Tenable has added 5 new properties to the asset export data returned by the Download assets chunk endpoint, and 7 new properties to the vulnerability export data returned by the Download vulnerabilities chunk endpoint.

Documentation is now available for new body parameters and response properties added to the Tenable Vulnerability Management API to support continuous assessment scanning. Continuous assessment scanning is a scanning method that Tenable Vulnerability Management can perform through linked Tenable Nessus Agents. It provides continuous monitoring and reporting of software inventory changes on your hosts.

Tenable has made several changes to the compliance export API to improve performance and reliability. A new timeout limitation has been implemented as a result of these changes. Compliance exports that take longer than 24 hours to complete are now auto-canceled. This timeout limitation is being deployed to customers on a rolling basis, and will be deployed for all customers on October 22, 2024.

The risk_factor property returned by the List plugins endpoint now honors the Vulnerability Severity Metric setting on the user's container. The Vulnerability Severity Metric can be set to either CVSSv2 or CVSSv3. Previously, the risk_factor property always defaulted to a plugin's CVSSv2 value, resulting in a mismatch with the user interface if customers selected CVSSv3 as the default severity metric.

Tenable has released pyTenable version 1.5.1.

Tenable is pleased to announce the availability of custom role-based access control for Web App Scanning. Custom roles are a custom set of privileges that enable you to tailor user privileges and access to resources on your Tenable Web App Scanning instance that are specific to your organization's needs. You can now create custom roles and assign users to those roles to provide more granular control for users to access, modify, and execute WAS scans. For example, you can create WAS-only users to allow AppSec or Dev teams to access the Tenable One platform without giving them access to Vulnerability Management tools.

A new endpoint has been added to the Tenable Attack Path Analysis API that enables users to retrieve a list of attack path vectors. The new endpoint is described in the following table:

Documentation is now available for new endpoints added to the Tenable Vulnerability Management API. The new endpoints enable customers to create and manage agent profiles. For more information about agent profiles, see Agent Profiles in the Tenable Vulnerability Management User Guide.

📘

Note

The first set of compliance export enhancements was available on March 19, 2024. See the changelog for more information.

Tenable has created a mailing list for Tenable Developer Portal changelog updates. Click here to subscribe to the mailing list.