Configure Tenable OT Security (ICP)
Connect to OT Security (ICP) by creating the account configuration.
To configure your account for Tenable OT Security (ICP):
-
Navigate to the Tenable Add-on for Splunk > Configuration.
-
Under the Account tab click Add.
-
Select TOT (ICP) in the Tenable Account Type drop-down.
-
Enter the necessary information for each field. The following table describes the available options.
Input Parameters Description Account Name (Required) The unique name for each Tenable data input. Tenable Account Type (Required) The type of Tenable account. Address (Required) The FQDN, or IP, of your server for this account without scheme (i.e., http:// or https://) in the TOT field. API Secret (Required) Tenable OT Security API access key. Note: For more information on API keys, see Generate an API Key.
Note: SSL Verification - Splunk requires all connections to verify SSL by default and not be configurable via the UI. To configure your TSC connection to not verify SSL certificate you will need to modify {SPLUNK_HOME}/etc/apps/TA-tenable/bin/tenable_consts.py and set to verify_ssl_for_ot = False.
Use Custom CA Certificate Check this box if you are using a Custom CA Certificate. Custom CA Certificate Enter the Custom CA Certificate for this account. Proxy Enable (Optional) Enables the plugin to collect Tenable OT Security data via a proxy server. If you select this option, the plug- in prompts you to enter the following:
- Proxy Type - the type of proxy used.
- Proxy Host - the hostname or IP address of the proxy server.
- Proxy Port - the port number of the proxy server.
- Proxy Username - the username for an account that has permissions to access and use the proxy server.
- Proxy Password - the password associated with the username you provided.
-
Click Add to save the configuration.
Next steps
- Create an Input for the Tenable Add-On for Splunk.