Tenable is pleased to announce the availability of custom role-based access control for Web App Scanning. Custom roles are a custom set of privileges that enable you to tailor user privileges and access to resources on your Tenable Web App Scanning instance that are specific to your organization's needs. You can now create custom roles and assign users to those roles to provide more granular control for users to access, modify, and execute WAS scans. For example, you can create WAS-only users to allow AppSec or Dev teams to access the Tenable One platform without giving them access to Vulnerability Management tools.
A new endpoint has been added to the Tenable Attack Path Analysis API that enables users to retrieve a list of attack path vectors. The new endpoint is described in the following table:
Documentation is now available for new endpoints added to the Tenable Vulnerability Management API. The new endpoints enable customers to create and manage agent profiles. For more information about agent profiles, see Agent Profiles in the Tenable Vulnerability Management User Guide.
Documentation for the Tenable Attack Path Analysis API is now available in the Tenable Developer Portal. A new endpoint has been added that enables users to retrieve details about Attack Path Analysis findings. For more information about findings, see Findings in the Tenable Attack Path Analysis User Guide.
Documentation has been added to the Tenable Developer Portal for the Change role endpoint that enables customers to change the role assigned to a specific user. For more information about user roles within Tenable Vulnerability Management, see Roles in the Tenable Vulnerability Management User Guide.
A new feature has been added to Tenable's cloud platform that enables users to restrict access to the API by specifying an allowlist of IPv4 or IPv6 addresses. The list of allowed addresses can include discrete IP addresses, IP address ranges, and IP subnets. For example, for IPv4 you could specify "192.0.2.0, 198.51.100.4-198.51.100.10, 203.0.113.0/24" and for IPv6 you could specify "2001:db8:2e92:75f2:d40a:e290:10b3:c0f, 2001:db8:1e1f:46a1:e3cb:2110:22c6:0000-2001:db8:1e1f:46a1:e3cb:2110:22c6:ffff, 2001:0DB8::/32". If an empty string is provided then the API can be accessed from all IP addresses.
