Tenable.ot 3.8.13 Release Notes (2020-10-08)
To download Tenable.ot upgrade files, see: https://tenable-ot.sharefile.com/d-s1fd50e753e84da29.
For a list of previous versions that are possible to perform a direct upgrade from, see: https://tenable-ot.sharefile.com/d-s6aa49a309774c14a.
Tenable.ot will now allow users to perform predictive attack analysis by calculating potential attack vectors for each asset. An attack vector is a communication path that an attacker might use to reach a given asset in the network, by leveraging network connectivity and vulnerabilities of assets along the way.
It's presented in the single asset details page, in a dedicated new sub-tab, that can be accessed via the navigation bar.
The user can either choose a specific asset as a potential starting point for the attack or leave it up to the system to identify the most critical vector.
Matching Tenable User Interface Look and Feel
The Tenable.ot user interface now matches the rest of the Tenable product suite, particularly Tenable.io.
Integrations with Tenable.sc and Tenable.io can now be configured via the user interface
The respective configurations can be found in the ICP local settings tab. The user can set the frequency of data posting.
Cache for Syslog Messages
Syslog messages that are sent over TCP are now being cached in case of communication failures, to address syslog servers (e.g. SIEM systems) that are temporarily down. Cache size is up to 10,000 messages.
Detection of Vulnerabilities in Wibu's CodeMeter
A predefined policy was added, aimed at flagging devices that are susceptible to vulnerabilities in Wibu's CodeMeter license manager, which is used by several industrial automation vendors. The policy is based on a Suricata rule released by the research team, in response to the CISA advisory on this matter.
ABB AC500 - Basic Passive and Standard Active support were added.
Leveraging FTP Responses for Asset Fingerprinting
Asset details are extracted and used for fingerprinting and classification.
|Integration of Tenable.io require server key on any update|
|Suricata configuration for Dell PoweEdge HW|
|User failed to delete group after used in complex group|
|Ignore RDP events when are executed from the box (as part of Nessus)|
For more information about the API changes for this release, see the Tenable.ot API Changelog.
Integrated Tenable Product Compatibility
The following table lists the Tenable product versions tested with this version of Tenable.ot.
|Tenable.sc||5.11 and later|
|Nessus||8.10.1 and later|