Tenable.ad 3.16 Release Notes (2022-03-11)

Note: These Release Notes apply to SaaS, except when specified as an on-premises version.

New Features

  • New Indicators of Attack:

    • NTDS Extraction: NTDS exfiltration refers to the technique that attackers use to retrieve the NTDS.dit database that stores Active Directory secrets such as password hashes and Kerberos keys.

      For more information, see NTDS Extraction in the Tenable.ad Administrator Guide.

    • SAM Name Impersonation: This Indicator of Attack detects an attacker who tries to exploit two vulnerabilities (CVEs) that can lead to an elevation of privileges on the domain from a standard account without any security skills.

      For more information, see SAM Name Impersonation in the Tenable.ad Administrator Guide.

Bug Fixes

Tenable.ad version 3.16 contains the following bug fixes:

Bug Fix Defect ID
Kerberos dangerous delegation now resolves after privileged path is corrected by deleting and recreating the domain. N/A
The whitelist now clearly specifies the expected format. N/A
The SQL server functions correctly after Attack Path activation. N/A
The notification email contains the correct image format. N/A
Control Path relations now consider the source and target type. N/A
Tenable.ad updates the children DN when it detects when a container move. N/A
It is no longer possible to delete the last user with an administrative role using the public API. N/A