Tenable OT Security 2023 Release Notes

Tenable OT Security 3.17.24 (2023-10-18)

Tenable One Integration

You can now integrate Tenable OT Security (OT Security) with Tenable One. Integration allows OT Security to send assets and risk scores data to Tenable One. To integrate with Tenable One, you must generate a linking key in Tenable Vulnerability Management and provide it in OT Security. For more information, see Integrate with Tenable One.

Product renaming changes

Tenable.ot is now OT Security.

Upgrade to Tenable Nessus Network Monitor 6.2.3

OT Security now supports Tenable Nessus Network Monitor 6.2.3.

After upgrading to 3.17, you may still see the Tenable.ot logo instead of OT Security.

Resolution: Clear your cache and refresh your browser to see the rename changes.

Tenable OT Security 3.16.55 (2023-07-25)

Vendor and Protocol Support

  • Includes passive detection support for AS-P (SmartX) controllers by Schneider Electric.

  • Improvements to the BACnet client to improve Building Management System (BMS) related device detection. This can result in a significant improvement in the BMS device visibility using BACnet identification queries.

  • Includes additional device signatures in the active fingerprinting engine.

  • Includes passive SNMP support for parsing common SNMP object IDs and fingerprinting devices.

Redesigned Active Queries Management

OT Security now includes more options to control active queries at a granular level.

  • Complete overhaul and redesign for managing active queries in OT Security.

  • Includes option to add granular control over the types of queries, groups of assets queried, or restrictions to queries.

  • Enables the creation of specific IT or OT queries against specific asset groups, on specific schedules.

  • Includes all configurable OT Security queries on a single page. OT Security shows all queries in the Queries Management table in the Active Queries page.

  • You can now access the Queries page from the main navigation bar. The Queries page is now no longer part of Local Settings and is available from the main navigation bar and renamed as Active Queries. Only users who are Administrators or Supervisors can manage this page.

Note: OT Security version 3.16 includes API changes and changes to the active queries and may break any custom or third-party Active Query automation using APIs.

Note: Due to the volume of changes to support the Active Queries feature, all queries will be disabled by default after upgrading to 3.16. Make sure to go to the Active Queries page and re-enable any queries that were running prior to upgrading.

SNMP Visibility Overhaul

You can now collect limitless details from networked devices supporting SNMP in a customizable way.

  • OT Security now passively detects SNMP details for SNMPv1, SNMPv2, and SNMPv2c.

  • Enables the customization of SNMP OIDs that are actively queried for all devices to include new custom OIDs.

  • Includes an expandable configuration for custom SNMP queries mapped to names and OID.

Centralized Sensor Updates

  • OT Security sensors now receive updates directly from OT Security.

  • OT Security now distributes OT Security sensor or Kernel/OS updates by the site (ICP) to all linked sensors.

  • You can now initiate updates to sensors using the Sensors tab in the OT Security interface. To initiate an update, right-click a OT Security Sensor and select Upgrade.

Note: This remote update capability requires paired (authenticated) Tenable OT sensors running 3.16 or later.

Credentials Management

OT Security now allows you to configure device credentials for those cases where credentials are required.

  • OT Security now includes Credentials page for managing credentials. Only Administrators and Supervisors can edit this page.

  • You can now add, remove, and edit IT and OT type credentials.

  • OT Security now includes these new credential types:

    • SEL (Schweitzer Engineering Laboratories)

    • ABB

    • Siemens SICAM

    • Siprotec5

    • Concept

    • Bachmann

Documentation Improvements

  • OT Security User Guide is now available in an HTML-based format, which makes it easier to share and navigate documentation. See OT Security Documentation.

  • You can now download and access the OT Security documentation without a community login account.

    Note: Going forward, all the OT Security documentation will be available on the documentation portal. After September 30, 2023, documentation will no longer be available on tenable.com/downloads.

Ease of Upgrade

  • Versions of OT Security from 3.11 and later can upgrade directly to the OT Security 3.16 version.

  • From this release onwards, you can directly upgrade all releases from version 3.11 and later to the latest OT Security release.

Updated Vulnerability Plugin Capabilities

  • OT Security now displays the plugin output per hit within the product.

  • OT Security now shows better, more descriptive solutions for OT plugins.

  • OT Security vulnerability checks now cover additional device families.

System Health

  • Disk SpaceOT Security now sends notifications when the /opt disk partition is running low on space. This can help prevent situations where all available disk space is consumed, causing product stability issues.

  • Syslog Heartbeat — When configured to send system logs via syslog, OT Security transmits a heartbeat syslog message to the SIEM for easier monitoring of OT Security uptime.

  • API Testing Interface — GraphQL Playground is a graphical interface used for testing API requests. It is disabled by default. This API playground is useful for testing integrations or custom API requests from within the browser. OT Security now includes a Settings toggle to enable or disable the GraphQL Playground. For more information about how to set up and use GraphQL Playground: https://developer.tenable.com/docs/ot-graphiql-playground.

  • Easier AccessOT Security now no longer has a limitation where you could only access OT Security interface on one network or address at any time. You can now access OT Security interface (:443) from all configured network interfaces.

Plugins and Nessus

Note: Starting with version 3.15, OT Security includes the Nessus Scans page for configuring Tenable Nessus scans, which makes the scan configuration easy to manage, flexible, and visible.

  • When a vulnerability plugin is reported for a host, you can now view the plugin's output text for that specific check.

  • OT Security now shows more detailed solutions for OT Security plugins.

  • Tenable Nessus scan now produces an error when all applicable targets are not scanned.

  • OT Security now includes Advanced Scans with all plugins enabled by default, which is the same behavior as the Tenable Nessus interface during scan creation.

  • OT Security now includes an IDS policy and rule group in response to the recent Rockwell ControlLogix advisory.

Enterprise Manager Licensing

The Enterprise Manager (EM) now requires in-product license code to activate the console. Contact your Customer Success Manager if you do not already have an activation code for your EM.

Tenable Software Updates

OT Security now includes all latest General Availability versions of Tenable Nessus and Tenable Nessus Network Monitor (NNM).

Multiple Authentication Servers

OT Security now supports multiple authentication servers. This is helpful if you use multiple SSO or LDAP services across the organization.

Changes to DNS Configuration

DNS server configuration is now removed from the OT Security application. You must now configure DNS only in Tenable Core under Networking.

Vulnerabilities

OT Security now identifies the following new vulnerabilities:

Vendor Family/Model Plugin ID
Honeywell Experion PKS C200, C200E, C300, and ACE 500790-500792
Schneider Modicon, Smartx (AS-P), Powerlogic, Controllogix, wiser_smart, 500793, 500844, 500848-500864, 500866-500871, 500873, 500875, 500879-500880, 500882, 500906-500908, 500910, 500912, 500915, 500918-500919, 500923, 500925, 501143-501144, 501167
Mitsubishi gt25, gt27, Melsec 500794-500799, 500837,500885, 500897, 501166
Wago PFC, 750 500800-500836, 500872, 500876-500878, 500881, 500909, 500911, 500913-500914, 500916-500917, 500920-500922, 500924, 500926, 501165
Siemens Scalance, Sicam, SIPROTEC, Simatic 500838-500843, 500845-500847, 500874,500884, 500886, 500898-500903, 500968-501064, 501067, 501069-501078, 501080-501110, 501114-501126, 501135-501142, 501154
ABB Relion, rex, pni, spiet, pm 500883, 500927-500950, 500967, 501068, 501111-501113, 501127-501134
Tridium Niagara 500887-500896
Rockwell 1700, armorstart 500904-500905, 501155-501164
Automated Logic Corporation Vertiv, CarrierCorporation 500951-500966
Fanuc Robotics 30i 501065-501066
PhoenixContact smartrtu 501079
SEL   501145-501146
Omron NJ, NX 501147-501153
Vendor Product
SEL RTAC
INEA ME RTU
Rockwell DriveLogix
Rockwell ArmorStart
Siemens SCALANCE XM-416
Eaton 9PX
OMRON NX/NJ/CP/CJ/CS/NE
Siemens SicamA8000CP803
ABB Symphony Plus
Siemens SICAM P850/P855
Siemens SICAM A8000 CP-803x
Mitsubishi MELSEC iQ-F
WAGO Edge Controller 752-8303
Siemens SICAM Q100/Q200
ABB M2M Ethernet
Vertiv Liebert SiteScan
Automated Logic WebCTRL
Rockwell

GuardLogix 5380

GuardLogix 5560

GuardLogix 5580
Carrier i-Vu
Siemens

SCALANCE M-Series

SCALANCE S-Series

SCALANCE W-Series

SCALANCE X-Series
Rockwell Micro870
WAGO PFC100/PFC200
Schneider Wiser Smart

There is an issue when filtering for Nessus plugin families during scan creation. Applying a filter for plugin family returns unexpected results.

For more information about the API, see the OT Security API documentation.

Copy 
Type AllOpType was removed
Field canQueryArp was removed from object type Asset
Field canQueryBackplane was removed from object type Asset
Field canQueryCharacteristics was removed from object type Asset
Field canQueryDns was removed from object type Asset
Field canQueryIdentification was removed from object type Asset
Field canQueryNbStat was removed from object type Asset
Field canQueryNessus was removed from object type Asset
Field canQueryNessusAdvanced was removed from object type Asset
Field canQueryNessusAdvanced2 was removed from object type Asset
Field canQueryOs was removed from object type Asset
Field canQueryRunStatus was removed from object type Asset
Field canQuerySnmp was removed from object type Asset
Field canQueryWmiUsb was removed from object type Asset
Field canSnapshot was removed from object type Asset
Type AssetOpType was removed
Field testOsScan was removed from object type Mutation
Field triggerAbbNcDiscovery was removed from object type Mutation
Field triggerAll was removed from object type Mutation
Field triggerAllBackplaneScan was removed from object type Mutation
Field triggerAllCharacteristics was removed from object type Mutation
Field triggerAllNbStat was removed from object type Mutation
Field triggerAllOsScan was removed from object type Mutation
Field triggerAllRunStatus was removed from object type Mutation
Field triggerAllSnapshot was removed from object type Mutation
Field triggerAllSnmp was removed from object type Mutation
Field triggerAllWmiUsbScan was removed from object type Mutation
Field triggerArp was removed from object type Mutation
Field triggerAssetArps was removed from object type Mutation
Field triggerAssetNames was removed from object type Mutation
Field triggerAssetOsScan was removed from object type Mutation
Field triggerAssetWmiUsbScan was removed from object type Mutation
Field triggerBackplaneScan was removed from object type Mutation
Field triggerBacnetDiscovery was removed from object type Mutation
Field triggerBeckhoffDiscovery was removed from object type Mutation
Field triggerCharacteristics was removed from object type Mutation
Field triggerCipDiscovery was removed from object type Mutation
Field triggerCognexDiscovery was removed from object type Mutation
Field triggerDcpDiscovery was removed from object type Mutation
Field triggerFteDiscovery was removed from object type Mutation
Field triggerICSDiscovery was removed from object type Mutation
Field triggerIdentification was removed from object type Mutation
Field triggerMelsecDiscovery was removed from object type Mutation
Field triggerName was removed from object type Mutation
Field triggerNbStat was removed from object type Mutation
Field triggerOpOnAsset was removed from object type Mutation
Field triggerOpOnNetworkInterface was removed from object type Mutation
Field triggerRunStatus was removed from object type Mutation
Field triggerSnapshot was removed from object type Mutation
Field triggerSnmp was removed from object type Mutation
Type GroupedScanQueries was removed
Type NetworkInterfaceOpType was removed
Enum value ForceActiveQueries was added to enum Capability
Enum value ReadActiveQueries was added to enum Capability
Enum value WriteActiveQueries was added to enum Capability
Enum value IcsDiscovery was added to enum FirewallOpType
Enum value InactiveAssetProbe was added to enum FirewallOpType
Field groupedScanQueries was removed from object type Query
Argument force: Boolean added to field Mutation.nessusUserScanAction
Enum value SNMP_TRAP was added to enum ProtocolType
Type ActiveQueriesBlackoutFlag was added
Type ActiveQueriesGlobalConfigs was added
Type ActiveQueriesOpType was added
Type ActiveQuery was added
Type ActiveQueryBase was added
Type ActiveQueryConnection was added
Type ActiveQueryEdge was added
Field canRunActiveQuery was added to object type Mutation
Field checkForSensorUpdates was added to object type Mutation
Field createActiveQuery was added to object type Mutation
Field createAssetDiscoveryQuery was added to object type Mutation
Field createInactiveProbingQuery was added to object type Mutation
Field createPortScanQuery was added to object type Mutation
Field deleteActiveQuery was added to object type Mutation
Field deleteCredentials was added to object type Mutation
Field disableActiveQuery was added to object type Mutation
Field disableBlackoutPeriod was added to object type Mutation
Field editActiveQuery was added to object type Mutation
Field editAssetDiscoveryQuery was added to object type Mutation
Field editInactiveProbingQuery was added to object type Mutation
Field editPortScanQuery was added to object type Mutation
Field activeQueriesBlackoutPeriod was added to object type FlagList
Type AssetDiscovery was added
Type AssetDiscoveryOptionsParams was added
Field queries was added to object type AssetFunction
Field queries was added to interface AssetGroup
Field queries was added to object type AssetList
Field queries was added to object type AssetTypeFamilyGroup
Type DiscoveryQueryTypes was added
Type InactiveProbing was added
Type InactiveProbingOptionsParams was added
Field queries was added to object type IpList
Field queries was added to object type IpRange
Type ItQueryTypes was added
Type MappingRate was added
Field enableActiveQuery was added to object type Mutation
Field runActiveQuery was added to object type Mutation
Field setActiveQueriesConfigs was added to object type Mutation
Field stopActiveQuery was added to object type Mutation
Type OtQueryTypes was added
Type PauseBetweenProbesOptions was added
Type PortScan was added
Type PortScanOptionsParams was added
Type QueriesCategory was added
Field activeQueries was added to object type Query
Field activeQueriesConfigs was added to object type Query
Field activeQuery was added to object type Query
Field activeQueryOps was added to object type Query
Field getDiscoveryEstimation was added to object type Query
Type QueryExecutionAvailability was added
Type QueryExecutionAvailabilityConnection was added
Type QueryExecutionAvailabilityEdge was added
Type QueryStatus was added
Type QueryTrigger was added
Field queries was added to object type SegmentGroup

Changes to the Credential Management page:

Copy 
Field setSshUserInfo was removed from object type Mutation
Field setWmiUserInfo was removed from object type Mutation
Field getSshUserName was removed from object type Query
Field getWmiUserName was removed from object type Query
Type SSHUserInfo was removed
Type WMIUserInfo was removed
Enum value Credentials was added to enum Capability
Type BasicCredentials was added
Type BasicCredentialsTypes was added
Type CredentialSchemaType was added
Type Credentials was added
Type CredentialsCategory was added
Type CredentialsConnection was added
Type CredentialsEdge was added
Type CredentialsLimitExceeded was added
Type CredentialsLimitExceededConnection was added
Type CredentialsLimitExceededEdge was added
Type CredentialsType was added
Field addBasicCredentials was added to object type Mutation
Field addPasswordOnlyCredentials was added to object type Mutation
Field addSnmpV2Credentials was added to object type Mutation
Field addSnmpV3Credentials was added to object type Mutation
Field setBasicCredentials was added to object type Mutation
Field setPasswordOnlyCredentials was added to object type Mutation
Field setSnmpV2Credentials was added to object type Mutation
Field setSnmpV3Credentials was added to object type Mutation
Field testAdHocBasicCredentials was added to object type Mutation
Field testAdHocPasswordOnlyCredentials was added to object type Mutation
Field testAdHocSnmpV2Credentials was added to object type Mutation
Field testAdHocSnmpV3Credentials was added to object type Mutation
Field testCredentials was added to object type Mutation
Type PasswordOnlyCredentials was added
Type PasswordOnlyCredentialsTypes was added
Field credentialsLimitExceeded was added to object type Query
Field credentialsList was added to object type Query
Field credentialsSpecific was added to object type Query
Type SnmpV2Credentials was added
Type SnmpV2CredentialsTypes was added
Type SnmpV3AuthProtocol was added
Type SnmpV3Credentials was added
Type SnmpV3CredentialsTypes was added
Type SnmpV3PrivProtocol was added
Type SnmpV3SecurityLevel was added

Removed obsolete checkpoint integration:

Copy 
Type CheckpointClient was removed
Type CheckpointClientConnection was removed
Type CheckpointClientEdge was removed
Field deleteCheckpointSharedKey was removed from object type Mutation
Field setCheckpointSharedKey was removed from object type Mutation
Field checkpointClients was removed from object type Query

Removed DNS configuration from user interface:

Copy 
Field DNSConf was removed from object type Config
Type DnsConf was removed
Type DnsConfType was removed

Syslog keepAlive:

Copy 
Argument keepAlive: Boolean added to field Mutation.newSyslogServer
Argument keepAlive: Boolean added to field Mutation.setSyslogServer
Argument keepAlive: Boolean added to field Mutation.testAdHocSyslogServer
Field keepAlive was added to object type SyslogServer

Sensor updates:

Copy 
Enum value SensorUpdatesAvailable was added to enum RemovableFlags
Enum value SoftLimit was added to enum RemovableFlags
Enum value Updating was added to enum SensorStatus
Field updateSensor was added to object type Mutation
Field sensorUpdatesAvailable was added to object type FlagList
Field lastCheckForUpdates was added to object type SensorDetails
Field stockdogUpdateExists was added to object type SensorDetails
Field systemUpdatesExist was added to object type SensorDetails
Field updatableSensor was added to object type SensorDetails
Type UpdatableStatus was added

Plugin improvements:

Copy 
Field assetHits was added to object type Plugin
Type PluginHit was added
Type PluginHitConnection was added
Type PluginHitEdge was added
Field Risk.pluginHits description changed from Number of plugin hits to Number of plugins that have hits on the asset
Field Risk.pluginHits is deprecated
Field Risk.pluginHits has deprecation reason Use pluginCount instead
Field pluginCount was added to object type Risk
Field pluginHits was added to object type Asset

Other changes:

Copy 
Enum value SMARTX was added to enum ProtocolSuperType
Enum value SMARTX was added to enum ProtocolType
Argument UIHosts: [String!] added to field Mutation.changeConfiguration
Type ConcurentWorkersOptions was added
Field UIHosts was added to object type Config
Type EmLicenseDetails was added
Type EmLicenseInfo was added
Type EmSystemInfo was added
Field dnsChange was added to object type FlagList
Field graphQLToggle was added to object type FlagList
Field hardLimit was added to object type FlagList
Field softLimit was added to object type FlagList
Field emActivateLicense was added to object type Mutation
Field emSetSystemTime was added to object type Mutation
Field Mutation.setPassword description changed from Change user password to Change the logged-in (your own) users password (only for local users)'
Field Mutation.setUserPassword description changed from Sets password of a user (by admin only) to Sets password of another user (admin only), to reset the logged-in user, use setPassword''
Field emSystemInfo was added to object type Query
Field assetCategory was added to object type Query
Field Subscription.assetCategory description changed from Get updates on current count of assets for each category to Get updates on current count of assets for each category (empty categories are omitted)

Filenames and MD5 or SHA-256 checksums are posted on the OT Security Download page.