Tenable.io Platform Release Notes - March 2021

Important Highlights from this Release

Tenable.io

  • On the FedRamp site, the Resource Center ? icon (in the upper-right corner, next to Quick Actions) now correctly links to the documentation.

Tenable.io Web Application Scanning

  • DOM Element Exclusions – DOM element exclusions prevent scans from interacting with specific page elements and their children. A new option allows users to specify DOM elements using either their CSS attributes or the text displayed by the element. This setting is available for Scan, Overview, and PCI scan templates. For more information, see Assessment Settings in the Tenable.io Web Application Scanning User Guide and DOM Element Exclusion on the Tenable Developer Portal.

  • Updated default WAS scan templates settings – In order to better address modern web sites where the size of required Javascript files has greatly been increased, the default value for the following WAS scan template settings has been updated:

    • MAX RESPONSE SIZE: Value has been increased from 500000 (500kb) to 5000000 (5Mb)

    • NETWORK TIMEOUT: Value has been increased from 5 to 30 seconds

    • BROWSER TIMEOUT: Value has been increased from 30 to 60 seconds

Lumin

  • Cyber Exposure Alerts Widget – This new widget highlights current threats identified by the Tenable Research Team. This view gives users crucial insight on how those threats may be impacting the exposure in their environment by displaying what % of total assets are likely impacted by a specific threat. For more information, see Lumin Dashboard Widgets in the Tenable.io Vulnerability Management User Guide.

  • Links to Remediation Maturity, Assessment Maturity, and Business Context are now available in the left navigation menu.

PCI

  • Reason for Attestation Submission with Undisputed Failures – When submitting an attestation with undisputed failures, users now have the possibility to explain why they would like to submit this attestation to analysts by selecting a reason among a predefined list and providing additional comments. For more information, see Submit an Attestation for Review in the Tenable.io Vulnerability Management User Guide.

  • Executive and Details Report Updates – Results included in attestation reports are now ordered by IP address (low to high), CVSS Score (high to low) and Plugin ID (low to high).

  • Evidence File Upload Restrictions – To prevent uploads of file using formats known to be potentially infected by malware, importing an evidence in a dispute is now restricted to the following file extensions: Nessus (.nessus), Nessus DB (.db), .pdf, .csv, .json, .txt, .bmp, .gif, .jpeg, .jpg, and .png.

    For more information, see Create a Dispute in the Tenable.io Vulnerability Management User Guide.