Tenable Vulnerability Management Platform Release Notes - November
Important Highlights from this Release
Recast Rules
- Modify the out-of-the-box severity of a vulnerability, or accept the risk altogether, based on the needs of your organization's unique environment
Scan Distribution
- Distribute scan jobs across multiple scanners in a group to reduce scan times and have results display more quickly in UI
- View results of running scans (active scans and agent scans)
- Graphical summary of individual scan results
Agent Manageability and Scalability
- Ability to create a new Agent Group and add member Agents to an existing Group directly from the Agents page
- Ability to automatically un-link stale agents after a user-configurable number of days (default is 30 days)
- Differential plugin updates to greatly reduce bandwidth used
Tenable Web App Scanning Internal Scanning
Internal Scanning brings Tenable Web App Scanning functionality to internal websites - giving you the ability understand and mitigate the risk in their web apps that are not hosted externally.
- Expand Tenable Web App Scanning capabilities to scan websites that are not externally available on the web
- Setup an internal scanner using a Tenable Web App Scanning version of the Appliance
- Manage and view the status of the internal Tenable Web App Scanning scanner
- Link the internal scanner to Tenable Vulnerability Management to use just like a Tenable Web App Scanning cloud scanner
- Configure scans on internal websites, pre-production environments, and more.
- Retrieve the same great Tenable Web App Scanning vulnerability scanning results on your internal websites.
Tenable Web App Scanning Scanner 0.10.0, 0.11.0, 0.12.0
- New Performance option "Timeout Threshold" in Tenable Web App Scanning scan policies
- New WASC information added to plugin description
- New Tenable Web App Scanning plugin
- 98137 "Scan aborted after too many timeouts"
- 98034 "Login Form Authentication Failed"
- 98019 "Network Timeout Encountered"
- Improved Tenable Web App Scanning Plugin 98091 - Mixed Resource Detection detection and output
- Add Scan Start Time and list of plugins used to Tenable Web App Scanning plugin 98000 "Scan Information"
- Add Scan note "Invalid Target" when users tried to scan localhost
Container Security
- Support detection of Apache Struts vulnerabilities
- Add analysis of archived files in compressed file formats
External PCI Scan Changes
- Scan results from scans using the external PCI scan policy used to submit Tenable PCI ASV attestations are no longer published to workbenches/dashboards/reports
PVS to NNM name change
- The UI has been updated to reflect the name change of the Passive Vulnerability Scanner ("PVS") to Nessus Network Monitor ("NNM")
Scan Data Processing
- Fixed an issue where case sensitive Target Group filters on scan results could omit some results
- Fixed an issue processing some Tenable Nessus Network Monitor scans
Bug Fixes
- 306218 Unable to scan from SC
- 309959 Scans Aborting Using Cloud Scanners
- 305925 VM Dashboard VoT Graph does not Reflect Scans
- 305646 User's Target Groups Do Not Exclude all Assets
- 295365 Tenable.io Container Scanning stuck in processing
- 293564 Dramatic increase in scan times for scans launched from cloud scanners
- 309265 All scans stuck in running state
- 307724 Non-Nessus Type Reports Return Incorrect Content-Length
- 305196 Cannot give permissions for a scan to a group in Tenable Vulnerability Management
- 300204 When logging into Tenable Vulnerability Management and looking at the dashboards Tab, the plugins details never load for all of Basic and Standard users.
- 295045 Downloading Nessus exports of scan results get cut off at 1GB when downloading results which are larger then 1GB
- 295300 OS metadata displaying as 'Please As' instead of the actual OS
Tenable Web App Scanning Scanner 0.10.0, 0.11.0, 0.12.0
- Scan aborted when generating scan results with null byte character contents
- Scan crashed when invalid Login Form authentication check pattern is provided
- Scan shall abort scan after X consecutive timeouts series
- Remove irrelevant Authorization header passed to HTTP requests
- Improved cloud scanner capacity monitoring to prevent pending scans due to overloaded Cloud scanners
- Add failure recovery when scan results cannot be upload to Tenable Vulnerability Management platform due to temporary network connectivity issues
Container Security
- Addressed reported Docker Registry bugs
- Registry import bugs related to Artifactory
- Zlib decompression bug fix