Tenable Vulnerability Management Platform Release Notes - October

Important Highlights from this Release

Nessus Tenable Web App Scanning Scanner 0.9.0

  • Plugin Improvements
    • Captcha Detection
  • Improved plugin 98136 "Target Information" plugin output when target URL is not reachable
  • Fix FP in plugin 98078 "E-mail address disclosure" when URL contains basic authentication credentials

AWS Connector

  • Automated asset discovery: Connect your AWS account to Tenable Vulnerability Management and it automatically queries for AWS assets and metadata and monitors the AWS CloudTrail service for updates
  • It’s part of your Tenable Vulnerability Management subscription. There’s no additional cost to take advantage of this new feature.
  • Discovered assets won’t count against a Tenable Vulnerability Management license. The assets identified by the Connector won’t count against your license. A license would only be affected if/when the asset is scanned.
  • Ability to filter the Asset workbench with the below filters:
    • Security Group Name
    • Instance State Name
    • Instance Type
    • Owner
    • Region
    • Availability Zone
    • VPC ID
    • Subnet ID
    • EC2 Product Code
    • EC2 Name

Assets

  • We've changed the way assets are named on the asset workbench, to ensure that they are referred to by the most unique human readable name possible. The new naming hierarchy is evaluated in the following order 1. NetBios name 2. DNS name,3. IPv4 address

Web Application Scan

  • Update Tenable Web App Scanning Scan Vulnerability View Layout to match view from workbench
  • Add new Tenable Web App Scanning policy option to set number of consecutive timeouts before aborting a scan to improve scan configurability/speed

Tenable PCI ASV

  • In application communication for dispute process
  • Ability to duplicate disputes from the previous quarters attestation

UI Changes

  • Update text on Target Groups and Exclusions UI views to "Targets" rather than "Assets" or "Members"
  • Change the name "PVS" to "NNM" (Nessus Network Monitor)

Bug Fixes

  • Case 457984: When editing a scheduled scan you must update the scan start date in order to save
  • Case 464383: Typo in Vulnerability Management Report
  • Case 471550: Cannot access Tenable Vulnerability Management with username- need to submit PCI
  • Case 474913: 6 Digit plugin ID in Tenable Vulnerability Management filer not accepted
  • Case 430716: After the scans number update in CS-17118 the shared scanner pools reflect the amount of scans running for all customers
  • Case 478260: POST /scans//export should default to last scan
  • Case 483800: Error when downloading detailed PCI report
  • Case 480012: Spike in 502 errors using when using Tenable Vulnerability Management API
  • Case 483800: Error when downloading detailed PCI report