Tenable.ot 3.10.30 Release Notes (2021-04-02)

To download Tenable.ot upgrade files, see: https://indegy.sharefile.com/d-sefd2cdb497da4223a885e891359856b6.

For a list of previous versions that are possible to perform a direct upgrade from, see: https://indegy.sharefile.com/d-s319d84f576954fc2a9ae1e4f6550f2b2.

New Features

Vendor Support

  • Unitronics Vision - Standard Active Support

  • Saia PCD - Standard Passive Support

  • GE 90-30, RX3i, Rx7i, VersaMax - Standard Active Support

  • Basic Active Support Added for the following devices:

  • Yokogawa STARDOM

  • Omron CJ2

  • Eaton SMP Gateways

  • Cisco Stratix 5400

  • Brocade ICX 6610

  • Brickcom Network Cameras

Tenable.ot Licensing

Tenable.ot now uses the same licensing mechanism that the rest of the product suite is based on. The license type depends on the number of monitored assets and is subscription based.

Note: Users upgrading from a version earlier than Tenable.ot 3.10.x should make sure they have an activation code ahead of the upgrade to make sure the upgraded system is fully licensed.

Use a CSV Editor to Edit Asset Characteristics 

Users can now use an external CSV editor (e.g. Microsoft Excel) to set or change the user-editable data fields of assets. To use this, export the All-Assets grid to a CSV file, edit (the editable) details and then upload the result file via the asset settings sub-tab.

Role Based Access Control

New roles and ways to manage groups of users were added. Four new types of roles —supervisor, security manager, security analyst and site manager— can now be assigned to every new user that is being created. Each of these user roles has its own designated permissions. The system also supports user groups that allow managing users that have the same role, together. These two new capabilities help make user and permissions management easier and more flexible.

Notes:

  • API Keys - Starting in version 3.10, external users (Active Directory users and any other authenticated external users) won't be able to create API keys. This change was done since API keys are now directly attached to specific users, as opposed to roles. Existing API keys that were created using AD users will be migrated from the original AD user that created them to two new users that will be created automatically - "Migrated Admin API Key" and "Migrated Read-only API Key". Each one of these users will hold the relevant API keys. In order to login into these two users, the local admin will need to change their passwords. In addition, Read-only API Keys of local admin users will be migrated to the "Migrated Read-only API Key" user.

  • Active Directory Admins (External Admins) will not be able to manage local users, change the AD settings or perform factory resets to the device.

  • IEM users will no longer be able to manage local users, generate API keys or change the AD settings on local ICP devices.

Upgrading Tenable.ot from the Tenable Core Interface

Users can now upgrade their product version via the Tenable Core operating system interface. While this feature is being introduced in version 3.10 it'll naturally only be used in practice when a SP of it or V.3.11 will be released. This greatly simplifies the system upgrade process, allowing users to be always up-to-date with the latest-and-greatest product capabilities as well as security related patches.

New Custom Field Type - Hyperlink

Users can now navigate directly from the user interface to remote network locations, by using a custom field of the new type 'hyperlink,' purposed for web addresses or remote network data folders.

FortiGate Integration

The integration with FortiGate allows using Tenable.ot events to automatically create firewall rules (known as 'enforcement policies' in FortiGate) of FortiGate's next-generation firewalls in order to block unwanted or malicious communications

Detailed Event Emails

The emails users receive as a result of an event will now include more comprehensive information about it, including the policy that triggered the event and data regarding the associated assets.

Bug Fixes

Bug Fix
Active Directory | Configurations | user selected certificate not send by user interface
Grids | BE Filters | UI failed to open filter options and start infinite loop
Edit rule group | edit a group when all available rules are selected is causing to page unresponsive

Integrated Tenable Product Compatibility

The following table lists the Tenable product versions tested with this version of Tenable.ot.

Product Tested Version(s)
Tenable.sc 5.11 and later
Nessus 8.10.1 and later