QiAnXin PAM Integration Release Summary We are proud to...
QiAnXin PAM Integration Release Summary We are proud to announce the QiAnXin Privileged Access Management (PAM) integration. The integration can gather credentials from the QiAnXin PAM solution to be used for target authentication. This will be available in Tenable Vulnerability Management and Nessus Manager, with plans to release this feature in Tenable.sc in the near future. The QiAnXin PAM integration supports SSH (with privilege escalation), SMB (Windows), and database target authentication. With this addition, customers will benefit from streamlined privileged access to use in credentialed vulnerability scans, providing a more comprehensive understanding of their cyber exposure. Supported Authentication Types SSH integration includes least privilege, privilege escalation, and SSH key authentication. SMB (Windows) integration includes domain configuration. Database integration includes the following database types: Oracle SQL Server MySQL MongoDB PostgreSQL DB2 Target Release Date 11/20/2023Delinea Integration API Key Support Summary Tenable has...
Delinea Integration API Key Support Summary Tenable has added the ability to authenticate to Delinea Secret Server PAM integration using an API key. Change A new dropdown, “Delinea Authentication Method” has been added for which there are two choices, “Credentials” and “API Key”. Credentials, the default, was previously the only option for Delinea authentication. When the “Credentials” option is selected, you supply a username and password. When “API Key” is selected, you enter an API token instead. An API token can be generated in the Delinea Secret Server web interface, under “User Preferences”. Prior to this change, there is no choice but to use login name and password: With the change, the default behavior remains to enter credentials: When “API Key” is selected, you may enter the API key instead: The Documentation has been updated to refer to the new options for Tenable Vulnerability Management and Nessus (Windows, SSH), and will be for Tenable Security Center (Windows, SSH). Impact It is optional to use an API key to authenticate, and the default authentication method will remain credentials. Existing configurations should not be affected. Release Date Immediate for Nessus and VM TBD for SCBeyondTrust Integration Query Optimization Summary In an...
BeyondTrust Integration Query Optimization Summary In an effort to improve performance and usability, we have made changes to the BeyondTrust integration. We have reduced the overall number of API calls, changed the requirements to register target systems, and introduced caching of domain-linked accounts. A domain-linked account is a managed account of a domain, which is linked to a managed system. A domain-linked account is also known simply as a “linked account”. Changes When using domain-linked accounts, it is no longer necessary to register individual targets in BeyondTrust, with three caveats: You will still need to add any targets for which you would like to use privilege escalation, because these targets must have their escalation command set. Domain-linked accounts must be linked to at least one managed system in BeyondTrust, therefore at least one target system must be registered in BeyondTrust. In order to uniquely identify domain-linked accounts, the domain must be specified in the credential settings. If the domain is not specified in the credential settings, then the target must be registered in BeyondTrust and the domain account must be linked to it. We are adding caching of domain-linked accounts, with the caveat that in order to use the cache the domain must be specified in the credential settings. There is no change to local accounts (managed accounts of managed systems). When registering target systems, it is no longer necessary to register them both as assets and as managed systems, it is sufficient to just register them as managed systems. Impact If you are using the BeyondTrust integration and domain-linked accounts, please review your credential configurations. Tenable recommends specifying the domain for Windows domain-linked accounts. Applies To Tenable Nessus Tenable Vulnerability Manager Tenable Security Center Target Release Date August 14th
