Nessus now has Entra LAPS Support Summary: Nessus now has...
Nessus now has Entra LAPS Support Summary: Nessus now has the ability to leverage accounts managed by Microsoft Entra LAPS. How LAPS works: Since LAPS managed accounts have their passwords rotated routinely, users cannot just directly provide the credentials in their Scan Policy. Before this change, users would instead have to make an additional privileged account on each LAPS enabled Host to provide to Nessus. Now that Nessus can communicate with an Entra LAPS setup, customers no longer need to have or provide those extra privileged accounts. This means less exposure and less redundancy in a customer’s environment. Change: With this LAPS support change, during the startup phase of a scan, Nessus will reach out to a Microsoft Entra Tenant and pull a list of all Local Admin Accounts managed by LAPS. Nessus will then attempt to use these Entra provided LAPS managed accounts as credentials when attempting to access a target host. The LAPS credentials found are not stored or kept in the scanner configuration any way and only exist in memory at runtime. Each time a Scan is initiated with LAPS support enabled, it will do a fresh pull of credentials. How to enable it: To make use of Nessus’ Entra LAPS support, customers need a Registered App in their Entra Tenant with the DeviceLocalCredential.Read.All permission. These Registered App permissions are what allows an App to access the LAPS managed accounts. Customers with an existing Registered App can configure them for use in Nessus by simply granting the Registered App the DeviceLocalCredential.Read.All permission, allowing Nessus to access LAPS data. Customers without a Registered App will need to create a new one, and provide it as a [Cloud Services Microsoft Azure/Entra Credential] in your Scan Policy. For additional information see: https://docs.tenable.com/identity-exposure/3_x/Content/Admin/entra_id_support.htm#Configure-Microsoft-Entra-ID-settings and https://docs.tenable.com/vulnerability-management/Content/Settings/Credentials/CreateManagedCredential.htm Impact: Customers using Rotating Host passwords managed through Microsoft Entra LAPS can now leverage these credentials in their Nessus scans for more secure scanning configurations. Target Release Date: Immediate
We're pleased to announce that the new Web Application...
We're pleased to announce that the new Web Application Scanning User Interface is GA for existing customers today. Please note that this is a phased transition process to allow existing users to get familiar with the new UI and limit disruptions to existing scanning workflows. The phases for New UI enablement are as follows: a. Manage scans in Classic/Read results in New – Before users click the “Activate Web App Scanning” button you will have access to scan result data for all scans launched after 6/16/2020 in both UIs. All scan results prior to 6/16/2020 will only be displayed in the Classic UI. Users will continue to setup and manage scans using the Classic UI. b. Read only in Classic/Manage scans in New – After users click the “Activate Web App Scanning” button, all scan configurations will transfer from the classic UI to the New UI and new scans will be configured and managed within the New UI. Scan result data prior to clicking “Activate Web App Scanning” will only exist in the classic UI. All new scan results will only populate in the New UI c. New UI Only – Beginning in December 2020, the Classic UI will be retired and all data will be archived. Links for more information on the transition process and a feature comparison are below: Transition Process: https://docs.tenable.com/tenableio/webapplicationscanning/Content/GettingStarted/ActivateNewWAS.htm Feature Comparison: https://docs.tenable.com/tenableio/webapplicationscanning/Content/GettingStarted/TransitiontoNewWAS.htm For more detailed updates and information on how this transition process effects you specifically, please reach out to your Tenable account representatives.Hello All, I'm excited to announce the newest version...
Hello All, I'm excited to announce the newest version of Tenable.io Web Application Scanning is GA for Tenable.io users who don't currently use WAS. Highlights of the new version include: UI now matches Iris aka "new interface" Unified visibility of web applications and infrastructure with the dashboard system. Users can create custom dashboards using both WAS + VM widgets in the one dashboard Improved detections for Single Page Applications WAS RBAC now applies to all data views, meaning if you don't have access to a scan then you don't see the data in dashboards & workbenches. 2 new scan templates, SSL/TLS to validate you have the right certificate & encryption settings for your server & Config Audit that reviews externally discoverable configuration items that are exposed by webservers. These scans take seconds to set up and return results in minutes. An entirely rebuilt UI core set of services for better UI performance, ease of adding new items, fast response to dashboard queries and built on modern systems that should be much easier to maintain New API to go along with the new UI, versioned as V2
