Tenable Vulnerability Management Platform Release Notes - April 2019

Important Highlights from this Release

Features

Tenable Vulnerability Management
- Added two new roles bringing the total to five
  - Scan Operator - Can create and run scans, but may only use existing scan policies that were created by a standard user or higher
  - Scan Manager - In addition to standard user privileges, this role can manage scanners, agents, and exclusions
- Added support for multiple accounts on a single AWS connector
Tenable Nessus Agent
- Improved agent check-in logic to improve reliability of agent scan result uploads
- Improved support for unicode characters in scan reports
Tenable Nessus
- Flexibility for Reporting in Nessus Professional - Often there can be too much data; now Nessus enables you to select precisely which information is included when exporting PDF and HTML reports. As an example, a user can choose when exporting to only include the host information, vulnerability information, and vulnerability score when creating a report. The user can also select to save the export options as default for any subsequent exports.
- Performance updates for Agent deployments using Nessus Manager - Tenable made improvements to the processing time for scan results on Nessus Manager. The update includes disabling the inclusion of Audit Trail and KB data by default. As a best practice, it is recommended leaving these disabled for production environments. For testing/troubleshooting, both abilities can be re-activated for smaller agent groups if needed.
  - Additionally, new options to optimize agent data merge performance can be configured if desired and can provide additional speed-up. See the Agent Advanced Settings documentation for details on configuring these optimizations.
- Scan Template Updates - Similar to plugin updates, scan templates can be updated at various times. With this release, new policies and policy updates are now delivered automatically.
- Additional improvements include -
  - Added the ability to update the Offline registration license in the Nessus UI for scanners registered offline.
  - Added a new Advanced Setting plugin_output_max_size_kb, defaulted to 1MB, to configure the maximum per-plugin output size for XML elements in .nessus reports.
  - Added various NASL improvements and bug fixes
Tenable Appliance
- Enabled cloud-init (a deployment automation tool) by default in Tenable Core
Internal PCI Network Scan
- PCI DSS plugins are now enabled on this scan policy to align the scans output with that of the PCI External Scan
Industrial Security
- Adaptive sensing workflows are now available within IS enabling users to incorporate smart scan and device inquiry input into the information IS has available to fingerprint devices
- Users can now create and save filters by name. This capability enables locations where IP address input is requested within the IS UI to use saved filters.
Tenable Nessus Network Monitor
- Tenable Nessus Network Monitor Continues to expand the number of device types, manufacturers, and device models that it can detect. Tenable Nessus Network Monitor now provides more than 11,700 unique device detections.
- ICS/SCADA vulnerability detections within Tenable Nessus Network Monitor also continue to increase with 300+ new, unique ICS/SCADA vulnerabilities added to the product

Bug Fixes

Tenable Nessus Agent
- Resolved an issue where an agent running on an AWS EC2 M5 instance would not report that it was running in AWS EC2
- Fixed an issue where agent scan results would not upload under certain conditions.
- Fixed an issue with the RPM installers stopping all nessusd processes on the host.
  
  Note: Operating systems that use the RPM installer should upgrade via the RPM package to receive this RPM fix. Upgrading an RPM installation via the feed will leave the RPM associated with that agent on the host.
Tenable Appliance
- Fixed a bug which prevented usage of an http:// upgrade proxy on port 80 from working correctly.