VMWare vCenter Integrations Functionality Changes Summary...
VMWare vCenter Integrations Functionality Changes Summary We will be releasing changes to the functionality of the VMWare vCenter Integrations, this document will describe those changes. These changes do not affect the discovery and reporting of VMware Security Advisories. Vulnerability Management There will be no changes to the discovery and vulnerability assessment functionality of the for vCenter and ESXi. Tenable is able to collect required versions unauthenticated using vmware_vsphere_detect.nbin (57396) and vmware_vcenter_detect.nbin (63061). These checks can be found in the VMware ESX Local Security Checks plugin family and require no authentication via the integration. vCenter Integration Informational VIBs and Host data With authentication via the VMWare vCenter Integrations we are able to collect vCenter Installation Bundle (VIB) data, this is a full package list of all installed packages on each ESXi host managed by vCenter. Prior to the upcoming changes VMware vCenter integration collects data from both the REST and SOAP API endpoints. Once the changes get released this functionality will be split into two different collections methods in separate plugins. Plugin 63062, vmware_vcenter_collect.nbin will be used to collect VIB and Host data from the REST API. This will work against vCenter versions 7.0.3 and later. Plugin 180178, vmware_vcenter_collect_legacy.nbin will be used to collect DIB and Host data from the SOAP API. This will work against vCenter versions 6.x and earlier. We will no longer support new features or patches to this plugin going forward but intend to leave it enabled for those that would like to use it against end of life targets. The integration will supply a list of all active and inactive VMs discovered on each ESXi host in the following plugins vmware_vcenter_active_vms.nbin, vmware_vcenter_inactive_vms.nbin, vmware_active_vms.nbin and vmware_inactive_vms.nbin. vCenter Integration Auto Discovery Auto Discovery of ESXi host and virtual machines is a feature that allows Tenable to find and add targets to the scan that were not targeted during Scan Policy creation. This saves time from having to know all the targets ahead of time when scanning vCenter servers. As part of the upcoming changes we have moved this feature into a new plugin vmware_vcenter_auto_discovery.nbin (180179). This feature requires vCenter Integration authentication against VMWare vCenter version 7.0.3 and later with the REST API enabled. The UI has two options for selecting either ESXi hosts or virtual machines to be discovered and added to the scan. Audit and Compliance Nessus has the ability to scan ESXi and vCenter servers, with CIS, DISA and best practice audits. These compliance checks are done with vmware_compliance_check.nbin and the functionality of these will not be impacted by the other changes made to the vCenter integration. Impacted Plugins Tenable Plugin Name (Plugin ID) : Supported VMware Versions vmware_vcenter_collect.nbin (63062) : 7.0.3+, 8.0+ vmware_vcenter_collect_legacy.nbin (180178) : 6.x vmware_vcenter_auto_discovery.nbin (180179) : 7.0.3+, 8.0+ vmware_vsphere_detect.nasl (57396) : 5.x, 6.x, 7.x, 8.x vmware_vcenter_detect.nasl (63061) : 5.x, 6.x, 7.x, 8.x vmware_vcenter_active_vms.nbin (84340) : 5.x, 6.x, 7.0.3+, 8.x vmware_vcenter_inactive_vms.nbin (84341) : 5.x, 6.x, 7.0.3+, 8.x vmware_vcenter_installed_vibs.nbin (154017) : 5.x, 6.x, 7.0.3+, 8.x vmware_installed_vibs.nbin (57400) : 6.x vmware_active_vms.nbin (57397) : 6.x vmware_inactive_vms.nbin (57398) : 6.x vmware_compliance_check.nbin (64455) : 6.x, 7.x Documentation Updates In addition to these changes all documentation related to the VMware vCenter integrations will be updated accordingly to reflect these changes. Target Release Date Monday September 11, 2023VMWare vCenter Integrations Change In Reporting Summary...
VMWare vCenter Integrations Change In Reporting Summary Tenable will be changing how authentication is reported for VMware vCenter Integrations in an upcoming release. The VMWare Security Advisories do not require authentication and will be correctly reported for the VMWare vCenter Integration. The first change will be to remove authentication reporting from plugins 122502 and 122503 “Integration Credential Status” for plugin 63062 the VMware vCenter Data collector that uses the REST API to collect data. The integration will now report its own authentication issues. Tenable will not be changing reporting for 180178, the VMware vCenter Legacy Data collector that uses the SOAP API to collect data. This will continue to report authentication failures due to the legacy method for vulnerability data being used from the integration’s VIB data. These changes are to help improve the clarity and overall reporting of the authentication status for the VMWare vCenter Integrations. As failed authentication does not mean that VMWare Security Advisories will be missing and has caused misleading issues for end users of the integration. Impacted Plugins 180178 : VMware vCenter Legacy Data Collection 63062 : VMware vCenter Data Collection 122502 : Integration Credential Status by Authentication Protocol - Valid Credentials Provided 122503 : Integration Credential Status by Authentication Protocol - Failure for Provided Credentials Impacted Tenable.sc Dashboard Components Authentication Summary - Authentication Plugin Indicator Operations - Hosts with Vulnerability Scanning Issues Impacted Tenable.sc Dynamic Assets Hosts with Successful Patch Management Authentication Hosts with Failed Patch Management Authentication Impacted Tenable.io Vulnerability Management Content 122503 widgets - Scan Troubleshooting Plugins (Explore) widgets - Scan Authentication Summary (Explore) 122502 widgets - Scan Information Plugins (Explore) 63062 widgets - Authentication Searches (Explore) widgets - Scan Information Plugins (Explore) 180178 Currently not used in any content Target Release Date Monday September 11, 2023