SecurityCenter 4.6.0 Release Notes - 12/4/2012
This document describes many of the changes that are included in SecurityCenter 4.6, as well as significant enhancements and notes for upgrading. A PDF file of these release notes is also available here.
Upgrades are only supported for those users running SecurityCenter 4.2.0 and later. Users upgrading from 4.0.x must first perform an upgrade to SecurityCenter 4.2 or 4.4 before attempting to install version 4.6. Please refer to the SecurityCenter 4.2 Upgrade Guide or SecurityCenter 4.4 Upgrade Guide for information about upgrading to SecurityCenter 4.2 or 4.4. Information about upgrading from SecurityCenter 4.2.0 and later is available in the SecurityCenter 4.6 Upgrade Guide.
SecurityCenter now only supports Nessus scanners 4.2 or later. In addition, if SecurityCenter leverages the Log Correlation Engine (LCE) for log processing, the LCE must be running a minimum of version 3.6.1 for compatibility purposes.
The command syntax for an RPM upgrade is as follows:
# rpm -Uvh [RPM Package File Name]
File Names & MD5 Checksums
Changes and New Features
- Improved search functionality in drop-down lists – A "smart" control has been added throughout the application that allows users the ability to type in text within a drop-down list that instantly starts returning results as they type.
- IPv6 – Full support for IPv6 scanning. This includes the capability to:
- Perform an IPv6 host discovery scan
- Passively detect IPv6 hosts
- Scan a single IPv6 host
- Scan a whole range of IPv6 addresses (up to the equivalent amount of addresses of a Class A network).
- Scan Assets defined with IPv6 addresses
- IPv6 based scan results can apply all the same functions and features as IPv4 network scan results
- Detailed Scan Progress Bar – The new, detailed Scan Progress bar provides a visualization of the progress of current scans, as well as other statistical information about the status of a scan. SecurityCenter also now provides in-scan details of where the IP addresses are going (to which scanners) and the progress of individual chunks, etc.
- Support for new Juniper and CheckPoint firewall compliance checks – The ability to define and report on the new Juniper and Check Point firewall compliance Nessus plugins has been added.
- Support for setting preferences for Cisco IOS compliance checks – SecurityCenter allows users the chance to set preferences when performing Cisco IOS compliance checks. This includes the ability to audit the "Saved", "Running", and "Startup" configurations.
- Asset LDAP queries – SecurityCenter 4.6 provides the ability to connect to an LDAP directory (i.e., Active Directory) and pull host information in for use with a scan policy. This new functionality expands what SecurityCenter can do when creating Asset lists. This allows customers to leverage existing infrastructure in ways to help streamline the use of SecurityCenter.
- Asset Calculator – The Asset Calculator enhancement changes the way a user can create Assets by providing the flexibility to manipulate how existing Assets are leveraged. Previously, when creating a new Static Asset, the user had the option to "Copy" addresses from Assets on the right into the text area on the left, which caused the function to be called on every Asset list. This enhancement provides users the ability to utilize the following methods when selecting multiple assets:
- Union: Combines addresses from Assets on the right with addresses on the left, removing duplicates.
- Intersection: Removes all addresses from the left that are not present in the selected Asset lists on the right.
- Difference: Combines addresses from selected assets on the right with addresses on the left, and then removes any addresses that were in both.
- Complement: Removes all addresses from the left that are present in the selected Asset lists on the right.
- Support for StartTLS for LDAP – Support for StartTLS allows SecurityCenter to encrypt its use of LDAP without using LDAPs. StartTLS is an extension that allows you to take previously clear text/unencrypted protocols and encrypt them.
- Optimize Plugin updates – The optimization of plugin updates greatly decreases the amount of time it takes to do large-scale updates (for example, after a new install).
- Classification Banners – This feature allows users to set a banner on the top and bottom of the web user interface as well as reports. The banners state the classification of the data represented on the screen or in the report. Some examples of classifications are "Top Secret" and “Secret”.
- Support CoSign authentication – SecurityCenter 4.6 introduces a new server authentication method that uses the open-source CoSign single sign-on solution.
- LCE client-management – SecurityCenter 4.6 provides the capability to manage LCE clients from the SecurityCenter management interface. This provides a much more efficient method to tune how events are generated via the LCE.
- Log all credential changes at the Organizational level – All add/change/delete actions on "Credentials" are now logged in the admin log.
- Perimeter Service scanner/SC proxy support – Users now have the ability to use SecurityCenter's proxy server information when connecting a Nessus Perimeter Service scanner or other Nessus scanner which resides on the other side of a proxy server to SecurityCenter.
- Remove password of account associated with a certificate – To meet PKI requirements, it is now impossible to log into an account that has a certificate associated with it. When creating an account to authenticate via a certificate, the "password" box is removed.
- New "Update Status" button for PVS – There is now a button that allows users to perform a manual status check of each PVS that would trigger an update of a report, if one is available.
- Add support for NTLM web proxy authentication – The NTLM web proxy authentication feature enables SecurityCenter to authenticate to a proxy server using NTLM.
- Tool to remove duplicate namedb entries – A new tool was introduced that removed duplicate MAC addresses, DNS, and NetBIOS name entries in the namedb for each repository.
- Command Line utility that enables the import/export of repositories – This utility provides the ability to perform offline Import/Export functions from the command line.
- Can now create a sanitized debug output – There is now a command line tool that can be run against a standard debug output that will remove IP address and password information before sending the debug report to Tenable Support.
- Added Notification of unsuccessful login attempts – Added the capability to notify users on login of date and time of the user's last unsuccessful login, IP address of the user's last unsuccessful login, date and time of the user's last successful login, IP address of the user’s last successful login, and number of unsuccessful login attempts since the last successful login.
- HTML5 read-only dashboard – The HTML5 read-only dashboard is the first step in the SecurityCenter's front-end redesign.
- Default Dashboard Components – SecurityCenter 4.6 introduces a "default" dashboard. This provides users a basic template to view data as it comes in and build a more tailored dashboard from that foundation. Please refer to http://blog.tenable.com/sc4dashboards/ for additional dashboard examples.
- Generate a report at the end of a scan – This feature provides the ability to generate a report based specifically on a particular scan rather than utilizing cumulative data.
- Additional plugin fields in CSV reporting – This feature adds the ability to take specific fields that were present in "Vulnerability Details" (i.e., Solution, Description. CVE, etc.), and make them available as separate columns in a CSV export/report.
- Generate a report on an Alert – Reports can now be generated from an Alert based on any query you set for vulnerability, PVS, or LCE data. This feature automates much of the incident response process as a pre-canned report. This feature also provides coverage of various events from different log sources and also vulnerability and system data generated via scans, patch audits, and passive discovery.
- Report Results Sharing – The Report sharing feature introduced in SecurityCenter 4.6 allows a user to select a report from the list, click the share button, and select a SecurityCenter user from the list. Once shared, it shows up on the selected SecurityCenter user's list of reports within SecurityCenter. This keeps the report within SecurityCenter, and not sent to an email address hosted on a server that is not intended for the sensitive information that may be contained the report.
- Report Filter Find/Replace – The Report Filter Find/Replace enhancement enables users to quickly and easily update query filters across an entire report instead of manually editing each element in every chapter of the report.
- Nessus Scan Policy Import/Export – This new feature allows users to create a policy within SecurityCenter, export it, and then upload it to another SecurityCenter or a standalone Nessus server. You may also upload policies created on a stand-alone Nessus server into SecurityCenter.
- Support for Plugin Date Filters – This feature allows users to filter on the date associated with the plugin. There are five pre-defined ranges (e.g., "within the last week") that the user can filter on based on the dates of plugins.
- Added "And/Or/Not" filter options for Event queries – Users now have the ability to filter out events using "And/Or/Not" expressions in the Event Analysis Tool. Previously, raw log searches would have to be performed to accomplish this task.
- Ability to create Alerts from raw log events – There is now the capability for users to create an Alert based on data from raw log events gathered from the Log Correlation Engine.
- Added "Start/End" time range setting to raw log queries – Users can now set a start and an end time when searching through the raw logs gathered by the Log Correlation Engine.
- Enhanced querying of archived LCE data – This feature allows users to enter a date for querying, instead of having to scroll through a list to find something closer to the current day.
- Removed a memory leak that would occur when editing report templates repeatedly.
- Resolved the issue where the "prepareassets" function only partially loaded the .db and .raw if the file size was over 2GB.
- Fixed an issue where saving an Asset fails if creating it from a filter containing multiple lines.
- Fixed an issue where a user was not able to upload a compressed Nessus file of a repository to SecurityCenter.
- Modified the "Email on Ticket Assignment" function. Previously, it would not fire an email when a ticket was created via an Alert.
- Resolved an issue where the "Post Scan" setting for the number of days was not displaying correctly.
- Fixed an issue where sorting Asset Lists by IP count was incorrect after a screen refresh.
- Fixed an issue where the SecurityCenter start script failed after adding a custom CA certificate.
- Fixed an issue where deleting a user with shared credentials deleted the credentials for all the users.
- Resolved the major issue of scans failing due to the database locking under certain conditions.
- Many other minor improvements and bug fixes.
- Fixed an issue where IPs that appear in multiple repositories are getting counted multiple times toward license
- Fixed an error when exporting CSV from vulns page when filtering on a repository
- Fixed an issue where credentials from the HTML interface where logged in cleartext