SecurityCenter 4.4.0 Release Notes - 4/17/2012
The following list describes many of the changes that are included in SecurityCenter 4.4, as well as significant issues that have been resolved and notes for upgrading. A PDF file of these release notes is also available here.
Upgrades are only supported for those users running SecurityCenter 4.0.0 and later. Users upgrading from 3.4.x must first perform an upgrade to SecurityCenter 4.2 before attempting to install version 4.4. Refer to the SecurityCenter 4.2 Upgrade Guide.
SecurityCenter now only supports Nessus scanners 4.2 or later. In addition, if SecurityCenter leverages the Log Correlation Engine (LCE) for log processing, the LCE must be running a minimum of version 3.6.1 for compatibility purposes.
The command syntax for an RPM upgrade is as follows:
# rpm -Uvh [RPM Package File Name]
As of SecurityCenter 4.2 and LCE Manager 4.2, a new license key is required. If these products are being upgraded from a release prior to 4.2, please log into the Tenable Support Portal and choose to upgrade your existing license keys. If you have any issues upgrading your keys or wish to ask for a demo key for testing, please contact Support at email@example.com.
File Names & MD5 Checksums
Changes and New Features
- The scan proxy has been deprecated: SecurityCenter now utilizes the Nessus XMLRPC API to communicate to scanners. During the upgrade process, all defined scanner ports will be changed from 1241 to 8834, which is the default web server port for Nessus 4.2 and above. Note: if you have any firewalls between your SecurityCenter and Nessus scanners, the rules may need to be updated for the new port.
- Supports scanning by hostnames: Scan Targets can be entered as IPs or FQDNs
- Scanning of Virtual Hosts: supports up to 256 unique hostnames on a single IP address. A "node" is uniquely identified by the IP + hostname pair (meaning in the IP Summary tool, each IP + hostname pair will return as a separate record).
- Added Nessus v2 export: now has download options for both v1 or v2 format (deprecating the .NSR format)
- Added the Nessus "Informational" Severity: SecurityCenter now displays 5 levels of severity: Info, Low, Medium, High, Critical
- Ability to integrate with the Tenable Nessus Perimeter Service for outside-in scanning from the cloud.
- New Static Asset type to support hostnames: Names are resolved to IP addresses on Add/Edit and updated during a nightly job.
- New analysis tools included: IAVA Summary and DNS Name Summary
- Added the ability to set a default filter for vulnerability queries. This allows users with a large number of repositories to limit the initial query when first loading the screen.
- New vulnerability display filter options for DNS Name and IAVA ID
- LCE Search Bar: a search bar that provides quick access to the current or active filter
- Custom IP links added to the right-click context menu for easy access (for List of Events and IP Summary tools)
- New 'Quick Report' allows users to quickly create and run a template report with default values
- Support 'Iterator' for DNS Name
- Import/Export Report Template definitions
- Ability to export individual dashboard components as PNG images from the component menu
- Explicit Schedules for dashboard evaluation
- Ability to download cumulative scan results in Nessus v2 format
- Can now synchronize remote repositories allowing an n-tiered environment
- Displays scanner status, scanner, and web server version on the Scanner page
- Scanner Plugin Set is now displayed on the Scanner Detail screen
- Added a button to manually refresh scanner status
- Added an Enable/Disable button in the scanner definition. Disabled scanners will not be used in scans and plugins will not be pushed to them, but their status will continue to be updated.
- Now possible to upload authentication certificates for each scanner, rather than having one certificate for all scanners.
- Option to verify the certificate. If enabled, verifies the certificate's CA, checks the existence of a Common Name (CN) in the certificate, and verifies that it matches the hostname provided.
- Supports Smartcard or SSL Client certificate authentication of users
- Added filtering to the Job Queue display page
- New Diagnostics screen that displays system status and collects diagnostic information
- Improved database concurrency issues that were resulting in 'database locked' errors
- Significantly reduced plugin synchronization time and system load impact
- Improved query performance when using a large number of repositories
- Improved performance when loading the Host Detail screen
- Optimized trend queries to only perform differential queries
- Removed timeout on LCE Event Analysis screens
- Enabled TCP port scanner and allow for port selection in remediation scans
- Many other minor improvements and bug fixes
Third-Party Dependency Changes
- Upgraded the following dependencies to the specified versions:
- Apache httpd 2.2.22
- PHP 5.3.10
- OpenSSL 0.9.8w
- SQLlite 3.7.10
- New dependency added:
- libcURL 7.24.0
- Added Proxy support for Perimeter Service scanners
- Improved prepareassets performance during scan import/asset calculation
- Increase the default ScannerStatusTimeout setting from 60 to 120 secs
- Allow for multiple values in CVE, MS Bulletin, and IAVA filters
- Add support for DOD Classification Markings in Report Headers and Footers
- Add support for IAVB and IAVT references, renamed the existing "IAVA ID" filter to "IAVM ID"
- Disabled SSLVerifyClient "optional" setting for new installs
- Apache httpd.conf Options directive changes for improved security
- Set the Analysis page to not load all the information at once, this reduces the time to load
- Removal of the initial password of an account when a ssl client certificate is associated
- Locking of Admin user accounts exceeding maximum login attempts
- Upgraded the PHP version to 5.3.14 and OpenSSL to 0.9.8x
- Fixed the scanProgress database lock error that occurred during concurrent scans
- Reordering of Dashboard Tabs was not retained when you logout and log back in
- Better formatting of the .csv report when the 'Plugin Output' field is very large
- Report Iterator IP Info failure
- Fixed a crash in the generatenessus tool when extracting os name from plugin output
- Mitigation not occurring in some cases on import
- Setting the max_hosts to a number smaller than 4 caused scan problems
- ActionScript error when attempting to add users
- Prepareassets not clearing out the AssetIPCount table correctly, which could cause slowness on the Asset screen
- Prevent multiple scanner update jobs from occurring simultaniously
- User Screen Manager filter incorrectly populated
- Post Scan processing setting was not always saved correctly