TOC & Recently Viewed

Recently Viewed Topics Platform Release Notes - November

Important Highlights from this Release

Recast Rules

  • Modify the out-of-the-box severity of a vulnerability, or accept the risk altogether, based on the needs of your organization's unique environment

Scan Distribution

  • Distribute scan jobs across multiple scanners in a group to reduce scan times and have results display more quickly in UI
  • View results of running scans (active scans and agent scans)
  • Graphical summary of individual scan results

Agent Manageability and Scalability

  • Ability to create a new Agent Group and add member Agents to an existing Group directly from the Agents page
  • Ability to automatically un-link stale agents after a user-configurable number of days (default is 30 days)
  • Differential plugin updates to greatly reduce bandwidth used

WAS Internal Scanning

Internal Scanning brings Web Application Scanning functionality to internal websites - giving you the ability understand and mitigate the risk in their web apps that are not hosted externally.

  • Expand WAS Scanning capabilities to scan websites that are not externally available on the web
  • Setup an internal scanner using a WAS version of the Appliance
  • Manage and view the status of the internal WAS scanner
  • Link the internal scanner to to use just like a WAS cloud scanner
  • Configure scans on internal websites, pre-production environments, and more.
  • Retrieve the same great WAS vulnerability scanning results on your internal websites.

WAS Scanner 0.10.0, 0.11.0, 0.12.0

  • New Performance option "Timeout Threshold" in WAS scan policies
  • New WASC information added to plugin description
  • New WAS plugin
    • 98137 "Scan aborted after too many timeouts"
    • 98034 "Login Form Authentication Failed"
    • 98019 "Network Timeout Encountered"
  • Improved WAS Plugin 98091 - Mixed Resource Detection detection and output
  • Add Scan Start Time and list of plugins used to WAS plugin 98000 "Scan Information"
  • Add Scan note "Invalid Target" when users tried to scan localhost

Container Security

  • Support detection of Apache Struts vulnerabilities
  • Add analysis of archived files in compressed file formats

External PCI Scan Changes

  • Scan results from scans using the external PCI scan policy used to submit PCI ASV attestations are no longer published to workbenches/dashboards/reports

PVS to NNM name change

  • The UI has been updated to reflect the name change of the Passive Vulnerability Scanner ("PVS") to Nessus Network Monitor ("NNM")

Scan Data Processing

  • Fixed an issue where case sensitive Target Group filters on scan results could omit some results
  • Fixed an issue processing some NNM scans

Bug Fixes

  • 306218 Unable to scan from SC
  • 309959 Scans Aborting Using Cloud Scanners
  • 305925 VM Dashboard VoT Graph does not Reflect Scans
  • 305646 User's Target Groups Do Not Exclude all Assets
  • 295365 Container Scanning stuck in processing
  • 293564 Dramatic increase in scan times for scans launched from cloud scanners
  • 309265 All scans stuck in running state
  • 307724 Non-Nessus Type Reports Return Incorrect Content-Length
  • 305196 Cannot give permissions for a scan to a group in
  • 300204 When logging into and looking at the dashboards Tab, the plugins details never load for all of Basic and Standard users.
  • 295045 Downloading Nessus exports of scan results get cut off at 1GB when downloading results which are larger then 1GB
  • 295300 OS metadata displaying as 'Please As' instead of the actual OS

WAS Scanner 0.10.0, 0.11.0, 0.12.0

  • Scan aborted when generating scan results with null byte character contents
  • Scan crashed when invalid Login Form authentication check pattern is provided
  • Scan shall abort scan after X consecutive timeouts series
  • Remove irrelevant Authorization header passed to HTTP requests
  • Improved cloud scanner capacity monitoring to prevent pending scans due to overloaded Cloud scanners
  • Add failure recovery when scan results cannot be upload to platform due to temporary network connectivity issues

Container Security

  • Addressed reported Docker Registry bugs
  • Registry import bugs related to Artifactory
  • Zlib decompression bug fix


Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.