Tenable Identity Exposure 3.17 (2022-03-23)
New Features
-
New Indicators of Attack: The DPAPI Domain Backup Key Extraction Indicator of Attack can detect a wide variety of attack tools that use LSA RPC calls to access backup keys.
For more information, see For more information, see DPIAPI Domain Backup Key Extraction in the Indicator of Attacks Reference Guide.
-
Maintenance page during upgrade (General access): During an upgrade of Tenable Identity Exposure, the system displays a dedicated page to inform you that maintenance is in progress.
-
Retirement of InfluxDB & Equuleus: Removed the current dedicated database that manages dashboard data to use SQLServer directly as for the rest of the platform.
Bug Fixes
Tenable Identity Exposure version 3.17 contains the following bug fixes:
| Bug Fix | Defect ID |
|---|---|
| Tenable Identity Exposure now counts users with an unknown userAccountControl attribute as active AD users. This can happen when the account provided in Tenable Identity Exposure does not have the right to read this attribute or a corresponding attribute set. This can lead to an increase in the total number of users in the dashboard or the license. For more information, see User Accounts in the Technical Prerequisites document. | N/A |
| Tenable Identity Exposure propagates changes — such as a move or rename — on an LDAP container to the container children. | N/A |
| Connection to the SYSVOL share succeeds even if you change the credentials. | N/A |