Tenable Cloud Security 2.5.4 Release Notes (2022-10-31)

Important: Tenable has announced the End of Life for Legacy Tenable Cloud Security. You can continue to access the application and receive support through September 30, 2024. Tenable recommends that you move to the current version of Cloud Security immediately. For more details, see the End of Life bulletin.

Support for New Resources and Policies

Tenable Cloud Security now supports new resources and introduces the following policies for scanning these resources:

Resource Type Policy Severity
azurerm_iothub Ensure TLS 1.2 or greater is used for the IoT Hub. High
Ensure shared access policies for IoT Hub are not used. High
azurerm_iothub_dps Ensure shared access policies for IoT Hub Device Provisioning Service (DPS) are not used. High
Ensure that public network access is disabled for Azure IoT Hub Device Provisioning Service (DPS). Medium
azurerm_iot_security_solution Ensure IP addressed are masked in the logs for IoT Hub. Low
Ensure that the Microsoft Defender for IoT Hub is enabled. Medium
Ensure that the attribute 'baseline' in Defender for IoT is not set to false. Medium
Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to false. Medium
Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false. Medium
Ensure that the attribute 'edge_logging_option' in Defender for IoT is not set to false. Medium
Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to false. Medium
Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to false. Medium
Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to false. High
Ensure that the attribute 'ip_filter_deny_all' in Defender for IoT is not set to false. Medium
Ensure that the attribute 'privileged_docker_options' in Defender for IoT is not set to false. High
Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to false. Medium

User Interface Enhancements

  • Scan History now shows scan results sorted with the newer scans appearing at the top of the list.

  • Scan status refresh icon () now appears for scans in progress on the Manage scan profiles page.

  • When creating a new scan profile, the resources section remains expanded if a resource is selected for the scan profile in the Cloud config assessment options section.

  • The Cloud scan status column in the Projects tab now shows the status as Scanning IaC or Scanning cloud, depending on the type of scan that is in progress.

  • The Run Scan option in the Projects tab now selectively displays Cloud Scan, IaC Scan, or both, based on what is onboarded in a project.

  • Inconsistent titles of selected tabs are now fixed.

Email Alerts Disabled

  • Onboarding status emails are now disabled for any tenant account that has been active for less than 30 days.

  • Scan summary emails are now disabled.

Vulnerabilities Dashboard Enhancements

The Vulnerabilities Dashboard now has the Vulnerability by Project widget. For more information, see Vulnerabilities Dashboard.

Bug Fixes

Bug Fix
Tenable Cloud Security now supports Azure IoT Hub resources.
Fixed an issue with error messages displayed with failing policies.
Fixed an issue with incorrect results when scanning CloudFormation template.
Tenable Cloud Security now no longer shows terminated cloud resources and its associated violations.
Fixed an issue with CloudTrail and Slack alerts.