Tenable.ad 3.11 Release Notes (On-prem & SaaS) (2021-12-01)
New Features (SaaS)
Tenable.ad version 3.11 includes the following new features:
A new indicator of exposure lists dangerous permissions and misconfigured parameters related to the Windows Public Key Infrastructure (PKI).
New Features (dedicated for on-premises)
Secure communications between components via TLS using Tenable.ad's self-signed auto-generated certificate or a custom certificate.
A dedicated MSI for the security probe installation.
New Features (on-premises, previously available for SaaS)
A lockout policy to mitigate brute force attacks against authentication mechanisms. It aims to lock out user accounts after too many failed login attempts.
A product licensing feature to allow you to update your Tenable.ad license.
Ability to disable certain indicators of exposure without restarting the security engine node.
Support for the localization process.
Single domain recrawling to force the refreshing of data for a domain.
Use of native Server Message Block (SMB) mapping.
Upgrade of Node.js to v16.
Tenable.ad version 3.11 contains the following bug fixes:
|Bug Fix||Defect ID|
|Tenable.ad purges the previous version's events from internal queues after each upgrade.||N/A|
|The analytics service successfully reconnects to the RabbitMQ server after failures.||N/A|
|The indicator of exposure C-PASSWORD-POLICY is more resilient against a specific corner case.||N/A|
|Tenable.ad ignores InheritOnly ACEs when it checks ACLs to avoid false positives.||N/A|
|The trail flow no longer freezes.||N/A|
|The indicators of attack requiring Sysmon tolerate better versions of Windows event, which strengthens detection.||N/A|
|Tenable.ad correctly flushes out Login event (4624) from its cache memory after a Logoff event (4634).||N/A|
|Tenable.ad displays attacks that occur on the 1st day of the month in the correct month.||N/A|
|When you remove a GPO, Tenable.ad only displays the deleted event.||N/A|
|When the SYSVOL connection breaks, Tenable.ad renews the connection to allow the listener to fetch new events.||N/A|
|The allow lists for Credentials Roaming users and groups now accept the samAccountName format.||N/A|
This patch also updates OpenSSL-related software to address the security issue CVE-2022-0778.
|SQL services are running when upgrading from version 3.11.3.||N/A|
|Split architecture installations include TLS options.||N/A|
|Rabbit MQ correctly resumes after upgrading from version 3.1.5 to 3.11.3.||N/A|
|Event insertion no longer affects performance.||N/A|
|Events for Indicators of Attack do not consume too many memory resources.||N/A|
|The Tenable.ad installer pre-fills values for IP/ports from variables during an upgrade.||N/A|
|The upgrade correctly considers existing certificates.||N/A|
|The SQL service account can now access local certificates.||N/A|
|Tenable.ad updates group members when they change Organizational Units (OU).||N/A|
|The Security Probe installer completes after a reinstallation.||N/A|
|The Tenable.ad installer verifies that the PFX certificates are valid.||N/A|