Nessus - Enhanced Reporting for Active Directory Plugins

Summary: 

In an effort to improve readability in the Active Directory Enumeration plugin results, we are making a change to how the hosts are referenced and displayed in the Nessus UI. 

Issue & Changes:

The Active Directory Enumeration plugins (AD Scan) plugins are not searchable in Tenable.io.  To ensure consistency across all Tenable products, host reporting will be updated to use the Domain Controller IP instead of the current format of  "AD Enumeration: domain". This makes the reporting consistent across Nessus Pro, Tenable.sc and Tenable.io. 

Potential Impacts: 

Any reliance on the presence of the string “AD Enumeration:  ” in the host name outside of Tenable’s product reporting would need to be reviewed. 

Tenable Plugins: 

69236 - Active Directory - Enumerate Computer Objects

69237 - Active Directory - Enumerate Directory Trusts

69238 - Active Directory - Enumerate Group Memberships

69239 - Active Directory - Enumerate Users and Groups

69556 - Active Directory - Enumerate User Account Policy

150480 - AD Starter Scan - Kerberoasting

150481 - AD Starter Scan - Weak Kerberos encryption

150482 - AD Starter Scan - Kerberos Pre-authentication Validation

150483 - AD Starter Scan - Non-Expiring Account Password

150484 - AD Starter Scan - Kerberos Krbtgt

150485 - AD Starter Scan - Unconstrained delegation

150486 - AD Starter Scan - Dangerous Trust Relationship

150487 - AD Starter Scan - Primary Group ID integrity

150488 - AD Starter Scan - Null sessions

150489 - AD Starter Scan - Blank passwords

Target Release Date: 

July 30, 2021