2023 Tenable.ad Release Notes

Tenable.ad 3.43 (2023-03-22)

  • Secure Relay — The Secure Relay now supports HTTP proxy without authentication if your network requires a proxy server to reach the internet. For more information, see Secure Relay in the Tenable.ad Administrator Guide.

  • Onboarding — For enhanced security, the onboarding process now requires that users change the default credentials provided for the initial login when they log in for the first time. Tenable.ad also enhanced the rules for a new password.

  • ScalabilityTenable.ad improved the performance of Indicators of Attack on the service side to handle events of interest on a greater scale for better IoA accuracy and latency.

  • New Indicator of Attack — A new IoA called Unauthenticated Kerberoasting detects stealthy Kerberoasting attacks that bypass numerous detections.

Tenable.ad version 3.43 contains the following bug fixes:

Bug Fix Defect ID
Tenable.ad improved the Indicator of Exposure Application of Weak Password Policies on Users for heavy workload scenarios. N/A
Tenable.ad removed the RBAC permission related to workload quota. N/A
It is now possible to install the Relay on VM servers that do not have Internet Explorer. N/A
The IoA setup script now handles edge cases where a Resultant Set of Policy (RSOP) computation is not possible for the user running the script. N/A
The IoA NTDS Extraction can now exclude any configured process from its analysis. N/A

Tenable.ad 3.42 (2023-03-08)

  • Dashboard data availability — Enables reporting on compliance score, deviances count, and users count values over a new maximum 1 year time span (from one month).

Tenable.ad version 3.42 contains the following bug fixes:

Bug Fix Defect ID

Indicators of Exposure

  • Application of Weak Password Policies on Users introduces two new reasons to explain better two cases where you may think the GPO applies but in fact does not:

    • An Organizational Unit that contains computers may block the GPO inheritance.

    • A security filtering prevents the GPO from applying to computers.

  • Verify AAD SSO Account Password Last Change now resolves deviances when they apply to deleted AD objects.

  • Dangerous Kerberos Delegation now handles existing but empty Resource-Based Constrained Delegation (RBCD) attributes.

 N/A

Indicators of Attack

  • Reduced false positives/negatives for Tenable.ad attacks for the following IoAs: sAMAccountName Impersonation, Kerberoasting, OS Credential Dumping: LSASS Memory, DCShadow, and DPAPI Domain Backup Key Extraction.

  • OS Credential Dumping: LSASS Memory — shows more accurate process and username information when displaying the information in the UI and alerts.

 N/A

Secure Relay

  • Tenable.ad corrected an issue that disrupted the Relay's ability to send data and update itself.

  • Tenable.ad Secure Relay services have an increased resiliency to account for disruptive Windows updates that impacted event processing.

  • Tenable.ad now allows the reuse of the name of a formerly deleted relay.

 N/A
Tenable.ad no longer pushes an IoA configuration on the PDC in a deleted GPO. It now uses the installed IoA configuration for a more robust IoA automatic update experience. N/A
The Tenable.ad (Compliance) Score through the Public API now excludes deactivated checkers for the provided profile. This had led an incorrect score via the Public API. This is now improved and consistent with the Compliance Score available in the Tenable.ad UI. N/A
After deleting a directory, the Attack Path now refreshes its Tier0 graph. N/A
Tenable.ad improved the resiliency of the IoA setup script for subsequent installations of the script. N/A

Tenable.ad 3.41 (2023-02-23)

Tenable.ad version 3.41 contains the following bug fixes:

Bug Fix Defect ID

The renaming of the Tenable.ad GPO no longer has an impact on the automatic update feature of the Tenable.ad Indicator of Attack configuration.

 N/A
Tenable.ad now requires fewer permissions to obtain the same Indicator of Attack analysis. N/A
The Indicator of Attack PDF report no longer displays an erroneous header on the cover page. N/A
Elimination of false positives on the Tenable.ad GPO for these Indicators of Exposure: Verify Sensitive GPO Objects and Files Permissions and Domain Controllers Managed by Illegitimate Users. N/A

Tenable.ad 3.40 (2023-02-13)

  • LDAPS connectionTenable.ad can use the LDAPS (TCP/636) port to connect to your Active Directory in the Secure Relay architecture. This configuration is not possible in the IPSEC VPN environment.

Tenable.ad version 3.40 contains the following bug fixes:

Bug Fix Defect ID

Secure Relay:

  • Improved reliability in handling access-denied Indicator of Attack (IoA) SYSVOL files.

  • Enhanced memory handling for greater stability.

  • Permissions for Relay tasks appear in Tenable.ad's "Roles Management" tab only if your platform uses the Secure Relay architecture and not IPSEC VPN.

 N/A
AuthenticationTenable.ad now logs a successful login attempt after it validates it. N/A

Indicators of Attack:

  • Tenable.ad attack detection is now more accurate and reduces false negatives and false positives.

  • The IoA installation reestablishes security events logging.

 N/A

Tenable.ad 3.39 (2023-01-25)

  • Quicker and easier deployment of Indicators of AttackTenable.ad can now add or remove Indicators of Attack automatically from configured domain controllers without any manual intervention. For more information, see Install Indicators of Attack in Tenable.ad Administrator Guide.

  • Roles — Role configuration now allows you to set access to the Relay configuration.

Tenable.ad version 3.39 contains the following bug fixes:

Bug Fix Defect ID

Attack Path:

  • The page now shows a single menu bar.

  • Improved performance when computing Tier 0 access.

 N/A
Security — GraphQL suggestions no longer appear. N/A
Relay — The Relay can now resolve domains FQDNs. This allows you to use Kerberos on Secure Relay environments, if you also use it with a username in the UPN format in the Forest configuration. N/A
Bug Fix Defect ID

The event log consumption and other Relay events now occur in parallel to avoid memory leak issues.

 N/A
The Relay uninstaller no longer stops the Nessus Agent service. N/A

Relay installer:

  • Forces the use of TLS 1.2 for its connectivity test instead of the default TLS version.

  • Checks that the relay name is unique and asks you to select another name if it is not.

  • Checks that it can reach cloud.tenable.com before it installs the relay.

 N/A

Tenable.ad 3.38 (2023-01-11)

Tenable.ad version 3.38 contains the following bug fixes:

Bug Fix Defect ID
Tenable.ad dashboard widgets now show "0" instead of "No data" when it does not detect any deviants. N/A
Bug Fix Defect ID
Tenable.ad now checks for Secure Relay automatic updates every 15 minutes instead of daily. N/A