Tenable OT Security 2026 Release Notes
Tip: You can subscribe to receive alerts for Tenable documentation updates.
(Early Access)Tenable OT Security 4.7.29 (2026-06-08)
New Features
Enterprise Management and Scale
Centralized Subnet Management from Enterprise Manager
OT Security now supports centralized subnet management from the Enterprise Manager, allowing OT administrators to define and manage network boundaries (CIDR) for all ICPs from a single location. This eliminates the need to configure each ICP individually, reducing operational overhead for organizations managing large numbers of ICPs and providing a single source of truth for network configuration across OT infrastructure.
-
Manage all ICP subnets from one central interface with per-site monitoring toggles.
-
Sites running older ICP versions appear in the management grid with clear upgrade indicators.
For more information, see Monitored Networks.
Critical Infrastructure Security
IEC 61850 GOOSE Stream Visibility and Anomaly Detection
OT Security now provides visibility into IEC 61850 GOOSE (Generic Object Oriented Substation Event) messages used in electric utility substations. GOOSE messages are unencrypted and unauthenticated, which makes them vulnerable to manipulation. OT Security passively monitors GOOSE traffic and generates alerts for anomalous activity to help electric utilities detect configuration changes, replay attacks, and potential manipulation attempts.
-
GOOSE Streams Table: Displays all passively monitored GOOSE traffic with key message attributes, including AppID, source, and control block information.
-
Dedicated GOOSE Streams Tab: Provides an integrated view under the IEC 61850 section in asset details, alongside the existing MMS Reports tab.
-
Anomaly Detection: Generates automatic alerts for configuration revision changes (confRev) that may indicate unauthorized modifications or replay attacks.
Yokogawa Centum VP DCS Activity Detection
OT Security now detects critical operational changes on Yokogawa Centum VP DCS systems, providing security teams with visibility into engineering activities that may indicate unauthorized access or configuration tampering in process control environments.
Detected activities include:
-
Controller start and stop events
-
Code edit and function block change operations
-
Write and delete tag operations
-
Snapshot save and load operations
-
Step and pause events (expected during maintenance windows; anomalous in production)
OT Agent for Disconnected Environments
OT Security Agent
The OT Security Agent now supports scanning in air-gapped or disconnected OT networks. Organizations that cannot deploy network sensors due to network segmentation or compliance requirements can achieve asset visibility and vulnerability coverage without direct network access.
-
Air-gapped network support: Built for isolated facilities, offshore vessels, and remote sites where traditional sensor deployment is not feasible.
-
Secure offline scanning: Collects and packages discovery data in a disconnected portable state and transfers it securely to the ICP without requiring a live connection.
-
Centralized Network Areas: A new entity that resolves duplicate IP conflicts across different sites (for example, identical factory floor layouts) by anchoring assets to their logical locations.
-
Local Agent UI: A native interface for field technicians to load scan profiles, track progress, and run scans offline.
-
OTD Scan Profiles: Bundles active discovery rules, credentials, and subnets into a downloadable scan profile package for field deployment.
For more information, see Scan Using Portable OT Agents.
User Experience Enhancements
Asset Side Panel View
OT Security now displays asset details in a side panel, allowing security analysts to review asset information without navigating away from findings or asset grids. Analysts can pivot between assets without losing their current context, reducing investigation time.
-
Faster asset-to-asset navigation without full page reloads.
-
Improved grid usability and visual design.
My Saved Views
OT Security now allows security analysts to save, name, and reuse custom filter combinations across asset and findings views. Saved views persist across sessions, eliminating repetitive filter configuration during recurring investigations.
-
Save any filter combination as a named view for instant reuse.
-
Personal views persist across sessions and are accessible from any page.
-
Access saved views from any asset or findings page.
For more information, see View Saved Filters.
Improvements
TLS Encryption for Syslog
Syslog forwarding now supports TLS encryption.
A new TCP with TLS option is available in the Syslog transport settings alongside the existing TCP and UDP options. When TLS is selected, port 6514 (RFC 5425) is suggested automatically. A Skip Certificate Verification toggle supports environments using self-signed certificates. If a TLS connection fails, OT Security does not fall back to plain-text transmission.
New Content
Vulnerabilities
Tenable identifies several new vulnerabilities in this release. See the complete list here for plugins published since the 4.6 release (February 26, 2026).
New OT Security Device Fingerprint Engine (DFE) Coverage
| Vendor | Product |
|---|---|
| Bosch | DINION IP Cameras |
| Siemens | SENTRON PAC |
| Phoenix Contact | Energy Measuring Devices |
| Juniper Networks | JUNOS Devices |
| Lantronix | Switches |
| Crestron Electronics | AirMedia Gateway |
| Weidmueller | UC20-SL2000 PLC |
| ORing | Industrial Ethernet Switches |
| SATO | Printers |
| AVTECH | Room Alert Monitoring Devices |
Bug Fix
| Bug Fix | Defect ID |
|---|---|
| OT Security now correctly updates scan results when all vulnerabilities on an asset are remediated. | 02456800 |
| OT Security no longer generates false events for Honeywell CeeDigitalOutputChangeMode when no CommandArg is present in the packet. | 02454132 |
| The ID filter no longer causes a browser tab crash when the asset UUID count is very large. | 02407800 |
| OT Security now correctly sets promiscuous mode on BCM57412 network adapters (bnxt_en driver). | 02468422 |
| Policy findings now correctly display real device IP addresses instead of internal mapped IPs (240.x.x.x) in overlapping network environments. | 02412844 |
| OT Security now correctly includes fixed plugins in scan results sent to Tenable Security Center, allowing Tenable Security Center to close mitigated findings. | 02478735 |
| Finding events are now correctly resolved when the associated finding is fully resolved. | 02459698 |
| OT Security now includes a configuration option to suppress IP extraction from CIP/EtherNet-IP payloads, preventing incorrect asset merges in overlapping network environments. | 02462535 |
| OT Security resolves an issue where assets hidden via the merge finalize window incorrectly reappeared in inventory due to a hash mismatch during delayed merge finalization. | NA |
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are posted at OT Security Downloads page.
Tenable OT Security 4.6.34 (2026-04-16)
New FeaturesCore Infrastructure and Scalability
Massive Subnet Scale Expansion — OT Security now supports up to 5,000 subnets to accommodate large-scale enterprise deployments. This increase improves the granularity of passive and intrusion detection system (IDS) detection. This visibility ensures you can monitor complex network environments without reaching architectural limits.
Centralized Monitored Subnet Management — OT Security now includes a new Monitored Networks page to help you manage your monitored networks.
Bulk Actions: Bulk-add subnets to reduce manual configuration time.
Granular Control: Toggle monitoring status for individual subnets during creation.
Inactive subnets: Create and manage subnets in your list without enabling monitoring.
For more information, see Monitored Networks.
Active Scanning and Vulnerability Management
Nessus Scan Credential Management — OT Security now offers a more flexible active scanning workflow allowing you to define specific credential usage when configuring Nessus scans:
Do Not Use Credentials: Perform scans without providing credentials.
Try All Available Credentials: Use all available credentials to ensure maximum coverage.
Use Only Specific Credentials: Select targeted credentials for high-sensitivity assets.
For more information, see Create a Nessus Plugin Scan.
Ecosystem and Integration
Seamless Tenable One Navigation — Accessing OT Security through Tenable One single sign-on (SSO) or SAML, now includes a Return to Tenable One link. enabling security analysts to pivot seamlessly between platforms without re-authenticating.
Maintenance and Diagnostics
ICP Remote Agent Updates — Allows remote updates of OT Agents directly from the ICP.
This reduces the need for local site visits or manual intervention when deploying the latest OT agent updates. For more information, see Update OT Agent.
Enhanced Asset Diagnostics — The Asset Diagnostics Export now includes deeper metadata and granular asset information to provide Tenable Support and Engineering teams with a more comprehensive snapshot for troubleshooting and asset verification.
ImprovementsICP-access System Logs from Enterprise Manager
When accessing the ICP dashboard through OT Security EM, OT Security generates a system log on the ICP.
OT Agent - Protocol and Query Restrictions Infrastructure
OT Security now supports query restrictions for OT agents.
Error Handling Framework Improvements
OT Security now includes improved system stability and provides specific error messages for backend processes.
User Interface Updates
OT Security 4.6 includes user interface updates for better data density and readability.
IoT Connector Improvements
OT Security now includes the following improvements for IoT Connectors:
IoT Connector Status — The status indicator now accurately reflects the integration health.
Data Retrieval — The IoT Agent now returns data to OT Security for AvigilonES, Exacq Edge, and Milestone integrations.
Connection Failures — OT Security ensures that the integration returns a null value when a connection fails for AvigilonES, Exacq Edge, and Milestone integrations.
Performance Improvements — OT Security shows improved processing for large Milestone integrations and ensures that you can run multiple integrations simultaneously.
Database Authentication — Windows authentication with MSSQL databases (IoT Agent) now works correctly.
Device Matching — Improved manufacturer matching when pulling generic ONVIF devices from Avigilon.
New ContentVulnerabilities
Tenable identifies several new vulnerabilities in this release. See the complete list here for plugins published since the 4.5 release (December 18, 2025).
New Tenable OT Security Device Fingerprint Engine (DFE) Coverage
| Vendor | Product |
|---|---|
| Starlink | Starlink Gen 3 satellite dish |
| Schneider | Triconex Safety Systems |
| Tripp Lite | SmartOnline UPS |
| Siemens | Power Meters 9000 |
| CUE Systems | IPCUE Controller |
| Honeywell | Industrial Printers |
| Konica Minolta | Bizhub Multifunction Printers |
| Printonix | Thermal Label Printers |
| HP Inc | LaserJet / DesignJet |
| Wachendorff Automation | Gateways / WebPanels |
| Schneider Electric | Legacy Modicon families |
| Jinan USR | USR Serial to Wifi Converters |
| EndRun Technologies | Sonoma Network Time Servers |
| TryStar | CyTime SER (Sequence Event Recorder) |
UpdatesNessus Plugin Set: 202604140952
IDS Threat Detection Rule Set: 202604052238
Device Fingerprinting Engine (DFE) Version: 202601252235
Bug Fix| Bug Fix | Defect ID |
|---|---|
| The state or snapshot queries on Siemens S7-1500 Firmware 2.9.4 now works correctly. | NA |
| Yokogawa Stardom firmware now shows correct values. | 02397709 |
| OT Security disabled the plugin 14788 in Nessus scans to prevent faults in the sensor tunnel with the ICP. | NA |
API ChangelogFor more information about OT Security APIs, see the API documentation.
Type DetailedPolicyFindingField was removed
Input field PolicyFindingsExpressionsParams.field changed type from DetailedPolicyFindingField to PolicyFindingFilterField
Input field PolicyFindingsSortParams.field changed type from DetailedPolicyFindingField to PolicyFindingFilterField
Input field PolicyFindingsSortParamsComplexFields.field changed type from DetailedPolicyFindingField to PolicyFindingFilterField
Input field RawPolicyFindingsComplexFieldParams.field changed type from DetailedPolicyFindingField to PolicyFindingFilterField
Input field RawPolicyFindingsComplexFieldParamsComplexFields.field changed type from DetailedPolicyFindingField to PolicyFindingFilterField
Input field RawPolicyFindingsComplexGroupingParams.field changed type from DetailedPolicyFindingField to PolicyFindingFilterField
Input field RawPolicyFindingsComplexGroupingParamsComplexFields.field changed type from DetailedPolicyFindingField to PolicyFindingFilterField
Enum value VersionMismatch was added to enum CannotUpdateDfeReason
Enum value VersionMismatch was added to enum CannotUpdatePluginSetReason
Enum value VersionMismatch was added to enum CannotUpdateSuricataRulesReason
Enum value ReadMonitoredSubnets was added to enum Capability
Enum value TOneLinks was added to enum Capability
Enum value WriteMonitoredSubnets was added to enum Capability
Enum value Cip1768Backplane was added to enum ConnectionType
Enum value EmptyMonitoredNetwork was added to enum ErrorCategory
Enum value UpdateUnavailable was added to enum ErrorCategory
Argument credentials: [ID!] added to field Mutation.editNessusUserScan
Argument credentialsMode: NessusUserScanCredentialsMode added to field Mutation.editNessusUserScan
Argument allowAutoInstallUpdates: Boolean! (with default value) added to field Mutation.editOtAgent
Argument credentials: [ID!] added to field Mutation.newNessusUserScan
Argument credentialsMode: NessusUserScanCredentialsMode added to field Mutation.newNessusUserScan
Enum value RollbackUpdate was added to enum OtAgentAction
Enum value autoInstallUpdates was added to enum OtAgentSelectField
Enum value scoutAvailableVersion was added to enum OtAgentSelectField
Enum value scoutBackupAvailable was added to enum OtAgentSelectField
Enum value scoutBackupVersion was added to enum OtAgentSelectField
Enum value scoutCheckedForUpdatesTs was added to enum OtAgentSelectField
Enum value scoutUpdatedTs was added to enum OtAgentSelectField
Argument policyEligible: Boolean added to field Query.assetGroups
Field Asset.lastSnapshot description changed from Latest time of the last snapshot made on the asset to The time of the last snapshot change detected on the asset
Type AssetLayoutSection was added
Field OtAgentAutoUpdate was added to object type Config
Type DisplayName was added
Field otAgentUpdateAvailable was added to object type FlagList
Field LeanAsset.lastSnapshot description changed from Latest time of the last snapshot made on the asset to The time of the last snapshot change detected on the asset
Type MonitoredNetwork was added
Type MonitoredNetworkCategory was added
Type MonitoredNetworkConnection was added
Type MonitoredNetworkEdge was added
Type MonitoredNetworkField was added
Type MonitoredNetworksExpressionsParams was added
Type MonitoredNetworksSortParams was added
Type MonitoredNetworksSortParamsComplexFields was added
Field addMonitoredNetwork was added to object type Mutation
Field bulkAddMonitoredNetwork was added to object type Mutation
Field deleteMonitoredNetworks was added to object type Mutation
Field disableMonitoredNetwork was added to object type Mutation
Field editMonitoredNetwork was added to object type Mutation
Field enableMonitoredNetwork was added to object type Mutation
Field logRemoteConnection was added to object type Mutation
Field credentials was added to object type NessusUserScan
Field credentialsMode was added to object type NessusUserScan
Type NessusUserScanCredentialsMode was added
Field autoInstallUpdates was added to object type OtAgentDetails
Field scoutAvailableVersion was added to object type OtAgentDetails
Field scoutBackupAvailable was added to object type OtAgentDetails
Field scoutBackupVersion was added to object type OtAgentDetails
Field scoutCheckedForUpdatesTs was added to object type OtAgentDetails
Field scoutUpdatedTs was added to object type OtAgentDetails
Type PolicyFindingFilterField was added
Field monitoredNetworks was added to object type Query
Field monitoredNetworksRaw was added to object type Query
Field scoutBinaryStatus was added to object type Query
Type RawMonitoredNetworksComplexFieldParams was added
Type RawMonitoredNetworksComplexFieldParamsComplexFields was added
Type RawMonitoredNetworksComplexGroupingParams was added
Type RawMonitoredNetworksComplexGroupingParamsComplexFields was added
Type ScoutBinaryStatus was added Filenames and MD5 or SHA-256 checksums are posted at OT Security Downloads page.
Tenable OT Security 4.5.61 SP (2026-03-06)
ConsiderationsAll OT Security 4.5 users must upgrade to the 4.5 Service Pack to resolve a critical issue affecting system stability and policy events. This issue occurs when the system processes high volumes of network conversations with event policies that depend on dynamic asset groups containing thousands of assets.
Bug Fix| Bug Fix | Defect ID |
|---|---|
| OT Security ensures system stability when processing high volumes of concurrent network conversations evaluated against event policies using dynamic asset groups. | 02420590 02429400 |
| OT Security now correctly upgrades from 4.2.33 to 4.5.54 without any memory error. | 02410077 |
| Rockwell Stratix devices now correctly display the Cisco IOS or Switch firmware version (via SNMP) instead of the CIP firmware version. | 02259051 |
| Tenable OT Security Enterprise Manager (EM) updates no longer accumulate or cause a system error if you trigger a new update while a previous update is in progress. | NA |
| Nessus scans with SNMP v3 credentials now work as expected. | 02410044 |
| OT Security now ensures that syslog files include the correct IP addresses for duplicated networks. | NA |