Tenable.ot 3.6.26 Release Notes (2020-06-17)

To download Tenable.ot upgrade files, see: https://indegy.sharefile.com/share/view/se7c5a8e3ae840868.

For a list of previous versions that are possible to perform a direct upgrade from, see: https://indegy.sharefile.com/d-scc1038977f54f58a.

For documentation relating to this release, see the Tenable.ot 3.6.x User Guide.

New Features

Vendor Support

  • Bachmann M1 - Standard Active Support
  • Moxa Devices - Basic Passive Support

Threat Detection

  • DNP3 Events - The system now detects various DNP3 commands, e.g. Select, Operate, Warm/Cold restart etc, as well as errors originating from internal indicators, such as function codes that are not supported and parameter related errors.
  • Non-secure FTP and Telnet logins - The system now alerts on login attempts in both FTP and Telnet, and indicates whether the login was successful or not.
  • ABB Data Plane events - The system now detects unauthorized MMS write events to ABB 800xA controllers. With that, users can get alerts on any write commands, and set allowed ranges for operational parameters. This is currently available only over the API.

Risk Widget

A designated widget presenting the risk score of each asset was added. This widget consists of a breakdown of the different components on which the risk score of the asset is based - e.g. the events associated with it, its detected vulnerabilities as well as its user defined criticality.

Vulnerabilities

The system now detects various asset-specific and network-wide vulnerabilities, beyond CVEs. Examples are: existence of obsolete versions of M-S Windows, usage of unsafe protocols and open network ports known to be risky.

Exclusions

The system now allows the user to exclude an event from a policy. Excluding an event after it was flagged will mean there'll be no future occurrences of similar events as a result of the same policy. This increases the user control over which events are being flagged and reduces false positives. This is being done directly from the events grid.

Usability Improvements

  • Bulk Edit of Asset Details - Users can now edit details of multiple assets at once. Users can select a range of assets using Shift Key.
  • Expansion of the Events Power Panel - Users can now set the height of the Power Panel in the Events grid -either collapsing it to ease browsing through the grid or expand it to investigate the details of a certain event.
  • The system now allows users to configure the accessible URL for the UI (FQDN), supporting only one accessible URL at any given time.

Berkeley Packet Filter

Berkeley Packet Filter (BPF) was now implemented on the ICP, to allow filtering inbound traffic to it.

Bug Fixes

Bug Fix
Groups name links are not working.
Reports - "Failed to generate report" is displayed, but report is created. 
Vulnerabilities single page - Actions button is disabled. 
Policies - SCADA Events - Can't create DNP policies. 
Read only user - Vulnerabilities - Single page is not displayed. 
FTP Events - Event trigger without details - Should extract the clear text credentials.
Events - Download capture file - Can't download pcap for event when first capture file is still ongoing.

Integrated Tenable Product Compatibility

The following table lists the Tenable product versions tested with Tenable.ot 3.6.26.

Product Tested Version(s)
Tenable.sc 5.11 and later