Tenable.io Platform Release Notes - October 2020

Important Highlights from this Release

Tenable.io

  • The Resource Center is now available in Tenable.io. It consolidates help documentation, notifications, new releases, and other helpful content in one easy to access location.

  • New user interface enhancements. These changes are designed to allow users to access more information quickly and allow them to more easily assess and manage their vulnerabilities. A few key highlights include:

    • A new custom dashboard experience where you can create new dashboards from scratch or customize dashboards from a template. You can also easily set your preferred default dashboard.

    • Summary snapshot widgets with click-to-apply quick filters were added to key landing pages, including Assets and Vulnerability pages.

    • Redesigned Vulnerability Details page with key information and output details prominently displayed.

    • Ability to easily add a recast rule directly from the vulnerability details page within a specific asset view. You can also edit existing rules from the same page.

    • Quick Action button added to global menu bar, simplifying workflows and giving you quick and easy access to key actions.

  • The release of an Event History feature for the AWS and Azure Cloud Connectors. Event History will give cloud connector users an up to date history of the events going on with their cloud connectors. This will help inform users about their connector status during setup as well as debugging and general health status of their connectors. For more information, see View Connector Event History in the Tenable.io Vulnerability Management User Guide.

  • To improve performance, the Search feature for Hostnames and IPs, on the Asset Affected tab of Vulnerability Details page in the new Interface, was changed to use the "begins with" filtering operator instead of "contains". The "contains" operator continues to be available in the filters on the page.

  • Vulnerability Export public API endpoint will return 30 days worth of data, if no filters or no date based filters are applied. For more information, see the /vulns/export endpoint in the Tenable Developer Portal.

  • New and improved Dashboard Management. With the new dashboard management experience, you can create, edit, duplicate, or delete dashboards from a single place, as well as search dashboards or dashboard templates and also change your default dashboard. For more information, see Manage Dashboards in the Tenable.io Vulnerability Management User Guide.

  • Exporting Assets and VM landing pages. For more information, see Export a Full Dashboard in the Tenable.io Vulnerability Management User Guide.

Tenable.io Web Application Scanning

  • WAS Scan Notification Support

    • Customers can now be notified as soon as a WAS scan launched from the new UI completes by setting up a list of email addresses in their scan configuration.

  • Improved Scan Configuration Validation

    • The Web Application Scanning v2 API now returns more specific error messages when validating user input. WAS no gives the user the exact errors identified on each field specified by the user.

    • WAS scan configuration pages take benefit of the improved API response payload to provide to customers the exact validation error identified in the scan configuration or template.

  • New version of Tenable.io WAS Chrome Extension 1.1.0 has been released.

    • Users are now able to specify the type of scan, the scanner and the description to associate to the scans to be created from the extension.

    • The link included in the new scan creation success message, now directly opens scan configuration page in Tenable.io Web Application Scanning new UI instead of the scans page.

  • WAS API changes:
    • WAS scan configuration endpoints have been updated to support new notifications property.
    • WAS scan configuration endpoints error payloads have been updated to now include invalid field and associated error message.

Bug Fixes

Bug Fix Defect ID
Fixed vulnerabilities are still visible in WAS dashboard 00986197
Managed Credentials cannot be configured for WAS scan templates in Classic UI 01039460
Old WAS scans still marked as pending 01045941, 01077595, 01084005
Scan results cannot be accessed in new UI 01074204
Unable to launch scan migrated from classic UI 01070881
Email configuration is missing in new UI 01077241
Error when updating WAS user defined template 01081345
Plugin details cannot be accessed from scan results 01083195
WAS Statistics Widget provides incorrect scan statistics 01084359
Disabled schedule scans still launch on classic UI 01091776, 01090684
Drill-down from WAS executive dashboard widgets leads to an error 01092501
WAS asset still appears in Classic UI 01094815
Recast rules do not reject WAS plugins with IDs 112xxx 01093693
Fixed issues where the has_agent attribute was not properly applied to the assets. 01051804