Install OT Security on Tenable Core

Tenable-provided hardware appliances come with the OT Security application pre-installed. When deploying OT Security on custom hardware or virtually, it is required to initiate the installation process manually.

Note:Before initiating the OT Security application installation, assign roles for each interface. Make sure that you configure the interfaces in Tenable Core and prepared the network infrastructure to allow proper connectivity. For more information, see Network Considerations and Connect OT Security to Network.

Before you begin

  • Make sure you have Administrative access.

  • Make sure that you have SSH or Cockpit access on Tenable Core virtual and physical appliances.

    Note: Administrator accounts can become inaccessible if you do not periodically sign in and update your password. If an administrative account gets locked due to password expiration, you can unlock the account using the remote unlock utility. This utility allows an ICP to remotely unlock its connected sensors and an OT Security Enterprise Manager (EM) to remotely unlock its connected ICPs in the event of an account lockout. For more information about using the utility, see the Knowledge Base article, Leveraging the Remote Unlock Feature in Tenable Core.

To install OT Security in Tenable Core:

  1. Log in to Tenable Core from your Chrome browser: https://<mgmt-ip>:8000.

  2. Navigate to OT Security.

    The OT Security page appears.

    Note: On virtual machines and non-Tenable hardware, you are prompted to install OT Security.

  3. Click Install Tenable OT Security.

    Tenable Core initiates the installation and displays a yellow banner with the message: OT Security is being installed or upgraded and will be available again when the operation completes.

    When the installation is complete, the yellow banner disappears and the License status changes from Unavailable to Uninitialized .

  4. (Optional) Select the interface roles.

    Note: You can choose to retain the default configuration. The default interfaces configuration includes Port 1: Management + Active Query and Port 2: Passive Monitoring.

    1. In the Split Port Configuration Info section, click Change split-port settings.

      The Enable/Disable Split Configuration of OT Security window appears.

    2. In the Management (The OT Security Web UI) box, move the management port to another interface, for example, Port 3.

    3. (Optional) In the Active queries gateway box, provide the gateway IP address.

    4. Click Update split-port configuration and restart OT Security.

    Tenable Core initiates a restart or installation as required.

Caution: Do not install other updates or restart at this stage. The installation process may take some time to complete. Do not disrupt the installation process.

When the installation is complete, you can click the link in the URLs box to log in to the OT Security user interface.

What to do next

Configure OT Security Settings using Setup Wizard