Tenable OT Security 2024 Release Notes
(Early Access) Tenable OT Security 3.19 (2024-07-08)
Note: This version of Tenable OT Security is an Early Access release. To opt in to Early Access, contact your Tenable representative.
New Features
Vendor and Protocol Support
-
MOXA Discovery Protocol — OT Security now actively detects and fingerprints MOXA devices. Query the device directly to identify it. Active queries to MOXA devices require MOXA credentials.
-
Siemens SICAM 8050 RTU — OT Security now supports Siemens SICAM 8050. You can use active queries to fingerprint backplane modules, which require an SNMP v3 credential.
-
Fox-TLS Protocol
-
OT Security now actively detects and fingerprints devices that use the FOX-TLS protocol.
-
Active queries to these devices require FOX-TLS credentials.
-
Tested on Phoenix Contact ILC 2050 BI device.
-
IoT Connectors Engine
-
OT Security now includes an IoT Connectors engine that allows you to integrate your IoT (Internet of Things) or VMS (Video Management System) servers.
-
You can integrate your IoT/VMS servers using any one of the following connection methods:
-
Using a remote application API service
-
Using an agent
-
-
After integration, OT Security imports all the devices that the application server manages, such as cameras, badge access systems, fire panels, and so on.
For more information, see IoT Connectors.
Asset Relationships
-
OT Security now provides a visual representation of asset relationships.
-
You can use the Related Assets tab on the single asset page to track all known relationships of the asset.
-
OT Security determines the relationship between assets automatically based on queries and passive monitoring. This prevents you from modifying these relationships manually.
-
Related Assets is based on actual communication pathways to devices, which distinguishes it from Network Map that relies on Layer 3 (Internet Protocol or IP) connectivity.
Asset Relationships - Nested OT Devices
-
Nested devices are Programmable Logic Controller (PLC)s or other Industrial Control System (ICS) modules connected behind a PLC backplane or device. This is similar to a variable-frequency drive (VFD) connected directly to a communications adapter.
-
In this version, OT Security detects nested devices only for Rockwell devices and Rockwell connection types such as CIP, DirectNet, ControlNet, DH+.
-
OT Security observes nested relationships between OT devices passively or through the Backplane Scan active query.
-
On the asset details page, Related Assets > Backplane view lists all related assets, and a
icon indicates any nested devices beneath a module.
Asset Relationships - IoT Connectors
-
OT Security maps all managed IoT devices to their respective application server.
-
To view all managed IoT devices by a specific application server, you must configure the IoT engine and synchronize assets from the application server. In the example of an IP camera, you can see the VMS server that manages it. Navigating to this VMS server on the Inventory > IoT Connectors > Related Assets page lets you view all cameras that this VMS server manages.
Dynamic Fingerprinting Engine (DFE) Updates
You can now make Dynamic Fingerprinting Engine (DFE) updates from the cloud. Some key benefits of this feature are:
-
On-Demand Updates: Instantly download and apply the latest classification changes directly from the cloud, ensuring your inventory is always up to date.
-
Enhanced Flexibility: Access additional fingerprints without waiting for local updates or new version releases, providing immediate and continuous improvement.
-
Seamless Integration: Incorporate new fingerprints as they become available, receiving critical updates between major version releases for enhanced responsiveness.
For more information, see DFE Updates.
Exportable Executive Summary Report PDF
-
OT Security now provides an option to generate and export an executive summary report in PDF.
-
To view and download the Executive Summary report, go to Dashboards > Monthly Report.
-
This feature is an enhancement to an earlier version of the OT Security reporting feature.
For more information, see Generate Monthly Report.
Asset Diagnostic Export report
-
You can now export a detailed diagnostic report of an asset for support purposes. You can also bulk export a diagnostics report for multiple assets. For more information, see Export Diagnostics.
Improvements
Tenable Security Center Integration Enhancements
-
Starting with Tenable Security Center 6.4, integrating with OT Security brings additional context in Tenable Security Center.
-
After integration, OT Security asset details synchronize with Tenable Security Center. These asset details include: Name, Type, Category, Running State, Firmware Version, Vendor, Model, Family, Backplane Information, MAC, Purdue Level, Location, and Description.
-
There are no special configurations or settings for this feature apart from running the latest version of OT Security and Tenable Security Center.
Active Queries Management Redesign
-
Active Queries are now available as informative cards that you can customize as needed.
-
You can create Query variations for each type of Active Query and customize them as in the earlier versions.
-
A status column indicates whether active queries are running, stopped, or paused.
For more information, see Active Queries Management.
Active Queries Management — Executions History
-
You can now download a CSV export of the last query execution details. If the active query targeted multiple assets or protocols, this information also appears in the exported results. During the initial setup, this helps troubleshoot queries against various assets. For more information, see Download Last Query Log.
Active Queries Management — 'Try Anyway' Button
-
You can now override the limit to the number of active query attempts during troubleshooting. OT Security now provides a Try Anyway option to proceed with active queries on devices or network when you make any firewall or network changes to those queries.
Active Queries Management — Ping Query Added
-
OT Security now includes a separate Ping query that relies on Internet Control Message Protocol (ICMP) to test whether an asset is routable or reachable. This query is essentially the same Ping query used during an Asset Discovery or Active Asset Tracking query.
Pendo Tool Integration
-
Resource Center: Access to various helpful resources directly within the application:
Note: Access to the Resource Center requires an Internet connection.-
Knowledge Base Search: Search the product Knowledge Base (KB) within the application for quick answers and information.
-
Feature Updates: Receive in-app notifications about the latest feature updates and new releases.
-
Welcome Flow for New Users: A high-level sneak peek showcases the main values and key product features to give you a quick tour.
-
Tenable One - Open Ports Findings
-
Along with assets and vulnerabilities, OT Security can now also synchronize open ports on monitored assets when integrated with Tenable One.
-
You can use open port information for assets for dynamic tagging and to reveal more potential attack paths that may lead to compromise.
Vulnerability State Tracking
-
OT Security now retains and displays mitigated (fixed) vulnerabilities.
-
You can now see Active versus Fixed vulnerabilities when viewing an asset or the overall vulnerabilities on the Vulnerabilities page.
-
Fixed vulnerabilities age out after one year.
Generic Protocol Parser
-
OT Security now uses a generic protocol parser that allows you to add protocol detection capabilities quickly. This parser is an internal tool used in Tenable research.
-
The generic parser relies on LUA scripts, and is powered by the embedded Suricata IDS engine.
Access Account Details from the "About" View
After activatingOT Security, you can view your Tenable customer ID in the About view.
To access this information, click your username in the upper-right corner of the interface and select About from the drop-down menu. This view displays your account details, including your customer ID. Note that this customer ID is required when contacting Technical Support or Customer Success teams.
New Content
| Vendor | Family/Model | Plugin ID |
|---|---|---|
| Siemens | Simatic, Scalance | 501998-502003, 502157-502171, 502191-502208, 502216-502223, 502258, |
| MikroTik | RouterOS | 502004-502081 |
| Cisco | 9900, 7800, 8800, 3905, 6800 | 502082-502156 |
| Westermo | WeOS, Lynx, MRD | 502172-502189 |
| Schneider | Modicon M340 | 502190 |
| Mitsubishi | MELSEC | 502210-502215 |
| Rockwell | ControlLogix | 502209 |
| Hitachi | AFS Series | 502224-502225, 502266 |
| Meinberg | LANTIME | 502226-502234 |
| Honeywell | Experion | 502236-502243 |
| Zebra | ZTC, FX9500 | 502251-502254 |
| IRZ | RUH2 | 502255-502257 |
| Hirschmann | HiOS | 502259-502265, 502267-502272 |
| Sensormatic Electronics | Illustra Pro Gen 4 | 502273 |
| Arecont Vision | AV1355DN | 502274 |
New Tenable OT Security Dynamic Fingerprinting Engine Coverage
| Vendor | Product |
|---|---|
| Hanwha Vision | Cameras/Video Recorders |
| Axis | Video Encoders |
| Arecont Vision | Cameras |
| Illustra | Cameras |
| Phoenix Contact | ILC 2000 Controllers (2050 BI(-L) ) |
| Hirschmann | Switches |
| Honeywell | ControlEdge HC900 |
| IRZ | IRZ Industrial Routers |
| Schneider | PowerLogic PM 3000/5000/8000 Series |
| Zebra | FX9600 RFID Reader ATR7000 RFID Reader FX7400/FX7500 RFID Readers |
| Zebra | FX9500 RFID Reader |
| Rockwell | Stratix |
| HW group | POSEIDON2 Remote Monitoring Devices |
| Meinberg | LANTIME NTP Servers |
| HW group | STE2 Remote Environmental Monitoring Devices |
| HMS Industrial Networks | Anybus X-gateway |
| Westermo |
Cellular Routers Ethernet Converters Falcon Routers Lynx Switches RedFox Switches Wolverine Ethernet Extenders xDSL Routers |
| Vertiv | Watchdog sensors |
| Schneider | PowerLogic PM 3000/5000/8000 Series |
| MikroTik | RouterBOARD Network Devices (RouterOS) |
| Moxa | ioLogik |
| Siemens | SIMATIC NET CP 1600 Series |
Known Issues
-
If you have SNMP Ports query enabled in earlier versions, you must re-enable it under Active Queries Management settings.
-
Conflicts in permission levels set by Role-Based Access Control (RBAC) settings lead to users inheriting the most permissive group's permissions.
Bug Fixes
| Bug Fix | Description |
|---|---|
| SICAM Client connections are properly terminated after a query is performed. | 01759186 |
Tenable OT Security 3.18.58 SP (2024-06-04)
Bug Fixes
| Bug Fix | Defect ID |
|---|---|
| Fixed an issue where SEL devices were not getting the proper model number information when the device hostname is configured to be blank. | 01754608 |
| Fixed an issue where the detection of the minor firmware version was missing from SEL devices. | 01780269 |
| Fixed an issue where upgrading from 3.17 to 3.18 could result in losing asset groups if any were invalid or empty. | 01805247 |
| Fixed an issue where Schneider Electric device firmware versions were being incorrectly parsed for specific versions. | 01829778 |
| Fixed an issue where Tenable OT Security 3.18 was not using a proxy to integrate with Tenable Security Center when configured to do so. | 01810329 |
| Fixed an issue where HTML characters were not escaped correctly in the plugin output being sent to Tenable Security Center or Tenable Vulnerability Management. | n/a |
| Fixed an issue where icons were missing from the Code Revisions tab in 3.18.51. | n/a |
| Fixed an issue where policies using the "any asset" group for source or destination were experiencing false positives in 3.18. | n/a |
| Fixed an issue where asset groups used for zones based on a list of IP subnets were showing as having no assets in them. | n/a |
Known Bugs
-
An issue may occur during the upgrade process that requires you to resize the /tmp partition. Resize your /tmp partition if you encounter a failed upgrade due to lack of available space.
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are posted at the OT Security Download page.
Tenable OT Security 3.18.51 (2024-03-15)
Considerations Before Upgrade
EM-ICP Pairing Migration
-
After you upgrade to version 3.18, re-pair all previously linked sites or ICPs.
-
A newly upgraded Tenable OT Security Enterprise Manager (OT Security EM) 3.18 has no linked sites, so you need to pair your ICPs.
-
Make sure to note down the paired sites (ICPs) list before you upgrade OT Security EM.
-
If you were unable to snapshot or document the previously linked sites, a script is available to fetch these details. For assistance, contact Tenable Support.
Enterprise Manager (EM) — Licensing
-
The OT Security EM now features in-product licensing to activate the console.
-
All OT Security EM customers should have a 20-digit activation code specifically for EM.
-
Contact your Customer Success Manager if you do not have your EM activation code.
License Enforcement During ICP Upgrade
-
When upgrading Tenable OT Security (ICP), the license must be valid to begin the update.
-
If the license has exceeded or aged out, automatic updates are blocked or you are required to reapply the license.
New Features
Vendor and Protocol Support
-
Honeywell C300 — OT Security includes the following new policies that detect code upload and download events.
-
Honeywell Code Download
-
Honeywell Code Upload
-
-
Siemens SICAM 8050 RTU — OT Security now supports Siemens SICAM 8050 RTU over SNMP v3. You can send queries directly to these devices to detect and fingerprint them. The active queries used to fingerprint these RTUs rely on SNMP v3, which requires an SNMPv3 credential.
Role-Based Access Control (ICP)
OT Security now includes the following changes to Local Settings > Users Management:
-
Product administrators can now configure permissions for user groups using Zones.
-
Configurable Zones based on asset groups.
-
These zones determine the assets that a user or group can view.
-
A user can only view assets that belong to the user's group along with assets, vulnerabilities, and events.
-
OT Security monitors the assets outside the zone but hides them from those outside the relevant zone.
-
You can configure non-admin accounts to be part of a specific group and zone to limit their visibility to relevant assets.
Enterprise Manager - Role-Based Access Control
OT Security EM now includes these changes in Local Settings > Users Management:
-
Includes settings that control visibility and administrative rights for each linked site.
-
You can now control which user groups can access each OT Security ICP.
-
You can now configure the permissions for users in both OT Security EM and ICP level. Each EM user can now access the linked ICPs and set the access for read-only or write access.
Enterprise Manager - Support for Authentication Providers (LDAP, AD, and SAML)
-
In OT Security EM, you can now leverage SSO providers (SAML) for authentication.
-
OT Security EM now supports configuration of AD and LDAP authentication.
Enterprise Manager - ICP-EM Pairing Process via the OT Security Interface
-
You can now use the Enterprise Manager page in OT Security to pair your ICP with OT Security EM. You can pair using an API key or username and password.
-
The Enterprise Manager page provides a step-by-step guide to pair your ICP with EM.
-
In OT Security, you can access the page from Local Settings > System Configuration > Enterprise Manager. For more information, see Pair ICP with Enterprise Manager.
Customizable Classification Banner
-
OT Security now includes a Classification Banner option in the Local Settings > Device page. You can use this option to enable a persistent banner on the OT Security interface for compliance purposes. For example: Add a banner "Confidential" to the interface.
-
In alignment with DFARS 252.204-7012, you can now set this banner accordingly for your CUI (Controlled Unclassified Information) or sensitive data.
-
Users cannot clear or hide this banner or classification marking. This global setting affects all OT Security users.
Tenable One — Findings and Weaknesses
-
If you integrated OT Security with Tenable One, you can now view and prioritize your OT Security vulnerabilities from within Tenable One without further configuration.
-
Once you upgrade to the latest release, you can access both asset context and vulnerability details within Tenable One.
Rediscovered Asset Policy
-
OT Security now includes a new policy: Rediscovered Asset.
-
The Rediscovered Asset policy allows you to track assets that are offline for a specific period of time.
-
The default policy name is "Asset Rediscovered after two hours of inactivity".
-
You can create this policy from Policies > Network Events > Rediscovered Asset.
Custom Threat Detection (IDS) Signatures
-
You can now manually upload all IDS-specific Indicators of Compromise (IoCs) to OT Security.
-
You can now import Suricata formatted IDS rules into OT Security by using the command line.
Syslog Event Alerts Cache ("Store and Forward")
-
In the event of a disrupted connection using TCP Syslog, OT Security caches events and sends them once the connection is re-established.
-
The Allow syslog message caching option is available when creating a new Syslog Server in Local Settings > Syslog Servers.
-
OT Security sends the cached events instantly in their queuing order while the connection was down.
Improvements
Enterprise Manager — Site Sensors Visibility
-
OT Security EM now includes the following two widgets specific to sensors:
-
Sensors Status: Indicates how many sensors are online versus offline.
-
Sensors per Site: Indicates the number of online or offline sensors per site linked to OT Security EM.
-
Enterprise Manager — Licensing
-
OT Security EM now includes in-product licensing to activate the console. Contact your Customer Success Manager if you do not have an activation code for your EM.
Enterprise Manager — Appliance Details
-
OT Security EM includes the following additional metrics about all paired OT Security appliances (ICPs):
-
CPU utilization, memory, disk, plugin and IDS timestamps, and license properties and consumption.
-
The Sensors column of the ICPs page shows the total number of sensors versus the number of online sensors. The column also includes a link to the Sensors page for that site.
-
New Configuration Flow for Authentication Servers
-
OT Security EM now includes a simplified workflow for the AD/SSO/LDAP configuration.
-
You can now assign user groups in OT Security to specific authentication servers.
-
The improved Authentication Servers workflow affects both OT Security and OT Security EM.
Support for KEV Plugin Property
Any vulnerabilities that OT Security detects that are on the Known Exploited Vulnerabilities (KEV) catalog from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) now show their due date. The KEV catalog helps security teams prioritize which risks to fix first so that they mitigate the greatest threats to their organizations. For more information, see Known Exploited Vulnerabilities.
Tenable Software Updates
OT Security has now updated to the latest versions of Tenable Nessus and Tenable Nessus Network Monitor.
Multiple Authentication Servers
OT Security now supports multiple authentication servers to facilitate the use of multiple SSO or LDAP services across the organization.
Active Query — Multi-port Configuration
OT Security can now initiate active queries directed at multiple ports for a single protocol. If your organization uses a variety of network ports for the same protocol, this allows you to inform OT Security to check all possible ports for details about the device or services.
License Upgrade Requirement
When updating OT Security, make sure the license has not aged out or exceeded. If this is the case, re-license the system after completing the software update.
WMI Installed Software Improvement — Windows LTSC Support
A WMI query on a Windows Long-Term Servicing Channel (LTSC) device now accurately requests and lists all installed software.
Backup and Restore - Powered by Tenable Core
The backup and restore capabilities has moved from OT Security and are enabled within Tenable Core to allow you to manage backups and to restore the backup from OT Security. You can now configure system backup within Tenable Core under Backup/Restore. For more information, see Restore a Backup in the Tenable Core user guide.
Changes to DNS Configuration
DNS server configuration has moved from OT Security to the Networking page in Tenable Core.
New Content
Vulnerabilities
OT Security now identifies the new following vulnerabilities:
| Vendor | Family/Model | Plugin ID |
|---|---|---|
| Honeywell | Experion | 501610-501613 |
| Schneider | BMX, NOE, NOC, tsxp, ion | 501194-501220, 501834-501835 |
| Mitsubishi | Melsec, fx3u, fx5 | 501187-501190, 501221-501224, 501598, 501762, 501838, 501843, 501931-501932, 501955 |
| Wago | 750 | 501227, 501599-501600, 501641-501655, 501994, 501995 |
| Siemens | q200, Scalance, Ruggedcom, Logo!, Insydeh2o | 501424-501425, 501588-501597, 501616-501640, 501660-501682, 501684-501739, 501840-501842, 501847-501855, 501864-501871, 501874-501887 |
| ABB | 800XA, Rex640, RTU500 | 501186, 501193, 501614-501615, 501742-501746, 501839, 501845-501846 |
| Rockwell | 1756, Power Monitor | 501226, 501228, 501604, 501683, 501759, 501767-501830, 501956 |
| Janitza | umg | 501957-501963 |
| Ricoh | aficio, sp, mp | 501965-501993 |
| PhoenixContact | AXC | 501872-501873 |
| SEL | RTAC | 501168-501185 |
| Omron | CP1E, cj2m | 501225, 501603, 501948 |
| Eaton | 9000X, Power expert | 501191-501192, 501754 |
| Cisco | Nexus | 501229-501423, 501656-501659, 501844, 501862-501863, 501947 |
| Moxa | edr, eds, mb3, nport, mgate, pt, AWK, iologik | 501426-501586, 501605-501609 |
| Hitachi | RTU500 | 501741, 501889-501890 |
| Sprecher Automation | Sprecon | 501747-501750 |
| Festo | bus, cecx, cecc | 501755, 501856-501861 |
| Trane | Tracer | 501756-501757 |
| Johnson Controls Metasys | NAE55 | 501833 |
| Dell | emc, idrac | 501891-501930 |
| Axis | 501933-501946, 501964 | |
| Bosch | autodome, mic | 501949-501950, 501996-501997 |
| Mobotix | s14 | 501951-501954 |
New Tenable OT Security Device Signature Coverage
| Vendor | Product |
|---|---|
| Argus Control Systems | CXC RMU |
| Axis | Network Cameras |
| Bosch | Conettix B426 |
| Bosch | AUTODOME/MIC Cameras |
| CISCO | NX-OS |
| Comtrol | DeviceMaster |
| Daktronics | VFC controllers |
| Dell | iDRAC 6/7/8/9 |
| Digi | Cellular routers (Connect ME) |
| Eaton | Eaton |
| Envitech | RTMS Sx-300 |
| Festo |
CECC CECX |
| GTT (Global Traffic Technologies) | Opticom Phase Selector |
| Janitza | UMG power quality analyzers |
| Mitsubishi | MELSEC WS/QS/F |
| Mobotix | M16 Cameras |
| OMRON | G9SP/DST1 |
| Proxim Wireless | Tsunami QuickBridge 8200 Series |
| Raritan | PX (Power Distribution Unit) |
| Ricoh | Printers |
| Rockwell | Stratix |
| Rockwell |
PowerMonitor 1000 PowerMonitor 5000 |
| Schneider | MiCOM C264 |
| Schneider | Modicon |
| Schneider | Modicon |
| Siemens |
SCALANCE M-Series SCALANCE S-Series SCALANCE W-Series SCALANCE X-Series |
| Siemens | SICAM A8000 CP-805x |
| Siemens | RuggedCom APE1808 |
| Siemens | LOGO! |
| Siemens | Sicam A8000 |
| Siemens | RuggedCom |
| Siemens |
Sicam Q100 Sicam Q200 |
| Siemens | TDC |
| Sprecher Automation | Sprecher Automation RTU |
| Teleste | MPC Video Encoders |
| Trane | Tracer Building Automation System |
| Trane | Symbio |
| VBrick | Video Encoders (4000/5000/6000 series + BPS 7000) |
| Ver-Mac | VMS (Variable Message Signs) |
| Vertiv | Watchdog sensors |
Known Issues
Conflicts in permission levels set by Role-Based Access Control (RBAC) settings lead to users inheriting the most permissive group's permissions.
Bug Fixes
| Bug Fix | Defect ID |
|---|---|
| SICAM Client connections now properly terminate after a query is performed. | 01759186 |
| Reduction in UMAS and Modicon identification attempts against Modbus-enabled hosts. | 01708470 |
| Plugin information sent to Tenable Security Center or Tenable Vulnerability Management through the integration now supports mitigation tracking for Tenable Nessus Network Monitor and Tenable Nessus results. | 01649550 |
|
Plugin information for Tenable Nessus Network Monitor that has aged out are now purged at startup and every 24-hours while running. |
01678186 |
| Bristol controllers communicating over Phoenix Contact protocol are no longer misclassified as Phoenix Contact. | 01712135 |
|
OT Security now correctly displays the Install Date timestamps for the Microsoft Windows software when imported to Tenable Security Center. |
01741760 |
| Enabling or disabling the Packet Capture feature now results in an event in the system log. | NA |
API Changelog
For more information about the API, see the OT Security API documentation page.
Type AttachedMachine was removed
Type AttachedMachineConnection was removed
Type AttachedMachineEdge was removed
Type BackupDetails was removed
Enum value Backup was removed from enum Capability
Type FileInfo was removed
Type FileType was removed
Field backupCompression was removed from object type FlagList
Field backupPendingDownload was removed from object type FlagList
Type IemDetails was removed
Argument additionalParams: ActiveQueriesExecuteSpecialParam was removed from field Mutation.canRunActiveQuery
Type for argument assetId on field Mutation.canRunActiveQuery changed from ID to ID!
Argument considerPrevStats: Boolean was removed from field Mutation.canRunActiveQuery
Argument force: Boolean was removed from field Mutation.canRunActiveQuery
Field createBackup was removed from object type Mutation
Type PairedMachine was removed
Type PairedMachineConnection was removed
Type PairedMachineEdge was removed
Field PortPolicyGroup.group changed type from PortGroup! to PortGroup
Field fullSweep was removed from object type PortScan
Input field fullSweep was removed from input object type PortScanOptionsParams
Field ProtocolPolicyGroup.group changed type from ProtocolGroup! to ProtocolGroup
Field backupDetails was removed from object type Query
Field iem was removed from object type Query
Field machineInfo was removed from object type Query
Field requestFile was removed from object type Query
Enum value BackupPendingDownload was removed from enum RemovableFlags
Field RulePolicyGroup.group changed type from RuleGroup! to RuleGroup
Field SchedulePolicyGroup.group changed type from ScheduleGroup! to ScheduleGroup
Type SyncStatus was removed
Field TagPolicyGroup.group changed type from TagGroup! to TagGroup
Field UserGroup.id changed type from String! to ID!
Field ValuePolicyGroup.group changed type from ValueGroup! to ValueGroup
Enum value HoneywellCodeDownload was added to enum ActivityPolicyEvent
Enum value HoneywellCodeUpload was added to enum ActivityPolicyEvent
Enum value RediscoveredAsset was added to enum ActivityPolicyEvent
Asset object implements AttackVectorStepAsset interface
Enum value lastHit was added to enum AssetField
Enum value segmentsIds was added to enum AssetField
Enum value Filter was added to enum AssetGroupType
Enum value ReadEmIcps was added to enum Capability
Enum value ReadPairing was added to enum Capability
Enum value WriteEmIcps was added to enum Capability
Enum value WritePairing was added to enum Capability
Member RediscoveredAsset was added to Union type EventDetails
Enum value RediscoveredAssetEvent was added to enum EventGroupType
Member RediscoveredAssetDef was added to Union type ExtraParametersUnion
Enum value lastHit was added to enum LinkField
Enum value segmentsIds was added to enum LinkField
Argument trace: Boolean added to field Mutation.canRunActiveQuery
Argument AutoLogoutDurationInSeconds: Int added to field Mutation.changeConfiguration
Argument EnableClassificationBanner: Boolean added to field Mutation.changeConfiguration
Argument UiClassificationBannerColor: ClassificationBannerColor added to field Mutation.changeConfiguration
Argument UiClassificationBannerText: String added to field Mutation.changeConfiguration
Argument providersMapping: [GroupProviderParams!] added to field Mutation.editUserGroup
Argument zones: [String!] added to field Mutation.editUserGroup
Argument caching: Boolean added to field Mutation.newSyslogServer
Argument providersMapping: [GroupProviderParams!] added to field Mutation.newUserGroup
Argument zones: [String!] added to field Mutation.newUserGroup
Argument caching: Boolean added to field Mutation.setSyslogServer
Argument caching: Boolean added to field Mutation.testAdHocSyslogServer
Enum value HoneywellCodeDownload was added to enum PolicyEventType
Enum value HoneywellCodeUpload was added to enum PolicyEventType
Enum value RediscoveredAsset was added to enum PolicyEventType
Input field portScanRange of type PortScanRange was added to input object type PortScanOptionsParams
Enum value IcpPairingRequestPendingApproval was added to enum RemovableFlags
Enum value WaitingForEmCertApproval was added to enum RemovableFlags
Enum value InProgress was added to enum ServerStatus
Field unresolvedDstCount was added to object type ActivityExclusion
Field unresolvedSrcCount was added to object type ActivityExclusion
Field usageInfo was added to object type ArubaServer
Field lastHit was added to object type Asset
Field unresolvedCtr was added to object type AssetExclusion
Field usageInfo was added to object type AssetFunction
Field usedInRestrictions was added to object type AssetFunction
Field zones was added to object type AssetFunction
Field usageInfo was added to interface AssetGroup
Field usedInRestrictions was added to interface AssetGroup
Field zones was added to interface AssetGroup
Field usageInfo was added to object type AssetList
Field usedInRestrictions was added to object type AssetList
Field zones was added to object type AssetList
Field usageInfo was added to object type AssetTypeFamilyGroup
Field usedInRestrictions was added to object type AssetTypeFamilyGroup
Field zones was added to object type AssetTypeFamilyGroup
Field AttackVectorStep.dstAsset is deprecated
Field AttackVectorStep.dstAsset has deprecation reason Deprecated since 3.18 (Zones), use dstAssetOrIps instead
Field dstAssetOrIps was added to object type AttackVectorStep
Field AttackVectorStep.srcAsset is deprecated
Field AttackVectorStep.srcAsset has deprecation reason Deprecated since 3.18 (Zones), use srcAssetOrIps instead
Field srcAssetOrIps was added to object type AttackVectorStep
Type AttackVectorStepAsset was added
Type AttackVectorStepIps was added
Type ClassificationBannerColor was added
Field AutoLogoutDurationInSeconds was added to object type Config
Field EmIcpAutoApprove was added to object type Config
Field EnableClassificationBanner was added to object type Config
Field UiClassificationBannerColor was added to object type Config
Field UiClassificationBannerText was added to object type Config
Field unresolvedDstCount was added to object type ConversationExclusion
Field unresolvedSrcCount was added to object type ConversationExclusion
Field unresolvedDstCount was added to object type DNP3Exclusion
Field unresolvedSrcCount was added to object type DNP3Exclusion
Type EmPairingStatus was added
Type EmUser was added
Type EmUserConnection was added
Type EmUserEdge was added
Type EmUserGroup was added
Type EmUserGroupConnection was added
Type EmUserGroupEdge was added
Field usageInfo was added to object type EmailGroup
Field icpPairingRequestPendingApproval was added to object type FlagList
Field waitingForEmCertApproval was added to object type FlagList
Field usageInfo was added to object type FortiGateServer
Type GroupProviderParams was added
Field unresolvedDstCount was added to object type IEC104Exclusion
Field unresolvedSrcCount was added to object type IEC104Exclusion
Type IcpEmPairingCertificateDetails was added
Type IcpEmPairingStatus was added
Type IcpEmPairingStatusInfo was added
Type IcpSensorExpressionsParams was added
Type IcpSensorField was added
Type IcpSensorSortParams was added
Type IcpSensorSortParamsComplexFields was added
Field unresolvedDstCount was added to object type IntrusionDetectionExclusion
Field unresolvedSrcCount was added to object type IntrusionDetectionExclusion
Field lastSync was added to object type IoServer
Field syncDetails was added to object type IoServer
Field usageInfo was added to object type IoServer
Field usageInfo was added to object type IpList
Field usedInRestrictions was added to object type IpList
Field zones was added to object type IpList
Field usageInfo was added to object type IpRange
Field usedInRestrictions was added to object type IpRange
Field zones was added to object type IpRange
Field lastHit was added to object type LeanAsset
Field addEmUser was added to object type Mutation
Field approveEmIcp was added to object type Mutation
Field approveIcpEmPairingCertificate was added to object type Mutation
Field archiveEmUserGroup was added to object type Mutation
Field archiveZone was added to object type Mutation
Field createZone was added to object type Mutation
Field deleteEmIcp was added to object type Mutation
Field deleteEmUser was added to object type Mutation
Field deleteIcpEmPairing was added to object type Mutation
Field editEmUserGroup was added to object type Mutation
Field newEmUserGroup was added to object type Mutation
Field newRediscoveredAssetPolicy was added to object type Mutation
Field setEmPassword was added to object type Mutation
Field setEmUserGroups was added to object type Mutation
Field setEmUserInfo was added to object type Mutation
Field setEmUserPassword was added to object type Mutation
Field setIcpEmPairingApiKeyConfiguration was added to object type Mutation
Field setIcpEmPairingCredentialsConfiguration was added to object type Mutation
Field setRediscoveredAssetPolicy was added to object type Mutation
Field updateZone was added to object type Mutation
Field schedule was added to object type OneServer
Field usageInfo was added to object type OneServer
Field unresolvedCtr was added to object type OpenPortExclusion
Type PairedIcp was added
Type PairedIcpConnection was added
Type PairedIcpEdge was added
Field usageInfo was added to object type PaloAltoServer
Field cisaKnownExploitedDates was added to object type PluginDetails
Field mitigatedAt was added to object type PluginHit
Field status was added to object type PluginHit
Type PluginHitStatus was added
Field usageInfo was added to object type PortGroup
Field portScanRange was added to object type PortScan
Type PortScanRange was added
Field usageInfo was added to object type ProtocolGroup
Field emArchivedUserGroups was added to object type Query
Field emPairedIcp was added to object type Query
Field emPairedIcps was added to object type Query
Field emUser was added to object type Query
Field emUserGroup was added to object type Query
Field emUserGroups was added to object type Query
Field emUserGroupsEmLevel was added to object type Query
Field emUserGroupsICPLevel was added to object type Query
Field emUsers was added to object type Query
Field icpEmPairingPendingCertificate was added to object type Query
Field icpEmPairingStatus was added to object type Query
Field iemSensorsRaw was added to object type Query
Field isEm was added to object type Query
Field plugin was added to object type Query
Field Query.userGroup changed type from UserGroup to UserGroup!
Field zone was added to object type Query
Field zones was added to object type Query
Type RawIcpSensorComplexFieldParams was added
Type RawIcpSensorComplexFieldParamsComplexFields was added
Type RawIcpSensorComplexGroupingParams was added
Type RawIcpSensorComplexGroupingParamsComplexFields was added
Field usageInfo was added to object type RecurringGroup
Field usedInRestrictions was added to object type RecurringGroup
Type RediscoveredAsset was added
Type RediscoveredAssetDef was added
Type RediscoveredAssetEvent was added
Type RediscoveredAssetParams was added
Type ReferenceByType was added
Field referencesByType was added to object type Rule
Field usageInfo was added to object type RuleGroup
Field usageInfo was added to object type SMTPServer
Field lastSync was added to object type ScServer
Field syncDetails was added to object type ScServer
Field usageInfo was added to object type ScServer
Field unresolvedCtr was added to object type ScanExclusion
Field usageInfo was added to object type ScheduleFunction
Field usedInRestrictions was added to object type ScheduleFunction
Field usageInfo was added to interface ScheduleGroup
Field usedInRestrictions was added to interface ScheduleGroup
Field usageInfo was added to object type SegmentGroup
Field usedInRestrictions was added to object type SegmentGroup
Field zones was added to object type SegmentGroup
Object type Sensitivity has description Enum of Sensitivity
Field activeQueriesEnabled was added to object type Site
Field cpuUsagePercentage was added to object type Site
Field Site.host description changed from The host name of the system to The host name/IP of the system
Field memUsagePercentage was added to object type Site
Field onlineSensorsCount was added to object type Site
Field totalMemBytes was added to object type Site
Field totalSensorsCount was added to object type Site
Field caching was added to object type SyslogServer
Field usageInfo was added to object type SyslogServer
Field usedForSystemLog was added to object type SyslogServer
Field usageInfo was added to object type TagGroup
Field unresolvedDstCount was added to object type TagWriteExclusion
Field unresolvedSrcCount was added to object type TagWriteExclusion
Field usageInfo was added to object type TimeInterval
Field usedInRestrictions was added to object type TimeInterval
Type UsageInfo was added
Field unresolvedCtr was added to object type UsbChangeExclusion
Field User.passwordTime description changed from When did you set the password to Password set time
Field providersMapping was added to object type UserGroup
Field usageInfo was added to object type UserGroup
Field zones was added to object type UserGroup
Type UserGroupAuthProvider was added
Type UserGroupAuthProviderConnection was added
Type UserGroupAuthProviderEdge was added
Field idsRuleSetDate was added to object type Version
Field nessusPluginSetDate was added to object type Version
Type Zone was added
Type ZoneConnection was added
Type ZoneEdge was added
Type isEmMachine was added
Filenames and MD5 or SHA-256 checksums are posted at the OT Security Download page.
Tenable OT Security 3.17.40 SP (2024-01-05)
New Features
Oracle Linux 8 Support
You can now install OT Security using the Tenable Core with Oracle Linux 8 option.
Passive Monitoring Support
When you run OT Security on Oracle Linux 8, you can use the ERSPAN (Encapsulated Remote Switch Port Analyzer) traffic feeds for passive monitoring.
Improvements
Upgrade to Tenable Nessus Network Monitor 6.3.1
OT Security now supports Tenable Nessus Network Monitor 6.3.1.
Management User Interface Changes
With the OT Security release on Oracle Linux 8, OT Security now has an improved login flow and management pages.
Bug Fixes
| Bug Fix | Defect ID |
|---|---|
| Fixed an issue where a memory leak affected the Shepherd container during passive monitoring. | 01735969 |
| Fixed an intermittent issue that prevented offline updates for Tenable plugins. | 01712160 |
| Fixed an issue where regular application restarts prevented the aging out of Tenable Nessus Network Monitor data. | 01678186 |
| Fixed an issue where policies with the "Not In" operator ignored recurring schedule groups. | 01687973 |
| Improved BACNet query for devices with uncommon implementations of the protocol. | 01640388 |
| Fixed an issue with incorrect policy alerts for Siemens PLC Start during code download activity. | NA |
| Fixed Siemens SIMATIC Manager (Step 7) Write Tag alerts to detect and report the write type. | NA |
| Fixed Siemens SIMATIC Manager (Step 7) Write Tag alerts to show the tag value along with the size. | NA |
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are posted at the Tenable OT Security Downloads page.