Tenable.ad 3.11 Release Notes (2021-12-01)
New Features (SaaS)
Tenable.ad version 3.11 includes the following new features:
-
A new indicator of exposure lists dangerous permissions and misconfigured parameters related to the Windows Public Key Infrastructure (PKI).
New Features (dedicated for on-premises)
-
Secure communications between components via TLS using Tenable.ad's self-signed auto-generated certificate or a custom certificate.
-
A dedicated MSI for the security probe installation.
New Features (on-premises, previously available for SaaS)
-
A lockout policy to mitigate brute force attacks against authentication mechanisms. It aims to lock out user accounts after too many failed login attempts.
-
A product licensing feature to allow you to update your Tenable.ad license.
-
Ability to disable certain indicators of exposure without restarting the security engine node.
-
Support for the localization process.
-
Single domain recrawling to force the refreshing of data for a domain.
-
Use of native Server Message Block (SMB) mapping.
-
Upgrade of Node.js to v16.
Tenable.ad 3.11.4 (2022-01-24)
Patches
Tenable.ad version 3.11.4 contains the following patches.
| Patch | Defect ID |
|---|---|
| The Tenable.ad installer pre-fills values for IP/ports from variables during an upgrade. | N/A |
| The upgrade correctly takes into account existing certificates. | N/A |
| The SQL service account can now access local certificates. | N/A |
| Tenable.ad updates group members when they change Organizational Units (OU). | N/A |
| The Security Probe installer completes after a reinstallation. | N/A |
| The Tenable.ad installer verifies that the PFX certificates are valid. | N/A |
Tenable.ad 3.11 (2021-12-01)
Bug Fixes
Tenable.ad version 3.11 contains the following bug fixes:
| Bug Fix | Defect ID |
|---|---|
| Tenable.ad purges the previous version's events from internal queues after each upgrade. | N/A |
| The analytics service successfully reconnects to the RabbitMQ server after failures. | N/A |
| The indicator of exposure C-PASSWORD-POLICY is more resilient against a specific corner case. | N/A |
| Tenable.ad ignores InheritOnly ACEs when it checks ACLs to avoid false positives. | N/A |
| The trail flow no longer freezes. | N/A |
| The indicators of attack requiring Sysmon tolerate better versions of Windows event, which strengthens detection. | N/A |