Manage Data Updates
The Manage Data Updates option allows you to centralize distribution of bulk ruleset updates, including plugins, Intrusion Detection Systems (IDS), and Dynamic Fingerprinting Engine (DFE) rulesets. You can use this option to manage updates for all your connected ICPs across various environments, even those with limited or no internet access. In air-gapped or internet-restricted sites, the EM acts as a proxy and facilitates the delivery of updates from Tenable feed to ICPs.
Using centralized update management from EM, you can make sure that your entire environment is running the latest rulesets.
To manage updates from EM:
-
In the left navigation bar, click ICPs.
The ICPs page appears with the list of paired ICPs.
-
To manage data updates, do one of the following:
To update a single ICP:
-
Do one of the following:
-
In the ICPs table, select the checkbox next to the ICP you want to update.
OT Security EM enables the Actions button in the header bar.
-
Right-click the ICP you want to update.
A menu appears.
-
-
Click Manage Data Updates.
The Manage Data Updates panel appears.
To update multiple ICPs:
-
In the ICPs table, select one or more ICPs.
OT Security EM enables the Action button in the header bar.
-
Click Actions > Manage Data Updates.
The Manage Data Updates panel appears.
-
-
In the Update Method section, select one of the following options:
-
Online Cloud Update:
Use this option to fetch the latest rulesets directly from the Tenable Feed and push them immediately to selected ICPs.
To update ICPs using the online method:
-
Select the Online Cloud Update option and click Next.
The Update section appears with the latest Nessus plugin, DFE update version, and the IDS Engine Ruleset versions. All ruleset options are selected by default.
-
Retain the default selections or clear the checkboxes for options you do not require.
-
Click Apply.
OT Security EM connects to the Tenable feed, downloads the latest rulesets, and sends them to the selected ICPs.
-
-
Upload File
Use this option to manually upload an offline ruleset file and distribute it to selected ICPs. This option is ideal for air-gapped environments. Once uploaded, OT Security EM pushes the file to the selected ICPs.
To update ICP by uploading a ruleset file:
-
Select the Upload File option and click Next.
The Update section appears.
-
Select one of the following options:
- Nessus Plugin Set (Default)
-
Dynamic Fingerpringing Engine (DFE)
-
IDS Engine Ruleset
-
To download the latest file, click the Download the latest <Nessus, DFE, or IDS> file link.
OT Security EM downloads the latest file.
-
In the Drop File Here box, click Browse to select the downloaded file and upload it.
-
Click Apply.
OT Security EM pushes the uploaded file to the selected ICPs.
-
-
Recurring Updates Schedule:
Use this option to set automatic updates by ruleset and time. The schedule runs in the ICP’s time zone and overrides any existing ICP-level schedule.
To update ICPs using the recurring schedule option:
-
Select the Recurring Updates Schedule option.
The Update section appears.
-
Check if the rulesets you want to update are selected. All options are selected by default.
-
Nessus plugin set
-
Dynamic Fingerprinting Engine (DFE)
-
IDS Engine Ruleset
-
-
Click the Enable Recurring Update toggle to enable the recurring update schedule.
OT Security EM displays the schedule settings.
-
In the Repeats Every box, select the number and Days or Weeks.
-
(Optional) If you select Weeks, in the On box, select the days on which you want to schedule the update.
-
In the At box, click the clock icon to display the time window and select the time in the hours: minutes: seconds AM or PM format.
-
Click Apply.
OT Security EM automatically updates the ICPs at the scheduled time. The scheduled update time appears in the ICP table under the Nessus Plugin Set, IDS Engine Ruleset, and DFE Version columns.
OT Security EM updates the selected ruleset type (Nessus, DFE, or IDS) based on the type of update.
Note: In OT Security, you can still manually update the rulesets from Settings > System Configuration > Updates, however, if you schedule the update frequency in EM, OT Security disables the Edit Frequency option until the EM releases the ICP, the systems de-pair, or there’s a license issue. For more information, see Updates.
-
-