TOC & Recently Viewed

Recently Viewed Topics

Security Center 3.4.4 Release Notes

Watch the SC 3.4.4 and LCE 3.2 Webinar with Tenable CTO, Ron Gula, including demonstrations of the new LCE 3.2 full log search functions.

The following list describes many of the changes that are included in Security Center version 3.4.4, the significant issues that have been resolved and notes for upgrading. A PDF file of these release notes is also available here.

Upgrade Notes

General Notes

As with any application, it is always advisable to perform a backup of your Security Center installation before upgrading.

Upgrading from 3.4.x

There are no special upgrade notes for those users running Security Center 3.4.0 or later. The command syntax for an RPM upgrade is as follows:

    # rpm -Uvh <RPM Package File Name>

Compatibility with other Tenable Software

There are a number of new features in Security Center 3.4.4 and Log Correlation Engine (LCE) 3.2 that are only available if both products are running the software versions that support the new features. The products will function together if they are not all upgraded; however, the new features will not function.

Upgrading from Pre-3.4.0 Security Center Versions

  • Please note that existing scan policies, as well as scheduled and template scan files will be modified as part of the update process. Please be sure to review these scan files after the upgrade and ensure that the PARENT_POLICY keyword is present.
  • Security Center version 3.4 is the first version to support Red Hat ES 5. Existing Security Center customers wishing to migrate their installations to ES 5 must first upgrade their current installation of Security Center to version 3.4, then follow the OS migration procedures as documented in the Customer Support Portal knowledge base article titled "Retaining Security Center 3 install when installing new OS".
  • It is recommended that all release notes for Security Center versions 3.4.0 and later be reviewed prior to upgrade. These release notes may be found on the Tenable Customer Support Portal in the Downloads section under the Security Center portion of the Security Center 3D Tool and xTool page.

Application Notes

General

  • FIPS 140 support has been compiled into the OpenSSL that is used by Security Center for secure socket layer connections.
  • The "mod_rewrite" functionality has been compiled into Apache as used by Security Center to enable users to configure their systems for completely encrypted browsing. Enable these settings by adding the following lines at the bottom of /opt/sc3/support/conf/httpd.conf and then restarting the Security Center web service:
    # mod_rewrite rules to convert URLs to use SSL
    RewriteEngine On
    RewriteMap lowercase int:tolower
    RewriteRule ^/(.*)$ https://${lowercase:%{SERVER_NAME}}/$1 
    
    For more information regarding "mod_rewrite" refer to the Apache documentation.
  • Security Center web server wget responses no longer include PHP or Web Server version information.

Data Query Tools/Query Results Display

  • The maximum number of log events viewable under "Analyze Logs" has been raised by increasing the number of digits allowed in the Output Filter input box of the Log Analysis screen from eight to ten. Input is further checked to ensure the results will display no more than 4,294,967,295 events - the maximum number of events the system is capable of displaying. Previously, the maximum number of viewable events was 9,999,999.
  • For FDCC requirements, all CVSS2 scores in the "full vuln detail" screen now have a URL that takes the score and populates a query to NIST for CVSS2 analysis.

LCE Server Related

  • Users now have the option under "Events" -> "Search Raw Logs" to view historical LCE data across multiple LCEs. Because of the potential for large amounts of LCE data, raw logs are stored compressed on the LCE servers and on the Security Center. This feature requires configuring two options in /opt/lce/daemons/lce.conf: "enable-log-archiving" and "archive-directory". Data collected through "enable-log-archiving" is stored in the directory specified by "archive-directory".
  • The LCE log archive module maintains usage statistics that are available through the console under "Events" -> "LCE Archive Status" for users who have enabled "enable-log-archiving" for compressed raw log storage.
  • User access is configurable on a "per-LCE" basis for raw log data stored using the "enable-log-archiving" function. Configure this option through "Users" -> "Manage LCE Access".

Nessus Related

  • Support for the Nessus Enable "CGI scanning" setting option is now available within the Security Center scan "Options".
  • Support for Database compliance checks is now available through Security Center scan "Options". Enable this option on the "Add New Scan" page through the checkbox "Perform Database Analysis" that enables or disables the database compliance check plugins. The supporting options are Username and Password, System ID, and database type. Available database scan targets include:
    • Oracle
    • Microsoft SQL Server
    • MySQL
    • PostgreSQL
    • DB2
    • Informix
    More information on Database Compliance checks is available within the Nessus Compliance Checks documentation at: https://plugins-customers.nessus.org/support-center/.

Scanning/Scan Policies

  • The contents of an audit file stored on the Security Center console are now viewable by double clicking on the file name within the scan "Compliance" window.
  • There is a new scan preference within the scan "Options" named "Start the Registry Service During a scan". This option temporarily enables the "Remote Registry" service on the scanned Windows systems to allow for more complete system scans.
  • If SSH keys are used for scan authentication, a "reset" button is now available to enable the addition of new SSH keys as needed.
  • Compliance policy files may now be deselected using the "Un-select audit files" command button available within the scan "Compliance" section.
  • When configuring SMB passwords, second and third passwords are now used. Previously there was an issue where a scan login would fail if the first SMB password field was left blank, but the second or third SMB password fields contained valid logins.

IDS Related

  • Support for the Sourcefire IMS IDS alert format has been added. The Sourcefire alert source must be configured as "Snort" for the alert input to be parsed properly.

Administration

  • A new option, "Remove old email archives after", is now available for the admin user under "Console" -> "Configure the Security Center" -> "Email Delivery Options". This option is configured by default to one month and is used to remove old sent emails from the Security Center. Previously these emails would build up indefinitely.

Reporting

  • Report Templates now use a new timeframe option "7d" that allows LCE/IDS queries to go back seven days from the current date. Previously, this timeframe option was not available causing report template options to be incorrectly overridden by LCE filter options.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.