Tenable.ad 3.11 Release Notes (2021-12-01)
New Features (SaaS)
Tenable.ad version 3.11 includes the following new features:
A new indicator of exposure lists dangerous permissions and misconfigured parameters related to the Windows Public Key Infrastructure (PKI).
New Features (dedicated for on-premises)
Secure communications between components via TLS using Tenable.ad's self-signed auto-generated certificate or a custom certificate.
A dedicated MSI for the security probe installation.
New Features (on-premises, previously available for SaaS)
A lockout policy to mitigate brute force attacks against authentication mechanisms. It aims to lock out user accounts after too many failed login attempts.
A product licensing feature to allow you to update your Tenable.ad license.
Ability to disable certain indicators of exposure without restarting the security engine node.
Support for the localization process.
Single domain recrawling to force the refreshing of data for a domain.
Use of native Server Message Block (SMB) mapping.
Upgrade of Node.js to v16.
Tenable.ad version 3.11.4 contains the following patches.
|The Tenable.ad installer pre-fills values for IP/ports from variables during an upgrade.||N/A|
|The upgrade correctly takes into account existing certificates.||N/A|
|The SQL service account can now access local certificates.||N/A|
|Tenable.ad updates group members when they change Organizational Units (OU).||N/A|
|The Security Probe installer completes after a reinstallation.||N/A|
|The Tenable.ad installer verifies that the PFX certificates are valid.||N/A|
Tenable.ad version 3.11 contains the following bug fixes:
|Bug Fix||Defect ID|
|Tenable.ad purges the previous version's events from internal queues after each upgrade.||N/A|
|The analytics service successfully reconnects to the RabbitMQ server after failures.||N/A|
|The indicator of exposure C-PASSWORD-POLICY is more resilient against a specific corner case.||N/A|
|Tenable.ad ignores InheritOnly ACEs when it checks ACLs to avoid false positives.||N/A|
|The trail flow no longer freezes.||N/A|
|The indicators of attack requiring Sysmon tolerate better versions of Windows event, which strengthens detection.||N/A|