Tenable.ot 3.8.13 Release Notes (2020-10-08)

To download Tenable.ot upgrade files, see: https://tenable-ot.sharefile.com/d-s1fd50e753e84da29.

For a list of previous versions that are possible to perform a direct upgrade from, see: https://tenable-ot.sharefile.com/d-s6aa49a309774c14a.

New Features

Attack Vectors

Tenable.ot will now allow users to perform predictive attack analysis by calculating potential attack vectors for each asset. An attack vector is a communication path that an attacker might use to reach a given asset in the network, by leveraging network connectivity and vulnerabilities of assets along the way.

It's presented in the single asset details page, in a dedicated new sub-tab, that can be accessed via the navigation bar.

The user can either choose a specific asset as a potential starting point for the attack or leave it up to the system to identify the most critical vector.

Matching Tenable User Interface Look and Feel 

The Tenable.ot user interface now matches the rest of the Tenable product suite, particularly Tenable.io.

Integrations with Tenable.sc and Tenable.io can now be configured via the user interface

The respective configurations can be found in the ICP local settings tab. The user can set the frequency of data posting.

Cache for Syslog Messages

Syslog messages that are sent over TCP are now being cached in case of communication failures, to address syslog servers (e.g. SIEM systems) that are temporarily down. Cache size is up to 10,000 messages.

Detection of Vulnerabilities in Wibu's CodeMeter 

A predefined policy was added, aimed at flagging devices that are susceptible to vulnerabilities in Wibu's CodeMeter license manager, which is used by several industrial automation vendors. The policy is based on a Suricata rule released by the research team, in response to the CISA advisory on this matter.

Vendor Support

ABB AC500 - Basic Passive and Standard Active support were added.

Leveraging FTP Responses for Asset Fingerprinting

Asset details are extracted and used for fingerprinting and classification.

Bug Fixes

Bug Fix
Integration of Tenable.io require server key on any update
Suricata configuration for Dell PoweEdge HW
User failed to delete group after used in complex group
Ignore RDP events when are executed from the box (as part of Nessus)

API Changelog

For more information about the API changes for this release, see the Tenable.ot API Changelog.

Integrated Tenable Product Compatibility

The following table lists the Tenable product versions tested with this version of Tenable.ot.

Product Tested Version(s)
Tenable.sc 5.11 and later
Nessus 8.10.1 and later