Machine Learning SinFP Model Updates for OS Fingerprinting
Summary Updates have been released for the Tenable MLSinFP model, which predicts a host's OS based on SinFP fingerprints, by rebuilding it on a newer tech stack, incorporating new features, and using a larger dataset, resulting in improved accuracy of 67%. Change Before this update, plugin 132935 “OS Identification: SinFP with Machine Learning” was targeting operating systems commonly seen up to January 2021; consequently any newer OSs were not available as predictions. Additionally, the plugin solely relied on TCP header information for model features. After this update, the plugin targets operating systems commonly seen up to May 2025. Additionally the training dataset is larger (was 700K records, now 1.8M) and more varied (was 6K distinct SinFP fingerprints, now 100K), the predicted OSs names are cleaner and more consistent, and model features other than TCP header information are relied on. Ultimately these changes resulted in the plugin's balanced accuracy increasing to 67% (was 54%). Impact Remote detection of operating systems based on the MLSinFP method will have a slightly higher confidence score. Assets whose operating system was determined based on this method might have a different detected operating system. Plugins 132935 - OS Identification: SinFP with Machine Learning Target Release Date September 30, 2024
Fudo Security API v2 Compatibility
Summary Tenable is proud to announce compatibility with Fudo API v2. Customers now have the option to use both the API v2 and API v1 of the Fudo Security Privileged Access Management (PAM) solution. The API v2 uses API key authentication and not username and password, so customers using the integration credential now have a field for API URL and API Key. Further information regarding these changes and other helpful configuration tips for scans can be found by following the provided link to the FUDO section of Tenable's documentation page. Impact Existing scan configurations remain unaffected. Customers utilizing the integration will observe that the integration collects identical information, irrespective of the API version employed. Target Release Date 09/16/2025 for TVM and Nessus, TBD for SCInclude/Exclude Path and Tenable Utils Unzip added to Log4j Detection
Summary Tenable has updated the Apache Log4j detection plugins. The Windows plugin will now honor the Include/Exclude Filepath configuration option. The Linux/UNIX plugin will now use the version of ‘unzip’ supplied with the Nessus Agent, when enabled in the Agent’s configuration, and correctly inspect the MANIFEST.MF and pom.properties files. Change Before this update, plugin 156000, Apache Log4j Installed (Linux / Unix), would fail to detect Log4j in specific scan scenarios. The plugin uses several inspection methods to determine if a JAR file is a copy of Log4j. During Nessus Agent scans, as well as scans with ‘localhost’ as a target, the plugin was not properly executing the unzip command to inspect META-INF/MANIFEST.MF and pom.properties files in the JAR archive. If this method was the only option that would result in a successful detection, the copy of Log4j would not be detected properly. In addition, the plugin had failed to launch the unzip binary supplied with the Agent when inspecting files in JAR archives. Note: The Nessus Agent can be configured to use find and unzip binaries that it provides, instead of those supplied by the asset’s operating system. See https://docs.tenable.com/vulnerability-management/Content/Scans/AdvancedSettings.htm#Agent_Performance_Options for more information. Also before this update, plugin 156001, Apache Log4j JAR Detection (Windows), would fail to honor the directories included or excluded for full-disk searches configured in the Windows Include Filepath and Windows Exclude Filepath directives in the Advanced Settings of a scan config. Note: Configuration of these options is described in https://docs.tenable.com/vulnerability-management/Content/Scans/AdvancedSettings.htm#Windows_filesearchOptions. After this update, plugin 156000 will use the Agent-supplied copy of unzip when configured to do so. If this option is not enabled in the scan config, the plugin will use the existing method to find and execute an archive utility supplied by the asset’s operating system. In either case, the plugin will properly inspect Log4j’s MANIFEST.MF and pom.properties files as a version source. Plugin 156001 already properly inspects these files. Also after this update, plugin 156001’s Powershell code will now honor directories included or excluded by the Filepath directives. Plugin 156000 already supported this feature. Impact When scanning Linux / UNIX assets via 'localhost' (i.e. scanning the scanner itself) or with the Nessus Agent, additional Log4j instances from MANIFEST.MF or pom.properties sources may be reported. For Linux Nessus Agents with "Use Tenable supplied binaries for find and unzip" enabled and "Agent CPU Resource Control - Scan Performance Mode" set to Low, plugin 156000 will now properly limit CPU usage during scans. As noted in the product documentation, “Note: Setting your process_priority preference value to low could cause longer running scans. You may need to increase your scan-window timeframe to account for this value.” Customers should be aware of this configuration setting and potential changes to the results provided in the Log4J detection results. When scanning Windows targets, Log4j JAR files stored in paths specified in the Windows Exclude Filepath configuration will no longer be detected. Log4j JAR files stored in paths or drives specified in the Windows Include Filepath configuration that had not been previously scanned will now be detected, assuming they can be assessed before the plugin’s configured timeout has been reached. Plugins 156000 - Apache Log4j Installed (Linux / Unix) 156001 - Apache Log4j JAR Detection (Windows) Target Release Date September 1, 2025Nutanix Prism v4 API Compatibility
Summary Tenable is proud to announce compatibility with the version 4 of the Nutanix Prism Central REST API. This provides compatibility with current and future versions of Nutanix Prism. Change Tenable is adding support for API v4 but preserving support for API v3. Customers for whom API v4 is not available will continue to use v3. For all other customers, Tenable’s Nutanix Prism integration will automatically use API v4. Impact Customers should not see scan results change. The integration collects the same information regardless of the API version in use. Customers with Nutanix Prism Central are encouraged to update plugins to utilize the latest version of the integration. Target Release Date 26 Aug 2025 for T.VM, Nessus, and T.SC.Excluding the SUSE Linux Snapshots directory from Language Library enumeration
Summary The “language library” enumeration plugins will now exclude SUSE Linux’s snapshots directory when searching the filesystem. Change Before the update, when enumerating “language libraries” - such as Python packages, Node.js modules, etc. - on SUSE Linux hosts that use btrfs as their filesystem, reduced scan performance was observed. This is because btrfs creates and maintains snapshots in the /.snapshots directory, which can contain multiple redundant copies of files. This caused unnecessary processing on thorough scans. After the update, this snapshots directory has been excluded from searches executed by the find command for language library enumeration plugins on SUSE Linux. Impact This change is expected to improve the performance of scans on SUSE Linux assets. If language libraries were present in snapshots directory, they will no longer show up in Tenable scan results, along with any associated vulnerabilities. If customers would like to scan the snapshots directory, the "Include Filepath" option in the Advanced Scan Settings configuration can be used to force the scanning of these paths. Plugins 178772 - Node.js Modules Installed (Linux / Unix) 190687 - NuGet Installed Packages (Linux / Unix) 164122 - Python Installed Packages (Linux / Unix) 207584 - Ruby Gem Modules Installed (Linux / Unix) Target Release Date September 3, 2025Nutanix Prism Central PAM Support
Summary Tenable is pleased to announce the addition of another authentication method for the Nutanix Prism Central credential. We now offer Privilege Access Manager (PAM) Integration support within the Nutanix Prism Central credential. This feature allows customers to authenticate to Nutanix Prism Central using either username and password credentials or one of our PAM integrations. Scope When configuring credentials for Nutanix Prism Central under Miscellaneous credentials, customers will now find a new dropdown option ‘Nutanix Prism Central Authentication Method’. This allows them to authenticate using a username and password or by selecting a PAM and subsequently inputting the necessary credential fields for the chosen PAM. Supported PAM Integrations in this Release: Arcon BeyondTrust Password Safe CyberArk Delinea Secret Server Fudo HashiCorp Vault QiAnXin SenhaSegura WALLIX Bastion Plugin Impact For any issues related to the use of PAM authentication with Nutanix Prism Central, please refer to the new log located within the Debugging Log Report. Example If using Nutanix Prism Central with Fudo support, the file will display as “nutanix_settings.nasl~Fudo”. Release Date Tenable Vulnerability Management and Nessus Manager: July 21st, 2025 Tenable Security Center: TDBCisco Meraki Integration
Summary Tenable is proud to announce our new integration with Cisco Meraki Dashboard. Cisco Meraki Dashboard is a centralized cloud-based platform used to manage and monitor Cisco Meraki devices. It provides a web-based interface for configuring, troubleshooting, and securing global network and IoT deployments. Tenable’s integration with the Cisco Meraki Dashboard API allows users to leverage our vulnerability management solutions against devices that are managed in their Meraki environment including security appliances, switches, routers, and other supported devices. Scope Customers using Tenable Vulnerability Management and Nessus Manager will be able to configure up to a maximum of five Cisco Meraki credentials in a single scan policy. The Cisco Meraki credential can be found under the "Miscellaneous" category of credentials. Detailed information about the integration and configurations can be found by visiting our integration documentation page in the link for Cisco Meraki. https://docs.tenable.com/Integrations.htm Plugins Plugins related to the integration can be divided into two categories; integration and supporting plugins. The integration plugins gather the credential settings, collect data from the Cisco Meraki API, and store this data for usage by the supporting plugins. Whereas supporting plugins detect the presence of Cisco Meraki devices and perform vulnerability detections against the device attributes; mainly primarily firmware. Integration Plugins Cisco Meraki Settings Cisco Meraki Data Collection Integration Status Supporting Plugins Cisco Meraki Detection Tenable Research will also release 6 initial plugins to detect Cisco Meraki versions vulnerable to several different high-impact CVEs. Please note that these plugins will require a paranoia level of 2 (“Show potential false alarms”). Impact The Nessus Scan Information plugin (plugin ID 19506) will report credentialed checks for Cisco Meraki devices through the use of the Cisco Meraki integration. Customers will see credentialed checks ‘no’ if a Cisco Meraki Device was detected while using the integration and the firmware version that we collected for the device is not configured or absent. Otherwise, customers can expect to see ‘yes, via HTTPS’ if successful. Release Date Tenable Vulnerability Management and Nessus Manager: July 3rd, 2025 Tenable Security Center: TDBKerberos Authentication Support for PAMs
Summary We are proud to announce that Tenable customers can now use Kerberos Target Authentication with our Privilege Access Manager (PAM) Integrations. Support for this method of target authentication was previously only available for our CyberArk, Hashicorp Vault, Windows, and SSH based credentials. We have now broadened this capability to encompass all PAMs documented below. Scope Customers will see a new option called ‘Kerberos Target Authentication’ in the credential field for each PAM. By default, the ‘Kerberos Target Authentication’ option is disabled. If enabled, customers will see four additional fields for configuring kerberos. Supported PAM Integrations in This Release: Arcon BeyondTrust Password Safe Delinea Secret Server Fudo QiAnXin Senhasegura WALLIX Bastion Impact This has no impact on credentials configured prior to the release of this feature. In addition there are no impacts to existing plugins. Release Date 6/23/2025 for Nessus and TVM TBD for Security CenterDelinea Secret Server Auto-Discovery
Summary Tenable is proud to announce a new feature to the Delinea Secret Server Privileged Access Management (PAM) integration. This feature introduces a new authentication type, Delinea Secret Server Auto-Discovery which can be selected in Windows, SSH, or Database credentials of credentialed scans. Delinea Secret Server Auto-Discovery is available alongside the current Delinea Secret Server integration. When using Auto-Discovery, scans will collect both scan targets and their respective credentials from Delinea Secret Server, eliminating the need to manually add specific targets to the scan. Auto-Discovery also eliminates the need to create multiple credentials when the scan targets have different login usernames or passwords. How it Works Delinea Secret Server Auto-Discovery will dynamically add scan targets to a scan; however, the scan will require an initial target to be defined in the target list to begin the collection. This initial target is generally arbitrary, but it must be a valid address or hostname. Some possibilities include just one of the scan targets, the scanner’s address, hostname, or even “localhost”. During the initial collection, plugins will request accounts and their associated hostnames or addresses. Then, these plugins will inject the collected hosts along with their respective credentials for the remainder of the scan. This initial collection occurs at the beginning of the scan, in the following plugins: Database: pam_database_auto_collect.nbin SSH: pam_ssh_auto_collect.nbin Windows: pam_smb_auto_collect.nbin After these plugins successfully inject the scan targets and their credentials, the remainder of the scan completes like a normal credentialed scan. Each collected target will have its credentials automatically associated with it, which eliminates unnecessary logins with incorrect credentials. Changes and Important Notes The current Delinea Secret Server integration will remain unchanged. For Delinea Secret Server Auto-Discovery to be able to use a secret, it must have an associated address or hostname. The secret must be created with a template type that includes either a “Machine” or “Server” field. While Delinea Secret Server Auto-Discovery eliminates the need to configure multiple credentials in a single scan, it is still possible to create up to five credentials in a single scan. This can be used to combine multiple bulk queries of accounts, if desired. Users of the new Delinea Secret Auto-Discovery feature can find status-related messages in the output of the Integration Status (204872) plugin. This feature is similar to the CyberArk Auto-Discovery feature. Please refer to the documentation for more information: https://docs.tenable.com/integrations/Delinea/Content/dynamic-scanning-intro.htm Impact This change does not affect the existing Delinea Secret Server integration, so existing scans will not be affected. Users are encouraged to look into the new option and its associated documentation. Release Date Tenable Vulnerability Management and Nessus: June 3, 2025 Security Center: TBDKACE Unified Endpoint Management End-of-Support
Summary Effective immediately, Tenable has discontinued support for KACE Unified Endpoint Management Software by Quest. This applies to all previous and current versions of the software. Change Discontinued support of the Tenable integrations for KACE Unified Endpoint Management Software. Impact Customers may continue to use this integration. However, there will be no support or future updates made to these integrations. Release Date Effective Immediately