Tenable Identity Exposure 3.16 (2022-03-11)
New Features
-
New Indicators of Attack:
-
NTDS Extraction: NTDS exfiltration refers to the technique that attackers use to retrieve the NTDS.dit database that stores Active Directory secrets such as password hashes and Kerberos keys.
For more information, see NTDS Extraction in the Indicator of Attacks Reference Guide.
-
SAM Name Impersonation: This Indicator of Attack detects an attacker who tries to exploit two vulnerabilities (CVEs) that can lead to an elevation of privileges on the domain from a standard account without any security skills.
For more information, see SAM Name Impersonation in the Indicator of Attacks Reference Guide.
-
Bug Fixes
Tenable Identity Exposure version 3.16 contains the following bug fixes:
| Bug Fix | Defect ID |
|---|---|
| Kerberos dangerous delegation now resolves after privileged path is corrected by deleting and recreating the domain. | N/A |
| The whitelist now clearly specifies the expected format. | N/A |
| The SQL server functions correctly after Attack Path activation. | N/A |
| The notification email contains the correct image format. | N/A |
| Control Path relations now consider the source and target type. | N/A |
| Tenable Identity Exposure updates the children DN when it detects when a container move. | N/A |
| It is no longer possible to delete the last user with an administrative role using the public API. | N/A |