A new endpoint has been added to the Tenable Managed Security Service Provider (MSSP) API to enable users to define the licensed Tenable applications available when creating an evaluation account. Tenable is enabling this endpoint for customers in a rolling fashion. For more information, contact your Tenable representative.

The user permissions requirement for some Tenable Managed Security Service Provider (MSSP) endpoints has been reduced from ADMINISTRATOR [64] to BASIC [16]. For more information about permissions and roles, see Permissions.

A new endpoint has been added to the Tenable Vulnerability Management API to enable users to bulk assign agents to a profile or bulk remove agents from a profile.

The vulnerability export endpoint now returns an HTTP 409 Conflict status code if a duplicate export request is received. Previously, an HTTP 429 Too Many Requests status code was returned in the event of a duplicate export request.

On October 11, 2023, customers that enabled the Relocate Open Port Findings setting in the user interface will see a data structure change in their vulnerability exports for open ports reported by the following high-traffic info plugins:

The plugins endpoints that accept user input now return an HTTP 404 Not Found status code with an empty response body if the specified plugin ID, plugin family ID, or plugin family name cannot be found. Previously, Tenable Vulnerability Management returned an HTTP 200 OK status code with "plugins": null in the response body. This change aligns the plugins endpoints with the standard used for other Vulnerability Management endpoints.

Tenable has deprecated three Tenable Vulnerability Management endpoints related to workbench exports.

New endpoints have been added to the Tenable Cloud Security API to allow customers to onboard and manage their cloud accounts. You can now onboard Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) accounts and assign them to projects via the API.

A new endpoint has been added to the Tenable PCI ASV API to allow customers to retrieve a list of undisputed failures for a specified PCI attestation. You can specify the attestation you want to retrieve the undisputed failures for via the attestation_uuid path parameter. For more information about PCI ASV, see Get Started with PCI ASV Scanning in the Tenable Vulnerability Management User Guide.

A new endpoint has been added to the Tenable PCI ASV API to allow customers to retrieve a list of assets identified in a specified PCI attestation. You can specify the attestation you want to retrieve the assets for via the attestation_uuid path parameter. For more information about PCI ASV, see Get Started with PCI ASV Scanning in the Tenable Vulnerability Management User Guide.