TOC & Recently Viewed

Recently Viewed Topics

SecurityCenter 4.2.0 Release Notes

The following list describes many of the changes that are included in SecurityCenter 4.2, as well as significant issues that have been resolved and notes for upgrading. A PDF file of these release notes is also available here.

Upgrade Notes

As of SecurityCenter and LCE Manager 4.2, a new license key is required. Please log into the Tenable Support Portal and choose to upgrade your existing license keys to SecurityCenter 4.2. If you have any issues upgrading your keys or wish to ask for a demo key for testing, please contact Support at support@tenable.com. In addition, if SecurityCenter leverages the LCE for log processing, LCE must be upgraded to version 3.6.1 for compatibility purposes.

The command syntax for an RPM upgrade is as follows:

# rpm -Uvh [RPM Package File Name]

If upgrading from 3.4.x, refer to the SecurityCenter 4.2 Upgrade Guide.

File Names & MD5 Checksums

File MD5
SecurityCenter-4.2.0-es4.i386.rpm 6885f0447b6d32035aefaf7e22a1af43
SecurityCenter-4.2.0-es5.i386.rpm 2060c27ef210a770bef14520a0b0f141
SecurityCenter-4.2.0-es5.x86_64.rpm 07374a3588a5d49d3923674b2c4a9704
SecurityCenter-4.2.0-es6.i386.rpm b506b5570cd6b96d5f85a1fedc0bb857
SecurityCenter-4.2.0-es6.x86_64.rpm 7a67a04027b256a6dc39ec3635250f97
LCEManager-4.2.0-es4.i386.rpm f4cae872f7bd644c30f98bcfd03451c3
LCEManager-4.2.0-es5.i386.rpm ab37d4508f39e077ec89e59a00200e81
LCEManager-4.2.0-es5.x86_64.rpm 827be253f7108f4bbb6f5fbe588a0947
LCEManager-4.2.0-es6.i386.rpm 183a3c2830859f94856bd8c883fb9c6d
LCEManager-4.2.0-es6.x86_64.rpm 5bd36a4d73ad32810208a53f2382c630

Changes and New Features

  • Analysis
    • Addition of a Scratchpad for enhanced data analysis
    • New analysis tools include: CVE Summary, MS Bulletin Summary, List Software
    • Ability to set default time window for LCE queries
    • View settings: allows you to include or exclude columns in the analysis screen
  • Dashboard
    • Matrix dashboard provides advanced charting
    • Sharing results of dashboard tabs
    • Import/Export dashboard tab definitions
    • Assign dashboard tabs on user addition
  • Filtering
    • Asset output filtering
    • Audit file filtering for vulnerability queries
    • Enhanced filters dialog, added new filter options for: CVE ID, MS Bulletin ID, Exploit Availability, Plugin Name and CVSS Score
  • Reporting
    • Custom Report Logo/Watermark image management
    • PDF Encryption with password
    • RTF output
    • Report Iterators
    • Create report while browsing underlying data
    • Reduced reporting memory consumption by utilizing temporay disk files for query results
  • Scanners
    • Scanner status update button
  • Scanning
    • Scan blackout windows
    • Remediation scans
    • PCI Plugin IDs 33929,33930,33931 moved from active to compliance vulnerability types for filtering
  • Scan Results
    • Nessus v2 import
    • Filter based on owner (applies to reports as well)
  • Repositories
    • Ability to download cumulative scan results
    • Remote repository synchronization scheduling
    • Ability to enable/disable trending snapshots per repository
  • Queries
    • Ability to query for tickets, alerts and users
  • Management
    • Purge individual scan results, report results and closed tickets
      • Individual Scan Results purge defaults to 365 days and it is recommend that users review the settings in System -> Configuration -> Miscellaneous -> Data Expiration
    • Added new object permissions - "Edit Organizational Asset", "Edit Organizational Policy", "Edit Organizational Query", "Edit Organizational Credentials", "Manage Report Images" and "Manage Blackout Windows"
  • Miscellaneous
    • Disabled SSLv3 protocol and allowing only TLSv1 for the web server
    • The file names and locations of passive/active plugin downloads has changed

Bug Fixes

  • Scanning
    • Ranges outside of zones will not cause scan to fail when using the default zone

4.2.0 Update 1 (4.2.0.1) (7/7/2011)

This update addresses several issues in SecurityCenter 4.2.0 including:

  • Convert compliance pluginIDs to match local SC for remote/offline repositories
  • Database locking issues
  • New SC4.swf
    • Include external dependencies
    • Screen size fix for Login Banner and filter screen
    • Added limit to dropdown size and includes a scrollbar for larger lists
    • Fixes an issue when browsing to end of records
  • Untar issue under ES 4 affecting plugin updates (Active/Passive pluginupdates)
  • Nessus V2 file import port/server parsing issue
  • Plugin Filters: Audit files not populating in the dropdown for Reports and Alerts
  • Better handling of HTML special characters when generating reports
  • Bug preventing some admin/tmp file cleanup
  • Error message cleanup
    • Nightly cleanup job complains on ticket delete
    • Tickets - undefined variable (assigneeID)
    • Recast/Accept Risk - Deleting Rules produces undefined variable error messages
    • Removes PHP notice and warning when editing a report that contains an iterator
    • Removes PHP notice when editing a role
  • Configuration database: Passive plugin type and Suffix correction
  • New debug script

4.2.0 Update 2 (4.2.0.2) (9/19/2011)

This update is cumulative to include changes from 4.2.0.2 and addresses several issues in SecurityCenter 4.2.0 including:

  • Apache HTTP Server upgraded to version 2.2.21 - (CVE-2011-3192) Apache httpd Byte Range Filter DOS.
  • Addresses an issue when Copying scan policies with attached files
  • Added a User-Agent header for plugin authentication
  • Better handling of HTML special characters when generating reports
  • Startup script properly handles stale PIDs for Jobd and lightning-proxy
  • Online Help System improvements

File Name & MD5 Checksum:

File MD5
SC4.2.0.2_Update_Package.tar.gz 3eda58c261799a4ccffb3ad32da7e91a

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.