Software-update: Nessus 8.1.0

Nessus is een securityscanner die een netwerk kan scannen op bekende exploits en openstaande services. Resultaten kunnen vervolgens in verscheidene rapporten weergegeven worden. Ook kan de software geïntegreerd worden met andere pakketten, zoals CyberArk voor credentialmanagement en mdm-software van Microsoft, Apple, MobileIron en AirWatch. Nessus wordt in drie verschillende smaken uitgegeven: de gratis te gebruiken Home-editie, en de betaalde Professional- en Manager-edities. Tenable heeft Nessus 8.1.0 uitgebracht met de volgende aanpassingen:

New Features

The following are the new features included in the Nessus 8.1.0 Release:

• Dynamic Scan Policies – Often you may need to scan your client's environment for vulnerabilities with a specific type of behavior, for example, all vulnerabilities with a known exploit. In the past, with each plugin release, users would have to add each of these plugins to their policy manually. Now, using Dynamic Scan Policies, users can build a scan by creating a specific filter, e.g., all exploitable, and incorporating the filter into the scan policy. By using these filters with your scan policies, new plugins that match the filter are automatically added to the policy.
• Revamped Advanced Settings Page - Improved the Advanced Settings UI to allow for a more straightforward view of these advanced controls.
• Remote Log Extraction - Troubleshooting scans and agents can be a significant challenge. With the release of 8.0, we simplified this by allowing users to collect local logs directly from the UI. With this release, we are laying the foundation to also be able to request remote logs from managed scanners and agents.
  Note: Scanners need to be running 8.1 above and agents need to be running 7.2 (not yet released).
• Internationalized Dates - Update the Nessus UI to use the international standard date notation, YYYY-MM-DD, where dates are shown.
• Update to SSL Ciphers - Use strong ciphers by default when negotiating SSL connections.
• Non-credentialed scan optimization - To decrease the time it takes to run scans, we have updated the logic for non-credentialed scans launched from Nessus to avoid running specific plugins that require credentials to work. Additionally, this significantly improves scan times for Host Discovery scans.

Bug Fixes

• Fixed issue with vulnerability found on port 8834
• Corrected issue where unlinked Agents counted towards license usage in Nessus Manager
• Fixed issue that prevented hosts that included an underscore in their name from being scanned
• Fixed issue that could cause the SecurityCenter scan status bar to read greater than 100%
• Fixed issue that caused a crash when scanner metrics were shut down
• Fixed issue on FreeBSD with scanning targets not on the local subnet
• Fixed issue with honoring the 'Scan IP addresses in a random order' setting
• Fixed issue with detecting IP address aliases on a network interface