TOC & Recently Viewed

Recently Viewed Topics

Tenable.sc 5.10.0 Release Notes - 2019-05-06

Tip: Tenable rebranded SecurityCenter as Tenable.sc. For more information, see the announcement.

If you are running version 5.6.2.1 or later, you can upgrade directly to version 5.10.0. If you are running a version earlier than 5.6.2.1, upgrade to version 5.6.2.1 before upgrading to version 5.10.0.

Note: If your upgrade path skips versions of Tenable.sc (e.g., upgrading from 5.7.0 to 5.10.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

You can download the update files from the Tenable.sc Downloads page.

New Features

VPR Key Drivers

Additional fields have been added to the Vulnerability Detail List view to give a better understanding of the Vulnerability Priority Rating (VPR) Score:

  • Vulnerability Age

  • CVSS v3 Impact Score

  • Exploit Code Maturity

  • Product Coverage

  • Threat Intensity

  • Threat Recency

  • Threat Sources

For more information, see View Vulnerability Instance Details in the Tenable.sc User Guide.

Touch Debugging

While logged in as Admin, under System / Diagnostics, users now have the ability to enable Touch Debugging through the UI, reducing time and complexity of providing debug logs to Tenable Support.

For more information, see Diagnostics in the Tenable.sc User Guide.

Rebranding

Additional rebranding to "Tenable.sc" has been completed in this release.

Enhanced Telemetry

Tenable.sc is moving to an "Opt-out" policy for returning anonymized usage statistics. This option can be found while logged in as Admin under the Miscellaneous Configuration section.

For more information, see Privacy Configuration Settings in the Tenable.sc User Guide.

API Key Support

Tenable.sc has moved from Security Certificates to utilizing API keys for data transfer. This has the benefit of removing certificate timeout issues.

For more information, see Nessus Scanners in the Tenable.sc User Guide.

Suspend/Resume Scans

For more information, see Suspend or Resume a Scheduled Active Scan in the Tenable.sc User Guide.

IP Randomization

Enabling this setting will cause Tenable.sc to send randomized blocks of IPs to Nessus scanners. This can be enabled while logged in as Admin under the Miscellaneous Configuration page.

For more information, see Scanning Configuration Settings in the Tenable.sc User Guide.

Bug Fixes

Bug Fix Defect ID

In order to enhance product security, the following configuration file changes have been made on initial install:

  • "Strict-Transport-Security" header
  • "Content-Security-Policy" header
  • "X-Content-Type-Options" header
  • "X-XSS-Protection" header
  • Update SSL Cipher suite
  • Prevent TLS 1.0 and TLS 1.1 from being used
  • Make sure cookies have the SameSite flag enabled
00511314
Fixed an issue where Passive Plugins were missing their VPR Score. n/a
OpenSSL has been upgraded to version 1.0.2r. n/a
Fixed an issue where creating an Advanced Assurance Report Card without any base filters would cause unneeded error logging. n/a
Fixed an issue where incorrectly parsed plugins were causing incorrect CVSS V2 Vector results to be produced. 00776841
Fixed an issue where "System name" was being sent as an empty string when sending Lieberman credentials 00688244
Fixed an issue where users were unable to sort using the repository column when using the IP summary tool 00768144
Fixed an issue where importing agent data into IP repository would get stuck in a pending state 00768587
Fixed a Glibc error "Scan import error (code 11)" when importing specific scan results 00762804
Fixed an issue where in some cases, jobs, scheduled by specifying the day of the week in recurrence, generated errors and did not launch as expected. 00766085
Fixed an issue where plugin #34220 was failing to remediate from an agent scan 00752612
Fixed an issue where Agent Malware Scan could remove previous DNS entries from a repository 00742128
Fixed an issue where new assets could fail to calculate 00720889
Fixed an issue where exporting report templates that were share across multiple groups could result in a timeout error 00725421
Fixed an error where the name of a custom audit file would not be displayed 00663634
Fixed an issue when Agent sync to Tenable.sc could result in an Unauthorized (401) error 00619991
Fixed an issue where Plugin search shows "show IP details" pop up instead of "show plugin details" pop up 00715839

Filenames and MD5 Checksums

Filenames and MD5 checksums are located on the Tenable.sc Downloads page.

Tenable Integrated Product Compatibility

The following table lists the Tenable product versions tested with Tenable.sc 5.10.0:

Product Tested Version
Nessus

6.3.0 and later

Nessus Manager 7.1.0 and later
Log Correlation Engine 5.0.6 and later
Nessus Network Monitor 5.1.1 and later
3D Tool 2.0 and later

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.