Tenable Vulnerability Management Platform Release Notes - March 2021

Important Highlights from this Release

Tenable Vulnerability Management

  • On the FedRamp site, the Resource Center ? icon (in the upper-right corner, next to Quick Actions) now correctly links to the documentation.

Tenable Web App Scanning

  • DOM Element Exclusions – DOM element exclusions prevent scans from interacting with specific page elements and their children. A new option allows users to specify DOM elements using either their CSS attributes or the text displayed by the element. This setting is available for Scan, Overview, and PCI scan templates. For more information, see Assessment Settings in the Tenable Vulnerability Management User Guide and DOM Element Exclusion on the Tenable Developer Portal.

  • Updated default Tenable Web App Scanning scan templates settings – In order to better address modern web sites where the size of required Javascript files has greatly been increased, the default value for the following Tenable Web App Scanning scan template settings has been updated:

    • MAX RESPONSE SIZE: Value has been increased from 500000 (500kb) to 5000000 (5Mb)

    • NETWORK TIMEOUT: Value has been increased from 5 to 30 seconds

    • BROWSER TIMEOUT: Value has been increased from 30 to 60 seconds

Tenable Lumin

  • Cyber Exposure Alerts Widget – This new widget highlights current threats identified by the Tenable Research Team. This view gives users crucial insight on how those threats may be impacting the exposure in their environment by displaying what % of total assets are likely impacted by a specific threat.

  • Links to Remediation Maturity, Assessment Maturity, and Business Context are now available in the left navigation menu.

PCI

  • Reason for Attestation Submission with Undisputed Failures – When submitting an attestation with undisputed failures, users now have the possibility to explain why they would like to submit this attestation to analysts by selecting a reason among a predefined list and providing additional comments.

  • Executive and Details Report Updates – Results included in attestation reports are now ordered by IP address (low to high), CVSS Score (high to low) and Plugin ID (low to high).

  • Evidence File Upload Restrictions – To prevent uploads of file using formats known to be potentially infected by malware, importing an evidence in a dispute is now restricted to the following file extensions: Nessus (.nessus), Nessus DB (.db), .pdf, .csv, .json, .txt, .bmp, .gif, .jpeg, .jpg, and .png.