A new setting has been added to the Tenable-provided API Scan template that enables users to provide a URL for the OpenAPI specification for the RESTful API they want to scan. This new functionality adds a layer of convenience over the file upload option, and the URL is checked before every scan to ensure that the API specification is up to date.
On May 16, 2024, Tenable will update the .nessus scan export format to include individual open port findings. This will ensure that you can still view open port findings in Tenable Security Center if your organization integrates Tenable Vulnerability Management with Tenable Security Center.
Tenable has deprecated the following List vulnerabilities query parameters:
A new scan setting called Info-level Reporting is now available for Nessus Agent vulnerability scan templates. The setting specifies how often an agent scan should report unchanged info-level vulnerability findings. There are several new parameters that can be used when creating or updating a scan to support this new feature.
A new endpoint has been added to the Tenable Web App Scanning API that enables users to generate a scan configuration for a remediation scan. Remediation scans can be used to validate whether remediation actions for a vulnerability has been successful. Note that this endpoint only returns a configuration that can be used to create a remediation scan. You must use the response from this endpoint as the request body for the Create scan config endpoint to create the remediation scan. For more information about remediation scans, see Launch a Remediation Scan in the Tenable Web App user guide.
CautionTenable recommends that you update any existing Legacy Cloud Security integrations that your organization has before September 30, 2024.
CautionTenable recommends that you update any existing Legacy Container Security integrations that your organization has before September 30, 2024.
Tenable has updated the default permission logic for the bulk vulnerability and asset export endpoints. Previously, these endpoints required the Can View access control permission for the asset objects to be exported even if the user was an administrator. Now users with ADMINISTRATOR [64] user permissions can create an export even without the explicit Can View access control permission. By default, administrator users now have permission to export all assets.
Tenable has made several enhancements to the compliance export API. These enhancements improve performance and provide additional functionality for the compliance export API.
A new endpoint has been added to the Tenable Web App Scanning API that enables users to export a WAS scan configuration file for use with the new CI/CD (continuous integration / continuous delivery) scanning integration. You can integrate Tenable WAS Docker images with GitHub, GitLab, Jenkins, CircleCI, or Bamboo to scan builds and prevent vulnerabilities before your code and applications are deployed. For more information, see CI/CD Application Scan Overview in the Tenable Web App Scanning User Guide.
