TOC & Recently Viewed

Recently Viewed Topics

SecurityCenter 4.0.1 Release Notes

The following list describes many of the changes that are included in SecurityCenter version 4.0.1, the significant issues that have been resolved and notes for upgrading. A PDF file of these release notes is also available here

Upgrade Notes

In 4.0.1, we now handle the following items during the upgrade:

  • Import Scans (Schedules) from SC3 - The upgrade wizard will import scans (both recurring and templates) and attached policies and assets. Credentials will still need to be re-associated to any scans that require them.
  • Audit files are now copied over from SC3 and added as Application audit files.
  • Fixed the assignment of repository and assets that were imported from a customer during migration. They are no longer added as organizational assets and are now added as user objects and shared to all users as defined and filterable assets. (In SecurityCenter 4.0, this affected any users other than the org head.)
  • Nessus certificates are now copied over during migration.
  • Individual Scan Results - A script is provided to import individual scan results (after import, results can be viewed from the "scan Results" page; they will not be re-imported into the cumulative database).
  • Vulnerability Trend Snapshots - A script is provided to import historical snapshots from an SC3 customer into a SecurityCenter 4 repository to retain vulnerability trend information.
  • Fixed an issue following an upgrade from SC3 where migrated LCEs initially had a status of "Invalid Certificate" that caused the inability to view events for pre-existing LCEs. The upgrade wizard now includes the known_hosts file during the copy of the RSA/DSA SSH keys.
  • If a custom SSL certificate is encountered, it will be preserved during the upgrade process; otherwise a new certificate will be dynamically generated.

* Other items that are not migrated include custom reports, one-time and dependent Nessus scans, raw log searches and IDS events.

After completion of the upgrade process from SC3 to SecurityCenter 4, be sure to allow a period of time for the upgrade process to complete the migration. Even though the wizard indicates the upgrade is complete, navigating the console may result in a server time-out.

Importing Vulnerability Trend Snapshots from SC3

Usage:

# convertSnapshots.php [Customer ID] [Repository ID] [Days]

Arguments:

  • [Customer ID] - A valid customer serial number from SC3
  • [Repository ID] - A valid repository ID from SecurityCenter 4
  • [Days] - Number of days from the current date to pull snapshots from SC3

Example:

# /opt/sc4/support/bin/php /opt/sc4/src/tools/convertSnapshots.php 10 1 30

Run the command without any arguments to obtain a list of existing repositories and customer IDs on the system.

Example:

# /opt/sc4/support/bin/php ./convertSnapshots.php
Usage:  ./convertSnapshots.php [Customer ID] [Repository ID] [Days]
        [Customer ID]   - A valid customer serial number from SC3
        [Repository ID] - A valid repository ID from SC4
        [Days]          - Number of days back from the current date to pull snapshots from SC3
        Example: ./convertSnapshots.php 10 1 30

Available Repositories:
        Repository Target1_ClassC's ID is 1
        Repository Target2_ClassC's ID is 2
        Repository Entire_Range's ID is 3

Importing Individual Scan Results from SC3

Usage:

# convertIndiScans.php [Customer ID] [Organization ID] [Days]

Arguments:

  • [Customer ID] - A valid customer serial number from SC3
  • [Organization ID] - A valid organization ID from SecurityCenter 4
  • [Days] - Number of days from the current date to pull individual scans from SC3

Example:

# /opt/sc4/support/bin/php /opt/sc4/src/tools/convertIndiScans.php 10 1 30

Run the command without any arguments to obtain a list of existing customers and organization IDs on the system.

Example:

# /opt/sc4/support/bin/php ./convertIndiScans.php
Usage:  ./convertIndiScans.php [Customer ID] [Organization ID] [Days]
        [Customer ID]     - A valid customer serial number from SC3
        [Organization ID] - A valid organization ID from SC4
        [Days]            - Number of days back from the current date to pull individual scans from SC3
        Example: ./convertIndiScans.php 10 1 30

Available Organizations:
        Organization Content's ID is 1
        Organization Test's ID is 2

The data migration tools are located in /opt/sc4/src/tools. You must have an existing SC3 installation on the same machine where you are executing the migration tools. The SecurityCenter services must be stopped before running this tool. If upgrading to 4.0.1 from 4.0 the scripts can still be used as long as the /opt/sc3 directory is still available on the system. Only run these scripts once. If a user runs these scripts more than once, the data does not overwrite and it will continue to add or duplicate data.

Changes and New Features

  • A native 64-bit build is now available for ES 5 platforms.
  • Scanning
    • Added support for su+sudo SSH credentials. Nessus recently added the ability to support su+sudo that allows a user to authenticate as user "user1" and then become user "user2" instead of user "root".
    • Added support for Cisco Compliance Checks as well as the required Cisco "Enable" privilege escalation attribute for SSH Credentials.
    • Plugin ID 10180 (Ping) is now ignored as far as license counts.
  • Accept/Recast Risk
    • Added two permissions to roles that will enable/disable the "Accept Risk" and "Recast Risk" functionality. Updated the default Manager role to have both permissions enabled and the default End User role to have them both disabled by default.
    • Added a details button on the admin screens for managing accept/recast risk rules. The details show who created it, what organization they are in and the ticket comments.
  • Alerts
    • An "Evaluate" button has been added to the alert module. The option allows an alert to be tested immediately whether or not it has met the configured time interval. This is useful for verifying new alerts after creation.
  • Reporting
    • Improved word-wrap feature for long plugin names with no spaces.
  • Vulnerability Analysis
    • New vulnerability list drill down to detail of IP/vuln.
    • In the "Detailed Vulnerability List" tool, the "Host Detail" Summary is now displayed when clicking on the IP address located in the vulnerability header.
    • A sort indication arrow is now displayed for the IP Address/DNS Name/MAC Address/NetBIOS Name column header in the "IP Summary Tool".
  • Job Scheduling
    • Previously, if the job scheduler (Jobd) was down for an extended period, all of the jobs that would have run were kicked off immediately upon restart. This has been changed so that missed jobs are cleared and schedules re-added on service restart.
  • Admin Dashboard
    • The LCE Overview dashboard now displays up to 1,000 LCE clients in a scrollable component, previously only 10 LCE clients were shown.
  • Configuration
    • When editing Repositories or Organizations, you can now reset Repository Access to all users within an Organization or restrict access to just the Organization Head.
    • Adjusted the default End-User role permissions - removed full scanning, policy creation and accept/recast risk permissions.
    • The 1024 character limitation has been removed for "IP Ranges" when adding/editing new scans, scan zones or repositories, as well as "Restricted Scan Ranges" in organizations.
    • The size of a repository's raw DB file (hdb.raw) is limited to 4 GB. If an import of vulnerability data is attempted that would exceed this limit, the import will fail with a log message indicating that the max size has been reached.
  • Online Help
    • Contextual Help has been added, clicking on the help link in the SecurityCenter 4 console will take you to the appropriate help page associated with the module you are currently viewing.

Fixes Previously Released for SecurityCenter 4.0.0 as Hotfix 01

SC 4.0.1 includes all fixes that were addressed as part of SecurityCenter 4.0.0 Hotfix 01, including the following:

  • Upgrade Related Error Messages
    • Addresses several issues that caused an "Unable to initialize upgrade wizard" error message. This error is followed by one or more additional messages including:
      • Unable to prepare users.
      • Unable to retrieve user details.
      • Unable to parse workflow configuration.
      • Unable to parse the Lightning-Proxy configuration file. The file is malformed.
    • The "Next" button is not enabled in the upgrade wizard when there is invalid data in a severity filter or a missing operand in pluginID query filter.
  • Compliance Scans
    • Corrects an issue in environments that had compliance data prior to the upgrade and were unable to run compliance scans afterwards.
  • Web Proxy
    • Plugin updates were not utilizing the proxy settings. The format for the web proxy host settings is now the same as it was for SC3.
      http://[ip]:[port]/ or https://[ip]:[port]/
  • Scan Policies
    • Attempting to change a new scan policy from user visibility to organizational visibility fails when the scan policy has an audit file attached to it.
  • LDAP Validation
    • LDAP validation prevented an organization's head user from using a blank password.
  • Scanning with Audit Files
    • When scanning with an audit, the wrong organization ID was sent to the scanner.
  • License Issue
    • An issue has been fixed where certain licenses would fail to work properly.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.