Tenable.sc 5.9.0 Release Notes (2019-02-11)

This release is end-of-life (EOL). Upgrade to a supported version. For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

If you are running version 5.5.0 or later, you can upgrade directly to version 5.9.0. If you are running a version earlier than 5.5.0, upgrade to version 5.5.0 before upgrading to version 5.9.0.

You can download the update files from the Tenable Downloads page.

Note: If your upgrade path skips versions of Tenable.sc (e.g., upgrading from 5.6.2 to 5.9.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

New Features and Functionality

SAML / Shibboleth Integration

This integration adds support for Security Assertion Markup Language (SAML) 2.0 and Shibboleth 1.3, giving customers multiple SSO/authentication options to streamline their security with one-click log in, centralized authentication, and increased security and convenience.

Tenable.sc now includes SimpleSAMLPHP 1.16.3 as a dependency when installing or updating Tenable.sc.

For more information, see SAML Authentication in the Tenable.sc User Guide.

Predictive Prioritization

A groundbreaking new innovation to help you understand the actual impact of the vulnerabilities in your environment so you can reprioritize vulnerabilities based on the probability that it will be leveraged in an attack. You will now see a new Vulnerability Priority Rating (VPR) for each vulnerability. This rating augments CVSS scores and represents the likelihood a given vulnerability will be exploited in the next 28 days, along with its severity. The rating is calculated nightly for every vulnerability Tenable tracks and factors in current threat intelligence information to help you prioritize vulnerabilities with the highest likelihood of impact to your organization. For more information view the Predictive Prioritization website.

For more information, see Vulnerability Analysis Filters in the Tenable.sc User Guide.

Industrial Security Integration

This integration will allow Tenable.sc customers with Industrial Security instances to import IS data into Tenable.sc. This will give customers the ability to access Tenable.sc’s powerful reporting and dashboard features.

For more information, see Industrial Security Instances in the Tenable.sc User Guide.

Automatic Scan Zone Distribution Restrictions

This new toggle will allow organizations with overlapping IP addresses in a scan zone to force a scanner to honor the restrictions based on the scan zones selected for a particular organization.

For more information, see Organizations in the Tenable.sc User Guide.

Changed Functionality

  • You can now filter by a combination of assets for agent data.
  • Plugin 112154 no longer counts against a Tenable.sc license.

Bug Fixes

  • Resolved an issue where a caching issue caused invalid trend lines.
  • Resolved an issue where combination assets did not work as expected.
  • Resolved an issue in viewing and using LDAP and DNS assets.
  • Resolved an issue submitting email addresses (user, reports, etc) that included special characters.
  • Restored an API Field (“orgName” in /currentUser::GET) to resolve issues with customer scripts and integrations.
  • Removed Scan Result ID from appearing in charts and report headings.
  • Resolved an issue where some scanners generated excessive error messages to the System Log.
  • Resolved an issue where scans would fail due to database errors.
  • Resolved an issue when filtering by CVSS v2 or v3 scores in combination with other filters.
  • Resolved an issue where credentials with privilege escalation did not work as expected.
  • Resolved an issue where drilldowns into Scan Results would generate an error if the scan referenced Audit Files with some unexpected formatting issues.
  • Resolved an issue where certificate-authenticated user accounts could not be edited to use another authentication method.
  • Resolved an issue where filtering on the Report Results page using the finish time filter parameter "all" did not work as expected.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with SecurityCenter 5.9.0:

Product Tested Version

7.1.4 and later

Nessus Manager 7.1.4 and later
Log Correlation Engine 5.0.6 and later
Nessus Network Monitor 5.1.1 and later
3D Tool 2.0 and later
Industrial Security 1.3.0 and later