System and License Requirements

To install and run Tenable Core + Tenable OT Security or Tenable OT Security Sensor, your application and system must meet the following requirements.

Note: Tenable Support does not assist with issues related to your host operating system, even if you encounter them during installation or deployment.

Environment Tenable Core File Format More Information
Virtual Machine VMware .ova file

Deploy Tenable Core in VMware

Tenable-provided hardware

.iso image

Install Tenable Core on Tenable-Provided Hardware

Note: Tenable Core + OT Security requires Tenable-provided hardware. For more information, contact your Tenable representative.

Note: While you could use the packages to run Tenable Core in other environments, Tenable does not provide documentation for those procedures.

OT Security Requirements

Note: Tenable does not recommend deploying multiple applications on a single instance of Tenable Core. If you want to deploy several applications on Tenable Core, deploy a unique instance for each application.

Tenable Core + Tenable OT Security ships with the latest version of OT Security included.

For more information about requirements specifically for OT Security, see OT Security in the General Requirements Guide.

OT Security System Requirements

You can Install OT Security on a hypervisor1 or directly on user-supplied hardware running Tenable Core.

Note: Tenable strongly discourages running Tenable Core + OT Security in an environment shared with other Tenable applications. (For example, installing two products on the same virtual machine, or in the same Tenable Core system.)

Storage Requirements

Tenable recommends installing OT Security on direct-attached storage (DAS) devices, preferably solid-state drives (SSD), for best performance. Tenable strongly encourages the use of solid-state storage (SSS) that have a high drive-writes-per-day (DWPD) rating to ensure longevity.

Tenable does not support installing OT Security on network-attached storage (NAS) devices. Storage area networks (SAN) with a storage latency of 10 milliseconds or less, or Tenable hardware appliances, are a good alternative in such cases.

Disk Space Requirements

Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for deployments include raw network speed, the size of the network to monitor, and the configuration of the application. Processors, memory, and network card selection are heavily based on these deployment configurations. Disk space requirements vary depending on usage based on the amount of data, and length of time, you store data on the system.

Note:OT Security needs to be able to perform full packet captures of monitored traffic2, and the size of the policy event data stored by OT Security depends on the number of devices and the type of environment.

ICP System Requirement Guidelines (Virtual or Tenable Core)

Site Size Maximum SPAN/TAP Throughput (Mbps) CPU Cores3 Memory (DDR4) Storage Requirements Network Interfaces
Small 150 Mbps or less 4 x 2 GHz 12 GB RAM 128 GB Minimum 4 x 1 Gbps
Medium 150-300 Mbps 8 x 2 GHz 16 GB RAM 512 GB Minimum 4 x 1 Gbps
Large 300-600 Mbps 16 x 2 GHz 32 GB RAM 1 TB Minimum 4 x 1 Gbps
XL 600 Mbps to 1 GB 32 x 3 GHz 64 GB RAM or more 2 TB or more Minimum 4 x 1 Gbps

Disk Partition Requirements

OT Security uses the following mounted partitions:

Partition Content
/ operating system
/opt application and database files
/var/pcap packet captures (full packet capture, event, query)

The standard install process places these partitions on the same disk. Tenable recommends moving these to partitions on separate disks to increase throughput. OT Security is a disk-intensive application and using disks with high read/write speeds, such as SSDs, results in the best performance. Tenable recommends using an SSD with high DWPD ratings on customer-supplied hardware installations when using the packet capture feature in OT Security.

Tip: Deploying OT Security on a hardware platform configured with a redundant array of independent disks (RAID 0) can dramatically boost performance.

Tip: Tenable does not require RAID disks for even our largest customers. However, in one instance, response times for queries with a faster RAID disk for a customer with more than one million managed vulnerabilities moved from a few seconds to less than a second.

Network Interface Requirements

You must have four network interfaces present on your device before installing OT Security. Tenable recommends the use of gigabit interfaces. The VMWare OVA creates these interfaces automatically. Create these interfaces manually when you are installing the ISO on your own hardware.

Note: Tenable does not provide SR-IOV support for the use of 10 G network cards and does not guarantee 10 G speeds with the use of 10 G network cards.

NIC Requirements

nic0( and nic3 ( have static IP addresses when you install Tenable Core + Tenable OT Security in a hardware, or virtual, environment. Other network interface controllers (NICs) use DHCP.

nic3 ( has a static IP address when you deploy Tenable Core + Tenable OT Security on VMware. Other NICs use DHCP. Confirm that the Tenable Core nic1 MAC address matches the NIC MAC address in your VMware passive scanning configuration. Modify your VMware configuration to match your Tenable Core MAC address if necessary.

For more information, see Manually Configure a Static IP Address, Manage System Networking, and the VMware Documentation.