Tenable.ot 3.14.15 Release Notes (2022-08-08)
You can download the Tenable.ot update files from the Tenable downloads page.
Note: Starting with version 3.13, Tenable.ot only supports Tenable Core. Tenable.ot no longer supports Atomic OS. If you are unsure of what OS you have or how to upgrade to Tenable Core, contact Tenable support.
The Usage Statistics option specifies whether Tenable collects anonymous and non-sensitive telemetry data about your Tenable.ot deployment. When enabled (by default), Tenable collects telemetry information that cannot be attributed to a specific individual; it is only collected at the company level. This information does not include Personal Data or personally identifiable information (PII). You can turn this option on or off on the Device page under Local Settings - System Configuration.
New sensor pairing and management
As of version 3.14, you can now use an authenticated sensor. The new sensor, based on Tenable Core OS, allows encrypted communication with the ICP through an SSH tunnel. You can also deploy the sensor on virtual machines. Tenable.ot shows all sensors (version 3.7.18 and later) connected to the ICP on the new sensor page in the ICP as well as in a new widget on the inventory dashboard. The following new management options are available on the sensor page:
Pause and resume data
Delete and unpair sensor
Edit sensor name
Query actively more networks through the sensor
The option to connect the ICP to an unauthenticated sensor is still possible as in versions before 3.14. This option still appears in the grid with the following minimal management options:
Edit sensor name
As part of the sensor's management options, you can now actively query assets accessible from the sensor. This significantly increases the sensor's capability to discover and identify assets.
You can manage the specific networks that each sensor should query. Once you define a network, the assets on that network become available for querying via the sensor's tunnel. Previously only the ICP could perform active queries, so some assets may not have had a networking route from the ICP.
You can manage this new capability centrally on the ICP for each authenticated sensor and for each specific network.
This feature does not support active queries over layer 2.
You may encounter events associated with the sensor itself, which you can exclude if needed.
This ICP version does not support sensors version 3.7.18 and earlier. This will be fixed in the next SP.
Data plane monitoring for ICCP / IEC 60870-6/TASE.2
Tenable.ot now passively monitors ICCP, a data plane protocol based on MMS, and detects the following common commands:
MMS Define Named Variable List
MMS Delete Named Variable List
ICCP Create Dataset
ICCP Bilateral Table Exchange
Predefined policies for the ICCP commands are now available. You can now configure and define these policies to monitor such events.
Standard passive support for Bosch PSI Controllers
Tenable.ot added standard passive support for Bosch PSI controllers to facilitate the detection of common commands:
Bosch PSI Connect
Bosch PSI Disconnect
Bosch PSI Download Config
Bosch PSI Reset
Predefined policies are now available. You can now configure and define these policies to monitor such events.
Basic passive support for Schneider ION Power Meters
Tenable.ot now passively identifies the device model, family, type, and firmware version of ION power meters. This support also facilitates the detection of their vulnerabilities.
Basic passive support for Wago 750 Controllers
Tenable.ot now passively identifies the device model, family, type, firmware version, hardware version, and the serial number of Wago 750 controllers. This support also facilitates the detection of their vulnerabilities.
Permanent deletion of assets (API)
You can now delete assets completely with the API using the assets' IP addresses or CIDRs. This deletion propagates throughout the system (Inventory tables, Network map, Events tables, Attack vectors, Groups, License).
When you delete an asset that is part of a backplane, Tenable.ot also deletes the entire backplane.
If a deleted IP address reappears over the traffic, Tenable.ot rediscovers the asset.
You can now change the language of the interface to French, German, Japanese, and Chinese.
Redesign of the Device settings page.
A new Port Configuration settings page - the port configuration section moved to a new dedicated page in the System Configuration settings.
Idle Assets Hider Tool
The Idle Assets Hider Tool helps you keep your Inventory tables up-to-date. By using this tool, all assets that have been unavailable for a specified amount of time that you configure will be hidden.
Hidden Assets Deletion Tools
This tool allows you to delete hidden assets permanently. You can use this tool to delete assets quickly by first hiding the assets you want to delete and then running this tool.
Integrated Tenable Product Compatibility
The following table lists the Tenable product versions tested with Tenable.ot 3.13.35.
|Tenable.sc||5.11 and later|
|Nessus||8.10.1 and later|