Tenable Vulnerability Management Platform Release Notes - April 2021

Important Highlights from this Release

Tenable Vulnerability Management

  • For the FedRamp site, the Resource Center ? icon (in the upper-right corner of the page, next to Quick Actions) now correctly links to the Documentation site.

  • A new Tenable Vulnerability Management widget for the Microsoft Exchange Server ProxyLogon/Hafnium vulnerability. The new widget will be part of the Vulnerability Management Overview dashboard and the widget library.

    In March 2021, Microsoft released critical security updates for four zero-day Microsoft Exchange Server vulnerabilities, now commonly known as the ProxyLogon/Hafnium exploit. Tenable released plugins for Microsoft Exchange Servers which can be used to determine which systems are vulnerable in the environment.

    For more information, see Vulnerability Management Overview in the Tenable Vulnerability Management User Guide.

  • Updated user experience for creating and editing custom widgets.

    • It is now easier and more intuitive to create new custom widgets.

    • The widget preview is now separate from the data configuration area to minimize confusion.

    • When switching widget types, the widget preview is auto-updated so that the user can quickly see and decide which widget type would best visualize the data.

  • Updated user experience for creating and editing custom dashboards.

    • It is now easier and more intuitive to create or edit user dashboards.

    • It is now simpler to add either a library widget or a custom widget onto your dashboard.

    • It is now easier and more intuitive to edit, delete, filter, or organize widgets on a user dashboard.

  • Updated user experience for scheduling and exporting dashboards.

    • You can now perform a one-click export for dashboards, to make it easier to perform the most common action on a dashboard.

    • It is now easier and more intuitive to configure your scheduling options for dashboard exports (e.g., see how we automatically show you which day of the week your schedule will run based on when you scheduled it!)

    • The custom scheduling options are flexible so that you can schedule one dashboard export for a specific user, on a specific day, of the specific week, of the specific month.

Tenable Web App Scanning

  • Enabled Tenable Web App Scanning New UI for all Tenable Web App Scanning users – As of March 4, 2021, all Tenable Web App Scanning users have been migrated to the new UI, from where they can create and launch their scans and benefit from new features exclusive to the new UI. The classic UI will remain available to existing Tenable Web App Scanning users but in read-only mode to let the access to historical scan results.

  • Advanced Searches and Dashboard Drilldown Support – Advanced search functionality is now available to all Tenable Web App Scanning pages, allowing users to quickly access relevant information by using a large number of criteria and benefit from drilldown support in all Tenable Web App Scanning dashboards and widgets.

  • New Scan Templates section & Scans Tools button

    • A new Scan Templates section has added to Web App Scanning workspace, giving users direct access to all user-defined templates created exclusively for Tenable Web App Scanning scans.

    • A new Tools button is now available in Tenable Web App Scanning Scans page, allowing users to quickly access Tenable Web App Scanning related configuration sections like scan templates, credentials, scanners, and exclusions

  • User Template Configurable in Scan Configurations – Users are now able to change the user defined template selected during the scan creation in order to change which template the scan will rely on.

  • Tenable Web App Scanning Chrome Extension 1.2.2 – A new version of the extension has been released to remove support for Tenable Web App Scanning Classic UI and to redirect users to the Tenable Web App Scanning Scans section instead of the Tools sections when reviewing scan configuration

Tenable Lumin

Change factors impacting your Cyber Exposure Score are now available for any 14-day data point on the Cyber Exposure Score Trend widget.

  • Change factors for the current day can be clicked to drill-down into the a filtered Asset or Vulnerabilities view.

  • You cannot click change factors from the past to drill-down.

Tenable PCI ASV

  • The dispute cloning process has been improved to propose PCI customers only attestations that have assets matching the ones available in the attestation for which the user wants to clone disputes for. For each attestation, the user can then review the list of disputes to be cloned before proceeding with the cloning.

  • Evidence upload logic has been improved and will now raise an error notification message when evidence is too large or has already been uploaded. Evidences will now also be available in completed attestations.

Sensor Proxy

Sensor Proxy version 1 is now generally available. Sensor Proxy provides Tenable Vulnerability Management customers with a concentration point for all inbound and outbound traffic to your Nessus Agents and Sensors. Additionally, Sensor Proxy also provides bandwidth conservation by providing caching for Nessus updates and plugins, as well as creating bulk requests for Nessus Agent scan jobs.

For more information, see the Sensor Proxy User Guide.

API

For more information about recent changes to the API, see the Changelog on the Tenable Developer Portal.