Tenable.io Platform Release Notes - January 2021

Important Highlights from this Release

Tenable.io

  • Frictionless Assessment GA for all sites

Tenable.io Web Application Scanning

  • Report Generation Cache Invalidation Logic Enhancements

    • Once a WAS report is generated, T.io saves it. Previously, if a bug was identified during generation, a report could provide the wrong data. Now, if code changes are made to the report generation logic, the previously generated reports are discarded and a new report is generated using the patched code.

  • Added scan results summary section in HTML/PDF reports for aborted scans.

  • Added support for OpenAPI/Swagger files containing non-ASCII characters.

  • Add Input Type and Input Name elements in Vulnerability Identification tab.

  • Truncate Input Name element when value is too large.

Tenable Lumin

  • Business Context Details page, UI Refresh and exporting

    • The Business Context Details page has been updated, providing users more information and allowing them to export the entire dashboard or any widget on the dashboard to PDF, PNG, or JPG.

  • Business Context Table on Lumin Dashboard now supports up to 50 tags.

  • Various bug fixes and UI and text improvements.

PCI

  • The scan date is now displayed in the attestations and failures pages to let users know the age of the assets and findings being included in the attestations.

  • Deletion of scans in the PCI-ASV workbench has been improved, allowing users to quickly delete any PCI scan for which no attestation has been yet created, independently from the number of assets and results included in the scan.

  • Attestations now use by default the name of the scan the attestation has been created for.

  • PCI scan templates now include a note for the Target option to instruct customers how to best choose targets format - i.e. FQDN rather than IP address - to help improving scan results.

  • Executive Summary Report Section 3.a "Vulnerabilities Noted for each Component" contents are now sorted by IP and CVSS score.

  • Plugin information page now includes a link for the plugin CVSS information, allowing user to review the CVSS vector information directly from the NVD web site.