Tenable.io Platform Release Notes - April 2021

Important Highlights from this Release

Tenable.io

  • For the FedRamp site, the Resource Center ? icon (in the upper-right corner of the page, next to Quick Actions) now correctly links to the Documentation site.

  • A new Tenable.io widget for the Microsoft Exchange Server ProxyLogon/Hafnium vulnerability. The new widget will be part of the Vulnerability Management Overview dashboard and the widget library.

    In March 2021, Microsoft released critical security updates for four zero-day Microsoft Exchange Server vulnerabilities, now commonly known as the ProxyLogon/Hafnium exploit. Tenable released plugins for Microsoft Exchange Servers which can be used to determine which systems are vulnerable in the environment.

    For more information, see Vulnerability Management Overview in the Tenable.io Vulnerability Management User Guide.

  • Updated user experience for creating and editing custom widgets.

    • It is now easier and more intuitive to create new custom widgets.

    • The widget preview is now separate from the data configuration area to minimize confusion.

    • When switching widget types, the widget preview is auto-updated so that the user can quickly see and decide which widget type would best visualize the data.

    For more information, see Create a Custom Widget in the Tenable.io Vulnerability Management User Guide.

  • Updated user experience for creating and editing custom dashboards.

    • It is now easier and more intuitive to create or edit user dashboards.

    • It is now simpler to add either a library widget or a custom widget onto your dashboard.

    • It is now easier and more intuitive to edit, delete, filter, or organize widgets on a user dashboard.

    For more information, see Create a Dashboard in the Tenable.io Vulnerability Management User Guide.

  • Updated user experience for scheduling and exporting dashboards.

    • You can now perform a one-click export for dashboards, to make it easier to perform the most common action on a dashboard.

    • It is now easier and more intuitive to configure your scheduling options for dashboard exports (e.g., see how we automatically show you which day of the week your schedule will run based on when you scheduled it!)

    • The custom scheduling options are flexible so that you can schedule one dashboard export for a specific user, on a specific day, of the specific week, of the specific month.

    For more information, see Export a Dashboard in the Tenable.io Vulnerability Management User Guide.

Tenable.io Web Application Scanning

  • Enabled WAS New UI for all WAS users – As of March 4, 2021, all WAS users have been migrated to the new UI, from where they can create and launch their scans and benefit from new features exclusive to the new UI. The classic UI will remain available to existing WAS users but in read-only mode to let the access to historical scan results.

    For more information, see The New WAS Interface in the Tenable.io Web Application Scanning User Guide.

  • Advanced Searches and Dashboard Drilldown Support – Advanced search functionality is now available to all WAS pages, allowing users to quickly access relevant information by using a large number of criteria and benefit from drilldown support in all WAS dashboards and widgets.

    For more information, see Vulnerabilities, View Vulnerabilities by Plugin, View Vulnerabilities by Application, Vulnerability Filters, Application Filters, and Scan Filters in the Tenable.io Web Application Scanning User Guide.

  • New Scan Templates section & Scans Tools button

    • A new Scan Templates section has added to Web App Scanning workspace, giving users direct access to all user-defined templates created exclusively for WAS scans.

    • A new Tools button is now available in WAS Scans page, allowing users to quickly access WAS related configuration sections like scan templates, credentials, scanners, and exclusions

  • User Template Configurable in Scan Configurations – Users are now able to change the user defined template selected during the scan creation in order to change which template the scan will rely on.

  • Tenable.io WAS Chrome Extension 1.2.2 – A new version of the extension has been released to remove support for Tenable.io WAS Classic UI and to redirect users to the WAS Scans section instead of the Tools sections when reviewing scan configuration

Lumin

Change factors impacting your Cyber Exposure Score are now available for any 14-day data point on the Cyber Exposure Score Trend widget.

  • Change factors for the current day can be clicked to drill-down into the a filtered Asset or Vulnerabilities view.

  • You cannot click change factors from the past to drill-down.

For more information, see View CES Details in the Tenable.io Vulnerability Management User Guide.

PCI

  • The dispute cloning process has been improved to propose PCI customers only attestations that have assets matching the ones available in the attestation for which the user wants to clone disputes for. For each attestation, the user can then review the list of disputes to be cloned before proceeding with the cloning.

    For more information, see Clone a Dispute in the Tenable.io Vulnerability Management User Guide.

  • Evidence upload logic has been improved and will now raise an error notification message when evidence is too large or has already been uploaded. Evidences will now also be available in completed attestations.

    For more information, see Create a Dispute in the Tenable.io Vulnerability Management User Guide.

Sensor Proxy

Sensor Proxy version 1 is now generally available. Sensor Proxy provides Tenable.io customers with a concentration point for all inbound and outbound traffic to your Nessus Agents and Sensors. Additionally, Sensor Proxy also provides bandwidth conservation by providing caching for Nessus updates and plugins, as well as creating bulk requests for Nessus Agent scan jobs.

For more information, see the Sensor Proxy User Guide.

API

For more information about recent changes to the API, see the Changelog on the Tenable Developer Portal.