Tenable OT Security 2023 Release Notes

Tenable One Integration

You can now integrate Tenable OT Security (OT Security) with Tenable One. Integration allows OT Security to send assets and risk scores data to Tenable One. To integrate with Tenable One, you must generate a linking key in Tenable Vulnerability Management and provide it in OT Security. For more information, see Integrate with Tenable One.

Product renaming changes

Tenable.ot is now OT Security.

Upgrade to Tenable Nessus Network Monitor 6.2.3

OT Security now supports Tenable Nessus Network Monitor 6.2.3.

After upgrading to 3.17, you may still see the Tenable.ot logo instead of OT Security.

Resolution: Clear your cache and refresh your browser to see the rename changes.

Vendor and Protocol Support

• Includes passive detection support for AS-P (SmartX) controllers by Schneider Electric.

• Improvements to the BACnet client to improve Building Management System (BMS) related device detection. This can result in a significant improvement in the BMS device visibility using BACnet identification queries.

• Includes additional device signatures in the active fingerprinting engine.

• Includes passive SNMP support for parsing common SNMP object IDs and fingerprinting devices.

Redesigned Active Queries Management

OT Security now includes more options to control active queries at a granular level.

• Complete overhaul and redesign for managing active queries in OT Security.

• Includes option to add granular control over the types of queries, groups of assets queried, or restrictions to queries.

• Enables the creation of specific IT or OT queries against specific asset groups, on specific schedules.

• Includes all configurable OT Security queries on a single page. OT Security shows all queries in the Queries Management table in the Active Queries page.

• You can now access the Queries page from the main navigation bar. The Queries page is now no longer part of Local Settings and is available from the main navigation bar and renamed as Active Queries. Only users who are Administrators or Supervisors can manage this page.

SNMP Visibility Overhaul

You can now collect limitless details from networked devices supporting SNMP in a customizable way.

• OT Security now passively detects SNMP details for SNMPv1, SNMPv2, and SNMPv2c.

• Enables the customization of SNMP OIDs that are actively queried for all devices to include new custom OIDs.

• Includes an expandable configuration for custom SNMP queries mapped to names and OID.

Centralized Sensor Updates

• OT Security sensors now receive updates directly from OT Security.

• OT Security now distributes OT Security sensor or Kernel/OS updates by the site (ICP) to all linked sensors.

• You can now initiate updates to sensors using the Sensors tab in the OT Security interface. To initiate an update, right-click a OT Security Sensor and select Upgrade.

Note: This remote update capability requires paired (authenticated) Tenable OT sensors running 3.16 or later.

Credentials Management

OT Security now allows you to configure device credentials for those cases where credentials are required.

• OT Security now includes Credentials page for managing credentials. Only Administrators and Supervisors can edit this page.

• You can now add, remove, and edit IT and OT type credentials.

• OT Security now includes these new credential types:

  • SEL (Schweitzer Engineering Laboratories)

  • ABB

  • Siemens SICAM

  • Siprotec5

  • Concept

  • Bachmann

Documentation Improvements

• OT Security User Guide is now available in an HTML-based format, which makes it easier to share and navigate documentation. See OT Security Documentation.

• You can now download and access the OT Security documentation without a community login account.

  Note: Going forward, all the OT Security documentation will be available on the documentation portal. After September 30, 2023, documentation will no longer be available on tenable.com/downloads.

Ease of Upgrade

• Versions of OT Security from 3.11 and later can upgrade directly to the OT Security 3.16 version.

• From this release onwards, you can directly upgrade all releases from version 3.11 and later to the latest OT Security release.

Updated Vulnerability Plugin Capabilities

• OT Security now displays the plugin output per hit within the product.

• OT Security now shows better, more descriptive solutions for OT plugins.

• OT Security vulnerability checks now cover additional device families.

System Health

• Disk Space — OT Security now sends notifications when the /opt disk partition is running low on space. This can help prevent situations where all available disk space is consumed, causing product stability issues.

• Syslog Heartbeat — When configured to send system logs via syslog, OT Security transmits a heartbeat syslog message to the SIEM for easier monitoring of OT Security uptime.

• API Testing Interface — GraphQL Playground is a graphical interface used for testing API requests. It is disabled by default. This API playground is useful for testing integrations or custom API requests from within the browser. OT Security now includes a Settings toggle to enable or disable the GraphQL Playground. For more information about how to set up and use GraphQL Playground: https://developer.tenable.com/docs/ot-graphiql-playground.

• Easier Access — OT Security now no longer has a limitation where you could only access OT Security interface on one network or address at any time. You can now access OT Security interface (:443) from all configured network interfaces.

Plugins and Nessus

• When a vulnerability plugin is reported for a host, you can now view the plugin's output text for that specific check.

• OT Security now shows more detailed solutions for OT Security plugins.

• Tenable Nessus scan now produces an error when all applicable targets are not scanned.

• OT Security now includes Advanced Scans with all plugins enabled by default, which is the same behavior as the Tenable Nessus interface during scan creation.

• OT Security now includes an IDS policy and rule group in response to the recent Rockwell ControlLogix advisory.

Enterprise Manager Licensing

The Enterprise Manager (EM) now requires in-product license code to activate the console. Contact your Customer Success Manager if you do not already have an activation code for your EM.

Tenable Software Updates

OT Security now includes all latest General Availability versions of Tenable Nessus and Tenable Nessus Network Monitor (NNM).

Multiple Authentication Servers

OT Security now supports multiple authentication servers. This is helpful if you use multiple SSO or LDAP services across the organization.

Changes to DNS Configuration

DNS server configuration is now removed from the OT Security application. You must now configure DNS only in Tenable Core under Networking.

Vulnerabilities

OT Security now identifies the following new vulnerabilities:

There is an issue when filtering for Nessus plugin families during scan creation. Applying a filter for plugin family returns unexpected results.

For more information about the API, see the OT Security API documentation.

Type AllOpType was removed
Field canQueryArp was removed from object type Asset
Field canQueryBackplane was removed from object type Asset
Field canQueryCharacteristics was removed from object type Asset
Field canQueryDns was removed from object type Asset
Field canQueryIdentification was removed from object type Asset
Field canQueryNbStat was removed from object type Asset
Field canQueryNessus was removed from object type Asset
Field canQueryNessusAdvanced was removed from object type Asset
Field canQueryNessusAdvanced2 was removed from object type Asset
Field canQueryOs was removed from object type Asset
Field canQueryRunStatus was removed from object type Asset
Field canQuerySnmp was removed from object type Asset
Field canQueryWmiUsb was removed from object type Asset
Field canSnapshot was removed from object type Asset
Type AssetOpType was removed
Field testOsScan was removed from object type Mutation
Field triggerAbbNcDiscovery was removed from object type Mutation
Field triggerAll was removed from object type Mutation
Field triggerAllBackplaneScan was removed from object type Mutation
Field triggerAllCharacteristics was removed from object type Mutation
Field triggerAllNbStat was removed from object type Mutation
Field triggerAllOsScan was removed from object type Mutation
Field triggerAllRunStatus was removed from object type Mutation
Field triggerAllSnapshot was removed from object type Mutation
Field triggerAllSnmp was removed from object type Mutation
Field triggerAllWmiUsbScan was removed from object type Mutation
Field triggerArp was removed from object type Mutation
Field triggerAssetArps was removed from object type Mutation
Field triggerAssetNames was removed from object type Mutation
Field triggerAssetOsScan was removed from object type Mutation
Field triggerAssetWmiUsbScan was removed from object type Mutation
Field triggerBackplaneScan was removed from object type Mutation
Field triggerBacnetDiscovery was removed from object type Mutation
Field triggerBeckhoffDiscovery was removed from object type Mutation
Field triggerCharacteristics was removed from object type Mutation
Field triggerCipDiscovery was removed from object type Mutation
Field triggerCognexDiscovery was removed from object type Mutation
Field triggerDcpDiscovery was removed from object type Mutation
Field triggerFteDiscovery was removed from object type Mutation
Field triggerICSDiscovery was removed from object type Mutation
Field triggerIdentification was removed from object type Mutation
Field triggerMelsecDiscovery was removed from object type Mutation
Field triggerName was removed from object type Mutation
Field triggerNbStat was removed from object type Mutation
Field triggerOpOnAsset was removed from object type Mutation
Field triggerOpOnNetworkInterface was removed from object type Mutation
Field triggerRunStatus was removed from object type Mutation
Field triggerSnapshot was removed from object type Mutation
Field triggerSnmp was removed from object type Mutation
Type GroupedScanQueries was removed
Type NetworkInterfaceOpType was removed
Enum value ForceActiveQueries was added to enum Capability
Enum value ReadActiveQueries was added to enum Capability
Enum value WriteActiveQueries was added to enum Capability
Enum value IcsDiscovery was added to enum FirewallOpType
Enum value InactiveAssetProbe was added to enum FirewallOpType
Field groupedScanQueries was removed from object type Query
Argument force: Boolean added to field Mutation.nessusUserScanAction
Enum value SNMP_TRAP was added to enum ProtocolType
Type ActiveQueriesBlackoutFlag was added
Type ActiveQueriesGlobalConfigs was added
Type ActiveQueriesOpType was added
Type ActiveQuery was added
Type ActiveQueryBase was added
Type ActiveQueryConnection was added
Type ActiveQueryEdge was added
Field canRunActiveQuery was added to object type Mutation
Field checkForSensorUpdates was added to object type Mutation
Field createActiveQuery was added to object type Mutation
Field createAssetDiscoveryQuery was added to object type Mutation
Field createInactiveProbingQuery was added to object type Mutation
Field createPortScanQuery was added to object type Mutation
Field deleteActiveQuery was added to object type Mutation
Field deleteCredentials was added to object type Mutation
Field disableActiveQuery was added to object type Mutation
Field disableBlackoutPeriod was added to object type Mutation
Field editActiveQuery was added to object type Mutation
Field editAssetDiscoveryQuery was added to object type Mutation
Field editInactiveProbingQuery was added to object type Mutation
Field editPortScanQuery was added to object type Mutation
Field activeQueriesBlackoutPeriod was added to object type FlagList
Type AssetDiscovery was added
Type AssetDiscoveryOptionsParams was added
Field queries was added to object type AssetFunction
Field queries was added to interface AssetGroup
Field queries was added to object type AssetList
Field queries was added to object type AssetTypeFamilyGroup
Type DiscoveryQueryTypes was added
Type InactiveProbing was added
Type InactiveProbingOptionsParams was added
Field queries was added to object type IpList
Field queries was added to object type IpRange
Type ItQueryTypes was added
Type MappingRate was added
Field enableActiveQuery was added to object type Mutation
Field runActiveQuery was added to object type Mutation
Field setActiveQueriesConfigs was added to object type Mutation
Field stopActiveQuery was added to object type Mutation
Type OtQueryTypes was added
Type PauseBetweenProbesOptions was added
Type PortScan was added
Type PortScanOptionsParams was added
Type QueriesCategory was added
Field activeQueries was added to object type Query
Field activeQueriesConfigs was added to object type Query
Field activeQuery was added to object type Query
Field activeQueryOps was added to object type Query
Field getDiscoveryEstimation was added to object type Query
Type QueryExecutionAvailability was added
Type QueryExecutionAvailabilityConnection was added
Type QueryExecutionAvailabilityEdge was added
Type QueryStatus was added
Type QueryTrigger was added
Field queries was added to object type SegmentGroup

Changes to the Credential Management page:

Field setSshUserInfo was removed from object type Mutation
Field setWmiUserInfo was removed from object type Mutation
Field getSshUserName was removed from object type Query
Field getWmiUserName was removed from object type Query
Type SSHUserInfo was removed
Type WMIUserInfo was removed
Enum value Credentials was added to enum Capability
Type BasicCredentials was added
Type BasicCredentialsTypes was added
Type CredentialSchemaType was added
Type Credentials was added
Type CredentialsCategory was added
Type CredentialsConnection was added
Type CredentialsEdge was added
Type CredentialsLimitExceeded was added
Type CredentialsLimitExceededConnection was added
Type CredentialsLimitExceededEdge was added
Type CredentialsType was added
Field addBasicCredentials was added to object type Mutation
Field addPasswordOnlyCredentials was added to object type Mutation
Field addSnmpV2Credentials was added to object type Mutation
Field addSnmpV3Credentials was added to object type Mutation
Field setBasicCredentials was added to object type Mutation
Field setPasswordOnlyCredentials was added to object type Mutation
Field setSnmpV2Credentials was added to object type Mutation
Field setSnmpV3Credentials was added to object type Mutation
Field testAdHocBasicCredentials was added to object type Mutation
Field testAdHocPasswordOnlyCredentials was added to object type Mutation
Field testAdHocSnmpV2Credentials was added to object type Mutation
Field testAdHocSnmpV3Credentials was added to object type Mutation
Field testCredentials was added to object type Mutation
Type PasswordOnlyCredentials was added
Type PasswordOnlyCredentialsTypes was added
Field credentialsLimitExceeded was added to object type Query
Field credentialsList was added to object type Query
Field credentialsSpecific was added to object type Query
Type SnmpV2Credentials was added
Type SnmpV2CredentialsTypes was added
Type SnmpV3AuthProtocol was added
Type SnmpV3Credentials was added
Type SnmpV3CredentialsTypes was added
Type SnmpV3PrivProtocol was added
Type SnmpV3SecurityLevel was added

Removed obsolete checkpoint integration:

Type CheckpointClient was removed
Type CheckpointClientConnection was removed
Type CheckpointClientEdge was removed
Field deleteCheckpointSharedKey was removed from object type Mutation
Field setCheckpointSharedKey was removed from object type Mutation
Field checkpointClients was removed from object type Query

Removed DNS configuration from user interface:

Field DNSConf was removed from object type Config
Type DnsConf was removed
Type DnsConfType was removed

Syslog keepAlive:

Argument keepAlive: Boolean added to field Mutation.newSyslogServer
Argument keepAlive: Boolean added to field Mutation.setSyslogServer
Argument keepAlive: Boolean added to field Mutation.testAdHocSyslogServer
Field keepAlive was added to object type SyslogServer

Sensor updates:

Enum value SensorUpdatesAvailable was added to enum RemovableFlags
Enum value SoftLimit was added to enum RemovableFlags
Enum value Updating was added to enum SensorStatus
Field updateSensor was added to object type Mutation
Field sensorUpdatesAvailable was added to object type FlagList
Field lastCheckForUpdates was added to object type SensorDetails
Field stockdogUpdateExists was added to object type SensorDetails
Field systemUpdatesExist was added to object type SensorDetails
Field updatableSensor was added to object type SensorDetails
Type UpdatableStatus was added

Plugin improvements:

Field assetHits was added to object type Plugin
Type PluginHit was added
Type PluginHitConnection was added
Type PluginHitEdge was added
Field Risk.pluginHits description changed from Number of plugin hits to Number of plugins that have hits on the asset
Field Risk.pluginHits is deprecated
Field Risk.pluginHits has deprecation reason Use pluginCount instead
Field pluginCount was added to object type Risk
Field pluginHits was added to object type Asset

Other changes:

Enum value SMARTX was added to enum ProtocolSuperType
Enum value SMARTX was added to enum ProtocolType
Argument UIHosts: [String!] added to field Mutation.changeConfiguration
Type ConcurentWorkersOptions was added
Field UIHosts was added to object type Config
Type EmLicenseDetails was added
Type EmLicenseInfo was added
Type EmSystemInfo was added
Field dnsChange was added to object type FlagList
Field graphQLToggle was added to object type FlagList
Field hardLimit was added to object type FlagList
Field softLimit was added to object type FlagList
Field emActivateLicense was added to object type Mutation
Field emSetSystemTime was added to object type Mutation
Field Mutation.setPassword description changed from Change user password to Change the logged-in (your own) users password (only for local users)'
Field Mutation.setUserPassword description changed from Sets password of a user (by admin only) to Sets password of another user (admin only), to reset the logged-in user, use setPassword''
Field emSystemInfo was added to object type Query
Field assetCategory was added to object type Query
Field Subscription.assetCategory description changed from Get updates on current count of assets for each category to Get updates on current count of assets for each category (empty categories are omitted)

Filenames and MD5 or SHA-256 checksums are posted on the OT Security Download page.

OT Security 3.15.42 SP includes the following bug fixes:

New Vendor Support

• Basic passive and active support for Phoenix Contact - OT Security now passively and actively identifies the device model, family, type, and firmware version of Phoenix Contact (PCWorx and ProConOS protocols). This support also facilitates the detection of their vulnerabilities.

• Basic passive and active support for Profinet CM (Context Manager) - OT Security now passively and actively identifies the device firmware version, hardware version, order number, and type.

• Snapshot for Rockwell ControlLogix L8X and CompactLogix 538X families - OT Security can now take a snapshot for Rockwell controllers that are part of the L8X and 538X families.

• Ability to merge Siemens S7-300 and S7-400 with FW 2.6.7 and older - This feature is disabled by default and can be enabled only from the API.

• Enhancements for S7+ querying mechanism.

New Vulnerabilities (Plugins)

OT Security now identifies the new following vulnerabilities:

User-defined Nessus Scans

Nessus scans are now available through a dedicated page, allowing the user management, visibility, and flexibility in their scans:

• Management - You can now create, edit, delete, save, and run custom Nessus scans.

• Visibility - All plugins are visible and available for your selection.

• Flexibility - You can now choose to scan multiple network assets (endpoint type is excluded) through an IP range.

IDS Engine Ruleset Updates

New IDS ruleset feed is available in OT Security. You can now obtain the newest set of IDS rules and install them at any time in two ways:

• Cloud update — For systems that are connected to the internet, IDS rules are periodically and automatically downloaded. You can also initiate this update on demand.

• Offline update — You can also upload a file containing the IDS rules to the system via the user interface. You can obtain the URL for this file from OT Security.

Dark Mode

Dark mode is now available in OT Security. It allows you to switch the color scheme of OT Security to a darker theme to provide a more comfortable viewing experience in low-light environments and potentially save battery life on your devices.

To activate dark mode, simply toggle the dark mode option on the top bar.

Export Dashboards

You can now export the dashboards on demand to a PDF file. If you export the dashboard when the dark mode is enabled, OT Security also generates the exported files in the dark mode format.

New Authentication Servers Page

You can now configure and manage your authentication servers' settings on the new Authentication Servers page (under the Local Settings - Users and Roles section).

On this page, you can now define, save, and enable multiple servers based on the authentication methods you use in your organization: Active Directory and LDAP.

Once configured, you can select the authentication server to which you want to connect in the login page's new drop-down menu.

Open Ports Mechanism Enhancements

The Open Ports table in the single asset page now shows all ports that were identified to be open. These include the current active port scans and passive conversations, active queries, Tenable Nessus, and Tenable Nessus Network Monitor.

You can control the desired aged-out period for considering a port to be open (under the Device page in the Local Settings - System Configuration section).

Usage Statistics

OT Security now gathers UI data for the purpose of learning, improving, and better understanding users needs.

When enabled (by default), Tenable collects telemetry information that cannot be attributed to a specific individual; it is only collected at the company level.

This information does not include Personal Data or personally identifiable information (PII). This can be turned on/off on the Device page under Local Settings - System Configuration.

Sensor - BPF from the Cockpit UI

Sensor BPF is now visible and available from the Cockpit UI.

Sensor - New Dedicated Port for the Authenticated Sensor

The sensor now uses a dedicated port (28304) for the authenticated sensor instead of the SSH port (22) that was used in V3.14.

The unauthenticated sensors remain in port 28303.

ICP V3.15 is now listening to both 22 and 28304 ports.

New Asset Types

OT Security now identifies the following new device types:

HTTP/HTTPS Banner Grabbing Enhancements

As of version 3.15, OT Security added several enhancements for HTTP/HTTPS banner grabbing such as querying more port numbers from which to collect banners, parsing HTTPS certificates, and more.

Compressed Backup File

You can now download a compressed system backup file from the Local Settings - System Actions page.

Custom Range Filter for IP Addresses

You can now filter the Inventory table for a specific range of assets based on a specific range of IP addresses.

EM - System Log

You can now view the Enterprise Manager (EM) System Log under the Local Settings menu.

EM - Factory Reset

On the Enterprise Manager (EM) you (the administrator) can now perform a factory reset on the machine and return it to its initial and default configuration.

For more information about the API, see the OT Security API documentation.

API breaking changes (removal of ServiceNow):

Enum value ServiceNow was removed from enum ActionType
Member ServiceNowServer was removed from Union type ActionUnion
Field serviceNowServers was removed from object type Integration
Field archiveServiceNowServer was removed from object type Mutation
Argument servicenowActions: [ID!] was removed from field Mutation.editPolicies
Field newServiceNowServer was removed from object type Mutation
Field setServiceNowServer was removed from object type Mutation
Field testAdHocServiceNowServer was removed from object type Mutation
Field testServiceNowServer was removed from object type Mutation
Field serviceNowServer was removed from object type Query
Field serviceNowServers was removed from object type Query
Type ServiceNowServer was removed
Type ServiceNowServerConnection was removed
Type ServiceNowServerEdge was removed

API additions:

Enum value extendedRunStatus was added to enum AssetField
Enum values BackplaneModule, Bms, Robot, TenableEm, TenableIcp, TenableSensor were added to enum AssetType
Enum values InvalidFile, Unchanged were added to enum CannotUpdatePluginSetReason Enum values NessusUserScan, ReadUpdates, WriteUpdates were added to enum Capability Enum value extendedRunStatus was added to enum LinkField
Enum value PHOENIX_CONTACT, PROFINET_CM were added to enum ProtocolSuperType
Enum value PC_WORX, PROCONOS, PROFINET_CM were added to enum ProtocolType
Enum values BackplaneModule, Bms, Robot, TenableEm, TenableIcp, TenableSensor were added to enum UserDefinedAssetType
Input fields bindDn, bindPw, domainAppend, groupBaseDn, host, port, userBaseDn were added to input object type ProviderOptionsParams
Field APIKey.groups has description this property is always empty
Field APIKey.groups is deprecated
Field APIKey.groups has deprecation reason deprecated since 3.10 (RBAC), groups are determined by the attached User
Field AdProviderOptions.rootCa changed type from String to String!
Field extendedRunStatus was added to object type Asset
Field compressionInProgress was added to object type BackupDetails
Fields lastModifiedBy, lastModifiedDate were added to objects ActivityPolicy, AssetGroup, AssetFunction, AssetList, AssetPolicy, AssetTypeFamilyGroup, EmailGroup, IDSGeneralPolicy, IDSSrcDstPolicy, IntrusionPolicy, IpList, IpRange, NetworkPolicy, Policy, PortGroup, PortPolicy, ProtocolGroup, RecurringGroup, RuleGroup, ScheduleFunction, ScheduleGroup, SegmentGroup, TagGroup, TagValuePolicy, TimeInterval
Type CanUpdateSuricataRuleSet was added
Enum value CannotUpdatePluginSetReason.PluginSetUnchanged was deprecated with reason this value will change in the future to Unchanged, so always check for both
Type CannotUpdateSuricataRulesReason was added
Field backupCompression was added to object type FlagList
Type LdapProviderOptions was added
Type LdapProviderOptionsConnection was added
Type LdapProviderOptionsEdge was added
Field extendedRunStatus was added to object type LeanAsset
Field deleteNessusUserScan was added to object type Mutation
Field editNessusUserScan was added to object type Mutation
Field nessusUserScanAction was added to object type Mutation
Field newNessusUserScan was added to object type Mutation
Field updateSuricataRuleSet was added to object type Mutation
Type NessusUserScan was added
Type NessusUserScanConnection was added
Type NessusUserScanEdge was added
Field source was added to object type OpenPorts
Type OpenPortsSource was added
Field Plugin.id has description Plugin ID
Field Plugin.name has description Name
Field PluginDetails.cpe is deprecated
Field PluginDetails.cpe has deprecation reason please use cpes, this should be plural
Field cpes was added to object type PluginDetails
Field cves was added to object type PluginDetails
Type PluginFamily was added
Type PluginFamilyArgs was added
Type PluginFamilyConnection was added
Type PluginFamilyCount was added
Type PluginFamilyCountConnection was added
Type PluginFamilyCountEdge was added
Type PluginFamilyEdge was added
Type PluginsBasic was added
Type PluginsBasicConnection was added
Type PluginsBasicEdge was added
Type PluginsIndividualArgs was added
Type PluginsOfFamily was added
Field canOfflineUpdateSuricataRuleSet was added to object type Query
Field canOnlineUpdateSuricataRuleSet was added to object type Query
Field ldapAuthProviders was added to object type Query
Field nessusUserScan was added to object type Query
Field nessusUserScans was added to object type Query
Field pluginFamilies was added to object type Query
Field pluginsOfFamily was added to object type Query
Field suricataRuleSetDownloadUrl was added to object type Query
Field suricataRuleSetInfo was added to object type Query
Type ScanAction was added
Type SelectionStatus was added
Object type Subscription has description WARNING: Experimental feature! This can change without a warning
Type SuricataRuleSetDownloadUrl was added
Type SuricataRuleSetInfo was added
Object type Time has description The `Time` scalar type represents date and time values as specified by [RFC3339](https://www.rfc-editor.org/rfc/rfc3339.html).
Type UpdateResult was added
Type UserScanStatus was added

Filenames and MD5 or SHA-256 checksums are posted at OT Security Download page.