select or deselect columns to show or hide them from your tables.

• Drag and drop columns to arrange them.

• View info-level severity findings - Turn on the Include Info Severity toggle to show information-level severity findings. This toggle is off by default.

For more information, see Explore.

• Canned Roles - All Tenable-provided Canned Roles (Administrators, Scan Managers, Standard, Scan Operators, Basic) can now access all licensed Tenable One applications, including Asset Inventory, Lumin Exposure View, and Attack Path Analysis (Enterprise customers only).

• Custom Roles - Administrators can control the level of access a given Custom Role user has to the Asset Inventory, Lumin Exposure View, and Attack Path Analysis applications.

For more information, see Tenable-Provided Roles and Privileges and Custom Roles.

The limit for Frictionless Assessment scans is one per day, whereas existing Frictionless Assessment connectors created before May 1, 2023 transmit inventory data more frequently. Frictionless Assessment drops data exceeding the frequency limit and does not scan it.

Note: The limitation does not apply to Tenable Container Security, Agentless Assessment, or Tenable Nessus Agent-based inventory scans.

Updated the plugin output data retention Search setting to automatically disable if unused for 35 days. Re-enable the setting to conduct a regex search on plugin output for all scans from that point onward. Only use this setting if you need to perform regular expression searches within the Explore user interface.

For more information, see General Settings.

You can now enable or disable Tenable Vulnerability Management from processing Info-severity plugins with the Process High Traffic Info Plugins general setting. Disabling this setting can improve export performance and end-to-end processing times per scan.

For more information, see General Settings.

As part of a continuous effort to improve the accuracy and utility of Tenable Lumin, we’re making improvements in how the Assessment Maturity scores are calculated. This may result in score changes for some customers. The change is a result of modifications in determining which assets are licensed and which assets have been authenticated within the last 90 days.

How is Assessment Maturity calculated?

• Each asset gets:

  • Scan Frequency score: based on how often the asset was scanned in the last 90 days
    

  • Scan Depth score: determined by whether or not the asset was in an authenticated scan in the last 90 days. (Previously this also incorporated Scan Policy Coverage, but that is no longer the case.)

  • Assessment Maturity score: (Scan Frequency score + Scan Depth score) / 2

• The container and/or business context scores are calculated as:

  • Scan Frequency score: the average of the asset Scan Frequency scores.

  • Scan Depth score: the average of the asset Scan Depth scores.

  • Assessment Maturity score: the average of the Assessment Maturity scores.

Overall Updates

• All features within Tenable Lumin are now part of the Tenable One Platform.

• We use a common data source for asset counts and findings.

• Assessment Maturity no longer includes Scan Policy as part of the Scan Depth calculation.

• We now rely on last_licensed_at and last_authenticated_at fields to determine which assets are licensed, and which assets have been authenticated (assessed as completely as possible) in the last 90 days. Previously, we inspected each scan to track authentication. In many cases, customers had various scans with different policies that caused limitations in our ability to maintain an accurate count over long periods of time.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

What it means if your score went down.

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

Depth Grade Updates

• Because we deprecated the Plugin Coverage widget, the “Depth Grade” score is now only based on the Authentication Coverage.

• If an asset has been assessed via an authenticated scan, it receives a Scan Depth score of 100.

• All unauthenticated assets receive a Scan Depth score of 10.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

What it means if your score went down:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the vTenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

• The scan depth score could go down if the percentage of authenticated assets has gone down. This could happen in one or both of the following ways:

  • After the change in the data platform, there may be a change to the number of licensed assets. This could lead to a reduction in the percentage of authenticated assets.

  • Under the old method of checking each scan for authentication, a greater number of assets may have been regarded as authenticated compared to the new method of using the last_authenticated_at date to assess when an asset was last authenticated.

Authentication Coverage Updates

• The Authentication Coverage Scoring widget is now using a far simpler model. We now review each asset looking only at a partial attribute, “last_authenticated”. This attribute is now available in the Tenable One platform. We now are aware of all the new scan types that were not available previously (for example, Frictionless and policy-based agents). In the past we attempted to review each scan and its policy, reviewing the number of plugins and state of authentication. This model did not support the new scan types and caused issues and bugs.

Scan Policy Coverage Updates

• This widget has been deprecated.

• Because this widget is deprecated, the “Depth Grade” score is now only based on the Authentication Coverage.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

What it means if your score went down:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

There have been no changes to the Frequency Grade calculations.

As part of a continuous effort to improve the accuracy and utility of Tenable Lumin, we’re making improvements in how the Remediation Maturity scores are calculated. This may result in score changes for some customers.

Overall Updates

• All features within Tenable Lumin are now part of the Tenable One Platform.

• We use a common data source for asset counts and findings.

• The 90-day window for filtering old vulnerabilities is now a true rolling window from the current date. Previously, it was a window from the last scan on an asset.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the license count now boasts improved accuracy as well as includes assets from other sources. This change could result in a change in asset totals, ultimately changing the score.

• Improved score is most likely down to improved visibility on coverage. With the migration to the Tenable One platform, we have also realized significant improvements with vulnerability state tracking. This provided an increase in the overall accuracy of this statistic as it is now more timely.

What it means if your score went down:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Nessus scan-related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

• Additional changes to your grade/score will be directly related to the change in your Remediation Responsiveness grade.

Remediation Responsiveness Grade Updates

• We no longer include the Average time Remediation time Since Publication data in the calculation of the Remediation Responsiveness Grade.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

What it means if your score went down:

• More/fewer licensed assets on Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

Average Remediation Time Since Discovery Updates

The VPR severity used for calculations is using the current VPR score. This ensures that severity weights are synchronized across the platform. Previously, the VPR values were taken from the day when the asset was last scanned.

Average Remediation Time Since Publication Updates

Average Remediation Time Since Publication

Updates:

• The VPR severity used for calculations is using the current VPR score. This ensures that severity weights are synchronized across the platform. Previously, the VPR values were taken from the day when the asset was last scanned.

Average Vulnerabilities Per Asset Updates

The Average Vulnerabilities Per Asset data is no longer part of the coverage grade/score. These were previously included to provide a method to bolster assets with no vulnerabilities or in cases where the vulnerabilities are remediated even before being detected.

What it means if your score went up:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

What it means if your score went down:

• More/fewer licensed assets on the Tenable One Platform - If you migrated over to the Tenable One Platform, the counts are now focused on Tenable Nessus scan related activities. For example, in the previous model we included assets that were seen by Tenable Nessus Network Monitor. Because these assets counted towards the total, they were affecting the scores.

The Sensor Proxy 1.0.7 release includes the following updates:

• Updated OpenSSL to version 1.1.1t.

  For more information, see the Tenable Security Advisory.

• Updated the default linking URL to sensor.cloud.tenable.com.

• Added a local resolver to nginx.conf.

• Added support for the following operating systems:

  • Oracle Linux 8 and 9

  • RHEL 8 and 9

For more information about Sensor Proxy, see the Sensor Proxy User Guide.

For triggered scan histories, Tenable Vulnerability Management now shows a scan history entry for each 12-hour window of the past 7 days.

You can now export cloud misconfigurations in the CSV or JSON format. For more information, see Export Cloud Misconfigurations in the Tenable Vulnerability Management User Guide.

The Widget Library page now includes a New Custom Widget button to create custom widgets for Explore dashboards. For more information, see Create Custom Widgets for Explore Dashboards.

You can now share report templates with other users within your organization. The shared report templates can be accessed from the Shared Report Templates tab. For more information, see the Share Report Templates in the Tenable Vulnerability Management User Guide.

Reduced the size of the daily plugin updates that linked Tenable Nessus scanners receive from Tenable Vulnerability Management. This size reduction minimizes the bandwidth required for updates.

For more information, see Differential Plugin Updates in the Tenable Vulnerability Management User Guide.

You can now configure Tenable Vulnerability Management to send email notifications on completion of an export. The recipients receive an email and from the link in the email, the recipients can download the export results file by providing the correct password.

For more information, see Exports in the Tenable Vulnerability Management User Guide.

For vulnerability management scans, you can now hover over the scan status to view more status information in a pop-up window, such as the number of targets scanned and the elapsed or final scan time.

The scan status bar has also been updated with a new status: Publishing Results. This status shows while Tenable Vulnerability Management processes and stores the scan results.

For more information, see Scan Status in the Tenable Vulnerability Management User Guide.