Tenable OT Security 3.14.15 Release Notes (2022-08-08)

You can download the Tenable OT Security (OT Security) update files from the Tenable downloads page.

Note: Starting with version 3.13, OT Security only supports Tenable Core. OT Security no longer supports Atomic OS. If you are unsure of what OS you have or how to upgrade to Tenable Core, contact Tenable support.

New Features

Usage Statistics

The Usage Statistics option specifies whether Tenable collects anonymous and non-sensitive telemetry data about your OT Security deployment. When enabled (by default), Tenable collects telemetry information that cannot be attributed to a specific individual; it is only collected at the company level. This information does not include Personal Data or personally identifiable information (PII). You can turn this option on or off on the Device page under Local Settings - System Configuration.

New sensor pairing and management

As of version 3.14, you can now use an authenticated sensor. The new sensor, based on Tenable Core OS, allows encrypted communication with the ICP through an SSH tunnel. You can also deploy the sensor on virtual machines. OT Security shows all sensors (version 3.7.18 and later) connected to the ICP on the new sensor page in the ICP as well as in a new widget on the inventory dashboard. The following new management options are available on the sensor page:

  • Pause and resume data

  • Delete and unpair sensor

  • Edit sensor name

  • Query actively more networks through the sensor

The option to connect the ICP to an unauthenticated sensor is still possible as in versions before 3.14. This option still appears in the grid with the following minimal management options:

  • Edit sensor name

  • Delete sensor

Active sensors

As part of the sensor's management options, you can now actively query assets accessible from the sensor. This significantly increases the sensor's capability to discover and identify assets.

You can manage the specific networks that each sensor should query. Once you define a network, the assets on that network become available for querying via the sensor's tunnel. Previously only the ICP could perform active queries, so some assets may not have had a networking route from the ICP.

You can manage this new capability centrally on the ICP for each authenticated sensor and for each specific network.

Notes:
  • This feature does not support active queries over layer 2.

  • You may encounter events associated with the sensor itself, which you can exclude if needed.

  • This ICP version does not support sensors version 3.7.18 and earlier. This will be fixed in the next SP.

Data plane monitoring for ICCP / IEC 60870-6/TASE.2

OT Security now passively monitors ICCP, a data plane protocol based on MMS, and detects the following common commands:

  • MMS Define Named Variable List

  • MMS Delete Named Variable List

  • ICCP Create Dataset

  • ICCP Bilateral Table Exchange

Predefined policies for the ICCP commands are now available. You can now configure and define these policies to monitor such events.

Standard passive support for Bosch PSI Controllers

OT Security added standard passive support for Bosch PSI controllers to facilitate the detection of common commands:

  • Bosch PSI Connect

  • Bosch PSI Disconnect

  • Bosch PSI Download Config

  • Bosch PSI Reset

Predefined policies are now available. You can now configure and define these policies to monitor such events.

Basic passive support for Schneider ION Power Meters

OT Security now passively identifies the device model, family, type, and firmware version of ION power meters. This support also facilitates the detection of their vulnerabilities.

Basic passive support for Wago 750 Controllers

OT Security now passively identifies the device model, family, type, firmware version, hardware version, and the serial number of Wago 750 controllers. This support also facilitates the detection of their vulnerabilities.

Permanent deletion of assets (API)

You can now delete assets completely with the API using the assets' IP addresses or CIDRs. This deletion propagates throughout the system (Inventory tables, Network map, Events tables, Attack vectors, Groups, License).

Notes:
  • When you delete an asset that is part of a backplane, OT Security also deletes the entire backplane.

  • If a deleted IP address reappears over the traffic, OT Security rediscovers the asset.

Localization

You can now change the language of the interface to French, German, Japanese, and Chinese.

UX/UI Improvements

  • Redesign of the Device settings page.

  • A new Port Configuration settings page - the port configuration section moved to a new dedicated page in the System Configuration settings.

New Tools

Idle Assets Hider Tool

The Idle Assets Hider Tool helps you keep your Inventory tables up-to-date. By using this tool, all assets that have been unavailable for a specified amount of time that you configure will be hidden.

Hidden Assets Deletion Tools

This tool allows you to delete hidden assets permanently. You can use this tool to delete assets quickly by first hiding the assets you want to delete and then running this tool.

Integrated Tenable Product Compatibility

The following table lists the Tenable product versions tested with OT Security 3.13.35.

Product Tested Versions
Tenable Security Center 5.11 and later
Nessus 8.10.1 and later