Tenable Cloud Security 2.1 Release Notes (2021-12-21)

The dashboard has the following enhancements:

• Dashboard interface - The dashboard interface has been improved to better display trends for policies, issues, security insights, resources, service tickets, and PRs.

• Failing policies by categories - This is a new widget that displays policies that failed, categorized by the reason the policy failed.

• Potential issues in your assets - This is a new widget that displays failing policies, configuration drifts, and pipeline failures in your assets.

  

Issues in Terraform files are now highlighted while scanning the files.

The AWS organization onboarding is enhanced with the following features:

• Ensure that the resources with the same name do not exist.

• Added a warning not to change the account number.

• Added a note that the AccuricsReadOnlyRole should have an external ID listed in the output of the stack deployment.

• The Configure Master Account setting is now optional if you do not want to monitor the master account.

  

• The URLs have been updated to point to create stack/stacksets instead of list stack/stacksets.

You can configure the CloudTrail log monitoring feature if you have an existing AWS account with CloudTrail.

There is a new policy editor for custom policies with the following features:

• Easier user interface - The process of creating the policy follows a step-by-step workflow similar to creating a project or connection.

• Building policies - You can build policies against any cloud resource/schema supported by the IaC providers.

• Query builder - There is a simple visual query builder for setting conditions for the policy. This query builder supports AND and OR expressions. The query builder options are dynamic and based on the resource’s schema.

  

• Test policies - You can test policies against projects if you have user access.

• Policy-based operations - You can perform all the policy-based operations via the API

  

In the earlier release, the hidden CLI-generated projects were causing usability issues. These projects are now visible as Default projects.

The role-based access control (RBAC) for default projects has been updated with the following:

• If a user onboards a repository in pipeline mode, then the user is assigned a viewer role on the default-AWS project.

• If a user onboards using a config file for a specific project, then the user is assigned a viewer role on that project.

While connecting to a repository, you can now onboard all the repositories automatically. You can also select repositories later, on the Repositories tab under Projects & Connections. Scan logs are available for each repository that you onboard.

When you download a CSV file on the Policy Violations tab, the CSV file now includes the Cloud Account column with the cloud account number.

There is a new Ignored Policies tab for ignored policy violations. This tab has similar filters and escalation actions as the Failing Policies tab.