Forum Widgets
Recent Discussions
Introducing Enhancements to VPR in Tenable Vulnerability Management!
Today, we launched enhancements to Vulnerability Priority Rating (VPR) in Tenable Vulnerability Management. These updates provide unmatched precision, AI-driven insights, and contextual understanding to help your security teams prioritize and remediate vulnerabilities more efficiently. How this benefits you: Sharpen precision to focus on what matters most: While traditional CVSS scores classify 60% of CVEs as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this, helping your teams focus on just 1.6% of vulnerabilities that represent actual risk to your business. This is achieved by leveraging an even broader spectrum of threat intelligence and real-time data input used to predict near-term exploitation in the wild. Unlock AI-driven insights and explainability: Our new LLM-powered insights deliver instant clarity, helping you quickly understand why an exposure matters, how it has been weaponized by threat actors, and providing clear, actionable guidance for mitigation and risk reduction. Prioritize with industry and regional context: New metadata provides crucial context, helping you understand if a vulnerability is being targeted in your specific industry or geographic region. Leverage advanced querying & filtering: The enhanced VPR model is easily accessible for filtering and querying in the new Explore views, which display Assets and Findings data, enabling faster investigations and response workflows. Both the original VPR and the enhanced VPR (referred to in-product as 'VPR (Beta)') will coexist for a period of time in Tenable Vulnerability Management, ensuring you can make a smooth transition. Future deprecation of the original VPR will be communicated in advance. To learn more about the enhancements to VPR, see the solution overview and click-through demo. For additional information, see our FAQ, release notes, and Scoring Explained help documentation.
🚨 Announcing: Tenable AI Exposure 🚨
AI platforms like ChatGPT Enterprise and Microsoft Copilot are boosting productivity, but they also expand your attack surface. AI Exposure, now in Tenable One, gives security teams the visibility and control they need to see, secure, and govern AI use across the organization. Tenable AI Exposure is currently available as a private customer preview for companies actively using ChatGPT Enterprise and/or Microsoft Copilot. If you are interested in joining this exclusive 120-day preview, please sign up through the form found on our product page. With AI Exposure, customers will be able to: Gain deep visibility into AI usage, including prompts, data flows, and risky interactions Identify misconfigurations or unsafe integrations that may expose sensitive data Monitor for AI-specific threats like prompt injection or other AI attacks Enable enforcement of organizational policies and governance standards for AI usage Deploy quickly without agents or disruptions in five minutes or less 🔍 To learn more about AI Exposure, visit our product page.Tenable Enhances Its Cloud Security Solution with Expanded Just-in-Time Access
Tenable has enhanced its Just-in-Time (JIT) Access capabilities to provide more comprehensive and streamlined cloud security for organizations. The Just-in-Time (JIT) Access feature significantly strengthens cloud security by granting temporary, need-based access to sensitive resources, minimizing the risks associated with persistent privileges. This approach offers several critical benefits for organizations striving to enhance their cloud security posture: Reduced Attack Surface: By eliminating always-on privileges, JIT Access significantly minimizes the window of opportunity for attackers to exploit compromised identities. Enhanced Security Posture: Granting access only when required and for a limited duration adheres to the principle of least privilege, mitigating the risk of both external threats and insider misuse. Seamless User Experience: Tenable's JIT Access offers user-friendly workflows, including integration with popular messaging platforms like Slack and Microsoft Teams, allowing users to request and receive necessary access without disrupting their productivity. Improved Auditability and Compliance: The solution provides a clear and comprehensive audit trail of all access requests, approvals, and session activities, simplifying compliance with various regulatory frameworks. Achieving Zero Standing Privileges: Tenable's JIT Access empowers organizations to move towards a "zero standing privileges" model in their cloud environments, a critical step in modern cybersecurity. For more information, please visit the page.
We are excited to announce several updates that improve the...
We are excited to announce several updates that improve the experience for both developers and admins using the new Tenable developer portal A new version of Tenable.io reference documentation Enhanced theme editor and redesigned default portal theme, and Ability to see client response samples in eleven different programming languages All three features are in beta and are available to Tenable customers today. First, a new Tenable.io API integration portal creates beautiful API reference documentation for your developers in a new, three-pane view. The left pane helps developers navigate between areas of the API, while the center area gives detailed responses in different programming languages for a given operation. The right pane enables you to make API requests directly from the docs, using the Try It button. Documentation depends on the OpenAPI Specification. Also, there is a link to the Tenable Community where developers can engage with other community members to spark conversations and to share their expertise and skill. If you're already a Tenable.io customer, check out the documentation to get started. There you'll find a complete feature overview, tutorials, best practices, and more. If you're not already a Tenable.io customer, you can try it out today for 60 days with a free product evaluation. .
What's New in Tenable One: December 2025 Release
Hey everyone! :) This month's release delivers broader visibility, deeper insights, and more tailored data analysis to help you manage and reduce risk with confidence. Release highlights: New Tenable One Connector | OT Security | Claroty Connect Tenable One with your Claroty platform to manage OT risks alongside the rest of your attack surface, revealing how IT exposures can directly impact industrial control systems and critical infrastructure. Protect uptime and safety by viewing IT and OT as a single, connected environment. Dashboards | Widgets Edit Edit and update widgets on dashboards you own, customizing all configuration parameters, including widget type, categories, values, data labels, stacking, and filters, to tailor insights to your specific needs. See all platform enhancements >>
Bye-bye, manual exceptions! Say hello to query-based recast and a new API.
You’ve asked for more control, and now, we’ve delivered. With the launch of query-based recast, Tenable Vulnerability Management gives you the granular precision and automation tools you need to streamline exception workflows and accurately manage risk. Why you'll love this update: You set the rules precisely: You create powerful exceptions based on 14 criteria, including Asset Tags, CVEs, networks, and FQDNs. This gives you far more control than ever before. Intelligent management: We help you manage those rules without overlap. The new Rules Management page flags Related Rules, so you confidently avoid conflicting policies that waste your time. Automation is here: Stop manual work! You can now use the new Recast API to automate rule creation, modification, and deployment across your entire environment. Modern look (and dark mode!): Manage everything in a clean, intuitive Rules Management page built with our design system. (Yes, it supports dark mode. We hear you, fellow night owls.) These updates empower you to move from detection to action with greater speed and confidence. [Read the Full Release Notes] | [Review the Documentation]Nessus 10.9 is Now Generally Available!
We're excited to announce the general availability of Nessus 10.9! This latest release brings powerful new capabilities designed to enhance your vulnerability assessment, offering greater flexibility, improved efficiency, and deeper insights into your security posture. What's New in Nessus 10.9? Nessus 10.9 introduces several key features to empower your security teams: Offline Web Application Scanning in Nessus Expert: For organizations with strict network segmentation or air-gapped environments, Nessus 10.9 now enables comprehensive web application scanning functionality. This ensures that your critical web applications, even in isolated networks, receive the same thorough security assessment as those in connected environments, helping you maintain a consistent security baseline across your entire infrastructure. This functionality is available in Nessus Expert only. Triggered Agent Scans in Nessus Manager: Automatically initiate vulnerability scans via Nessus Manager in response to specific events. This means you can gain immediate insights into your security posture as soon as new assets are discovered or critical system changes occur. This functionality will be enabled directly through Tenable Security Center in July. Agent Version Declaration for Offline Environments in Nessus Manager: Simplify the management of your Nessus Agents in air-gapped or offline deployments. With Nessus 10.9, you can now declare agent versions for Nessus Manager agent profiles, streamlining updates and ensuring your agents are running the desired software versions, even without direct internet connectivity. Agent Safe Mode Status Reporting in Nessus Manager: Get better visibility into the health and operational status of your Nessus Agents. Nessus 10.9 provides reporting on "Agent Safe Mode" status, giving you insights into agents that may be experiencing issues or operating in a limited capacity. This allows for quicker identification and resolution of agent-related problems, ensuring uninterrupted scanning coverage. Upgrade to Nessus 10.9 Today! Nessus 10.9 is available now. We encourage all Nessus users to upgrade to take advantage of these new features and continue to strengthen their vulnerability assessment capabilities. For more information, see the Nessus 10.9 release notes and Nessus 10.9 user guide. Thank you for choosing Nessus as your trusted vulnerability assessment solution.Tenable Cloud Vulnerability Management is now available
Identifying and remediating vulnerabilities is too important to settle for incomplete, inadequate, or poorly supported solutions. Tenable Cloud Vulnerability Management provides full visibility across your cloud environments to deliver detailed prioritization and remediation all in one user-friendly interface. This simplifies multi-cloud visibility and offers Tenable’s leading vulnerability management intelligence. To learn more about how your organization can benefit from Tenable Cloud VM, contact your Tenable account team or view these resources: Product Highlights Data Sheet: Vulnerability management for multi-cloud environments Product Overview: Tenable Cloud Vulnerability Management Blog: Reducing Vulnerability Risk in the Cloud Era Interactive Demo
Tenable Patch Management TPM SaaS is Now Live [GA Announcement]
Release Date: November 17, 2025 We are thrilled to announce that Tenable Patch Management TPM is now available as a fully managed SaaS solution. For too long, IT and Security teams have been stuck in a paradox. Security demands speed to reduce risk, while IT demands stability to ensure uptime. This friction creates a dangerous gap between vulnerability discovery and remediation. Today, we are closing that gap. With the launch of TPM SaaS, you can now replace reactive, manual patching with autonomous, cloud-native remediation. By moving to the cloud, we are empowering your teams to shift their focus from maintaining patch servers to managing business risk. Why Move to the Cloud? Legacy on-premise tools like BigFix, Tanium, and SCCM were built for a different era. TPM SaaS offers a modern approach that is scalable, secure, and effortless to maintain. Zero Infrastructure Overhead Eliminate the need for on-prem hardware, database management, and manual maintenance. Our platform updates automatically, ensuring you always have the latest features without the downtime. Prioritize Risk, Not Volume Stop drowning in patch Tuesdays. TPM leverages Tenable’s Vulnerability Priority Rating VPR and Asset Criticality Rating ACR to automatically identify and remediate the vulnerabilities that pose the greatest risk to your specific environment. Global Scalability Whether you are a local business or a global enterprise, TPM SaaS scales instantly. We have launched with global data centers in the US, UK, Germany, Japan, Australia, and Singapore, ensuring low-latency performance and data sovereignty wherever you operate. Unmatched Coverage Secure your entire estate with industry-leading support for Windows, Linux, and macOS, covering over 20,000 third-party applications and 250,000 unique patches. Key Capabilities at a Glance Autonomous Set and Forget Policies: Define your risk tolerance and let the engine handle the rest. 100 Percent Granular Control: Maintain full authority with tiered deployments, rollbacks, and flexible approval workflows. Resilient Architecture: Built-in redundancy, failover, and our signature Peer-to-Peer (P2P) content distribution to protect your network bandwidth. Centralized Management: Manage admin accounts and identity providers OIDC SAML directly through the Tenable Workspace. Ready to Get Started? Stop managing servers. Start managing risk. Deliver fully autonomous, closed-loop remediation that finally bridges the gap between IT and Security. Start Now at https://www.tenable.com/products/patch-management Read the Release Notes at https://docs.tenable.com/release-notes/Content/patch-management/2025.htm Dive Deeper at https://docs.tenable.com/integrations/Tenable-Patch-Management/Content/welcome.htm – Tenable Patch Product ManagementGeneral Availability (GA) of version 3.1.0 of the Tenable App for Microsoft Sentinel!
Release Date: July 17, 2025 Hi Everyone! We're excited to announce the general availability (GA) of version 3.1.0 of the Tenable App for Microsoft Sentinel! This release includes several key updates, enhancements, and expanded functionality to help you get the most from your integration. Download and Install the App: Tenable App for Microsoft Sentinel - Azure Marketplace (https://azuremarketplace.microsoft.com/en-us/marketplace/apps/tenable.tenable-sentinel-integration) Documentation: Installation and Upgrade Guide (https://docs.tenable.com/integrations/Microsoft/Azure/Content/install-sentinel.htm) Changelog: What's New in v3.1.0? Updated Python runtime to 3.12 Upgraded pyTenable SDK to v1.7.4 Added Support for Web Application Scanning (WAS) Asset and Vulnerability data ingestion Bug fixes and Architectural Redesign Replaced Queue Trigger functions with Durable Functions Added support for Microsoft's Log Ingestion API, including updated papers and playbooks Important Upgrade Information Do not attempt an in-place upgrade. You must remove the existing Function App and associated resources before deploying 3.1.0. This release conforms to Microsoft's new requirements and uses Microsoft's new Log Ingestion API (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-portal), which relies on Data Collection Rules (DCRs) and Data Collection Endpoints (DCEs). Due to DCR constraints, tables from previous versions are not compatible and cannot be used. For detailed, step-by-step guidance, refer to the official documentation above. Questions? We're here to help! Reach out to us at connect.tenable.com. - Ahmad Maruf Product Manager Tenable Ecosystem
