Tenable OT Security Log Extension for QRadar

Overview

Tenable OT Security enables operational engineers and cybersecurity personnel to gain visibility into, and control over, Industrial Control System (ICS) networks. Through its policies and alerts mechanism, Tenable OT Security generates real-time alerts that are accurate, actionable, and customized for each network and its unique needs.

Tenable OT Security detects unauthorized changes made to industrial processes in ICS networks. It can produce various alerts on changes in the configuration of controllers (PLC, DCS, IED), details, communications, and alert on a range of network attack vectors that may threaten industrial processes. Tenable OT Security also actively verifies the controllers’ configuration and alerts on changes made to them.

Tenable OT Security reports these alerts to QRadar via Syslog. For each individual policy, users can decide whether an alert should be sent to QRadar via Syslog; this offers them maximum control over which information is being sent.

Installing the Tenable OT Security Extension

In order to integrate Tenable OT Security with your QRadar system, you need to download the Tenable OT Security extension from the IBM X-Force Exchange and install it.

To download and install the extension:

1. In the IBM QRadar console, open the Admin tab.

2. In the System Configuration section, click on Extension Management.

   

3. In the Extension Management window, click Add and select the TenableotCustom_ext archive file.

4. Select the Install Immediately checkbox to install the extension immediately. Before the extension is installed, a preview list of the content items is displayed.

Configuring a Tenable OT Security Log Source

To configure Tenable OT Security as a log source:

1. In the Data Sources section of the Admin tab, click on Log Sources.

   

2. In the Log Source window click on Add.

   

3. The Add a log source window opens.

   

4. In the Log Source Type field, select Tenable.ot.

5. In the Log Source Extension field, select TenableotCustom_ext.

6. Fill in the additional fields as needed and click Save.

For information on how to send alerts to QRadar, see Sending Tenable OT Security Alerts to QRadar.