Tenable OT Security 2024 版本说明
Tenable OT Security 3.18.58 SP(2024 年 6 月 4 日)
缺陷修复
| 缺陷修复 | 缺陷 ID |
|---|---|
| 修复了将设备主机名配置为空白时,SEL 设备无法获取正确型号信息的问题。 | 01754608 |
| 修复了 SEL 设备缺少次要固件版本检测的问题。 | 01780269 |
| 修复了从 3.17 版升级到 3.18 版时,无效或空的资产组可能会丢失的问题。 | 01805247 |
| 修复了未正确解析特定版本的 Schneider Electric 设备固件版本的问题。 | 01829778 |
| 修复了 Tenable OT Security 3.18 版未按照配置使用代理与 Tenable Security Center 进行集成的问题。 | 01810329 |
| 修复了发送到 Tenable Security Center 或 Tenable Vulnerability Management 的插件输出中 HTML 字符未正确转义的问题。 | 不适用 |
| 修复了 3.18.51 版中“代码修订”选项卡缺少图标的问题。 | 不适用 |
| 修复了 3.18 版中,以“任何资产”组作为来源或目标的策略出现误报的问题。 | 不适用 |
| 修复了基于 IP 子网列表的区域中使用的资产组显示为无资产的问题。 | 不适用 |
已知缺陷
-
升级过程期间可能出现一个问题,需要您调整 /tmp 分区的大小。如果由于空间不足导致升级失败,请调整 /tmp 分区的大小。
Tenable OT Security 3.18.51 (2024-03-15)
升级前的注意事项
EM-ICP 配对迁移
-
升级到版本 3.18 后,重新配对所有之前链接的站点或 ICP。
-
新升级的 Tenable OT Security Enterprise Manager (OT Security EM) 3.18 版没有链接的站点,因此您需要配对 ICP。
-
升级 OT Security EM 之前,务必将已配对的站点 (ICP) 列表记录下来。
-
如果您未能对之前链接的站点生成快照或进行记录,可使用脚本获取这些详细信息。如需帮助,请联系 Tenable 支持部门。
Enterprise Manager (EM) — 许可
-
OT Security EM 现在具有用于激活控制台的产品内许可。
-
所有 OT Security EM 客户都应具有 EM 专用的 20 位激活代码。
-
如果您没有 EM 激活代码,请联系 Customer Success Manager。
ICP 升级期间的许可证强制执行
-
升级 Tenable OT Security (ICP) 时,许可证必须有效才能开始更新。
-
如果许可证已超出限制或过期,许可证将不再自动更新或者您需要重新应用许可证。
新功能
供应商和协议支持
-
Honeywell C300 — OT 安全 包括以下可检测代码上传和下载事件的新策略。
-
Honeywell 代码下载
-
Honeywell 代码上传
-
-
Siemens SICAM 8050 RTU — OT 安全 现在通过 SNMP v3 支持 Siemens SICAM 8050 RTU。可以直接向这些设备发送查询,以对其进行检测和指纹采样。用于对这些 RTU 进行指纹采样的主动查询依赖 SNMP v3,该版本要求提供 SNMPv3 凭据。
基于角色的访问控制 (ICP)
OT 安全 现在包含对“本地设置”>“用户管理”所做的以下更改:
-
产品管理员现在可使用区域配置用户组的权限。
-
可配置的区域基于资产组。
-
这些区域确定了用户或组可以查看的资产。
-
用户只能查看属于其用户组的资产,以及与这些资产相关的漏洞和事件。
-
OT 安全 负责监控区域外的资产,但对相关区域之外的用户隐藏这些资产。
-
您可以将非管理员帐户配置为归属于特定组和区域,以限制其对相关资产的可见性。
Enterprise Manager - 基于角色的访问控制
OT Security EM 现在包含对“本地设置”>“用户管理”所做的以下更改:
-
包含用于控制每个链接站点的可见性和管理权限的设置。
-
您现在可以控制哪些用户组可以访问每个 OT 安全 ICP。
-
您现在可以在 OT Security EM 和 ICP 级别配置用户的权限。每个 EM 用户现在都可以访问链接的 ICP,并将访问权限设置为只读或写入。
Enterprise Manager - 身份验证提供程序(LDAP、AD 和 SAML)支持
-
在 OT Security EM 中,您现在可以利用 SSO 提供程序 (SAML) 进行身份验证。
-
OT Security EM 现在支持配置 AD 和 LDAP 身份验证。
Enterprise Manager - 通过 OT 安全 界面实现 ICP-EM 配对过程
-
您现在可以使用 OT 安全 中的 Enterprise Manager 页面将 ICP 与 OT Security EM 配对。您可以使用 API 密钥或用户名和密码进行配对。
-
Enterprise Manager 页面包含将 ICP 与 EM 配对的分步指南。
-
在 OT 安全 中,您可通过“本地设置”>“系统配置”>“Enterprise Manager”访问该页面。有关更多信息,请参阅“将 ICP 与 Enterprise Manager 配对”。
可自定义的分类横幅
-
OT 安全 现在在“本地设置”>“设备”页面中包含“分类横幅”选项。出于合规性目的,您可以使用此选项在 OT 安全 界面上启用持久性横幅。例如:向界面添加横幅“机密”。
-
为符合 DFARS 252.204-7012 的规定,您现在可以相应地为此类 CUI(受控非密信息)或敏感数据设置该横幅。
-
用户无法清除或隐藏此横幅或分类标记。此全局设置影响所有 OT 安全 用户。
Tenable One — 发现结果和缺陷
-
如果您已将 OT 安全 与 Tenable One 集成,现在无需进一步配置,即可在 Tenable One 中查看并优先处理 OT 安全 漏洞。
-
升级到最新版本后,您可以在 Tenable One 中同时访问资产上下文和漏洞详细信息。
“重新发现的资产”策略
-
OT 安全 现在包含新策略:重新发现的资产。
-
“重新发现的资产”策略可让您跟踪在特定时间段内处于离线状态的资产。
-
默认策略名称为“在资产无活动两小时后重新发现”。
-
您可以通过“策略”>“网络事件”>“重新发现的资产”创建此策略。
自定义威胁检测 (IDS) 签名
-
现在,您可以将所有 IDS 特定的入侵指标 (IoC) 手动上传到 OT 安全。
-
您现在可使用命令行将 Suricata 格式化的 IDS 规则导入 OT 安全。
Syslog 事件警报缓存(“存储并转发”)
-
若在使用 TCP Syslog 时出现连接中断的情况,OT 安全 会缓存事件并在网络连接重新建立后发送这些事件。
-
在“本地设置”>“Syslog 服务器”中创建新的 Syslog 服务器时,“允许 syslog 消息缓存”选项可用。
-
在连接中断时,OT 安全 会按排队顺序即时发送缓存的事件。
改进
Enterprise Manager — 站点传感器可见性
-
OT Security EM 现在包括以下两个传感器特定的小组件:
-
传感器状态:表示在线与离线传感器的数量。
-
每个站点的传感器数:表示链接到 OT Security EM 的每个站点的在线或离线传感器的数量。
-
Enterprise Manager — 许可
-
OT Security EM 现在具有用于激活控制台的产品内许可。如果您没有 EM 的激活代码,请联系 Customer Success Manager。
Enterprise Manager — 设备详细信息
-
OT Security EM 包含关于所有配对的 OT 安全 设备 (ICP) 的以下额外指标:
-
CPU 利用率、内存、磁盘、插件及 IDS 时间戳,以及许可证属性和消耗情况。
-
“ICP”页面的“传感器”列显示传感器总数以及在线传感器数量。该列还包含指向该站点的“传感器”页面的链接。
-
身份验证服务器的新配置工作流
-
OT Security EM 现在包含经过简化的 AD/SSO/LDAP 配置工作流。
-
您现在可以将 OT 安全 中的用户组分配到特定的身份验证服务器。
-
此改进的身份验证服务器工作流会同时影响 OT 安全 和 OT Security EM。
对 KEV 插件属性的支持
若 OT 安全 检测到的任何漏洞已收录在美国网络安全和基础设施安全局 (CISA) 已知被利用漏洞 (KEV) 目录中,页面现在会显示其到期日期。KEV 目录有助于安全团队确定应首先修复哪些风险,从而降低对组织构成的最大威胁。有关更多信息,请参阅“已知被利用漏洞”。
Tenable 软件更新
OT 安全 现已更新到最新版本的 Tenable Nessus 和 Tenable Nessus Network Monitor。
多个身份验证服务器
OT 安全 现在支持多个身份验证服务器,以便于在组织中使用多种 SSO 或 LDAP 服务。
主动查询 — 多端口配置
OT 安全 现在可以发起针对单个协议的多个端口的主动查询。如果您的组织对同一协议使用多种网络端口,您可以告知 OT 安全 检查所有可能的端口以获取有关设备或服务的详细信息。
许可证升级要求
更新 OT 安全 时,确保许可证未过期或超出限制。如果出现这种情况,请在完成软件更新后重新为系统授权。
对 WMI 安装软件的改进 — Windows LTSC 支持
Windows 长期服务通道 (LTSC) 设备上的 WMI 查询现在可以准确请求并列出所有安装的软件。
备份和还原 - 由 Tenable Core 提供支持
备份和还原功能已从 OT 安全 中移出,并在 Tenable Core 中启用,以便您可以在 OT 安全 中管理备份并还原备份。您现在可以在 Tenable Core 中的“备份/还原”下配置系统备份。有关更多信息,请参阅《Tenable Core 用户指南》中的“还原备份”。
DNS 配置变更
DNS 服务器配置已从 OT 安全 移动到 Tenable Core 中的“网络”页面。
新内容
漏洞
OT 安全 现在能识别以下新漏洞:
| 供应商 | 系列/型号 | 插件 ID |
|---|---|---|
| Honeywell | Experion | 501610-501613 |
| Schneider | BMX, NOE, NOC, tsxp, ion | 501194-501220, 501834-501835 |
| Mitsubishi | Melsec, fx3u, fx5 | 501187-501190, 501221-501224, 501598, 501762, 501838, 501843, 501931-501932, 501955 |
| Wago | 750 | 501227, 501599-501600, 501641-501655, 501994, 501995 |
| Siemens | q200, Scalance, Ruggedcom, Logo!, Insydeh2o | 501424-501425, 501588-501597, 501616-501640, 501660-501682, 501684-501739, 501840-501842, 501847-501855, 501864-501871, 501874-501887 |
| ABB | 800XA, Rex640, RTU500 | 501186, 501193, 501614-501615, 501742-501746, 501839, 501845-501846 |
| Rockwell | 1756, Power Monitor | 501226, 501228, 501604, 501683, 501759, 501767-501830, 501956 |
| Janitza | umg | 501957-501963 |
| Ricoh | aficio, sp, mp | 501965-501993 |
| PhoenixContact | AXC | 501872-501873 |
| SEL | RTAC | 501168-501185 |
| Omron | CP1E, cj2m | 501225, 501603, 501948 |
| Eaton | 9000X, Power expert | 501191-501192, 501754 |
| Cisco | Nexus | 501229-501423, 501656-501659, 501844, 501862-501863, 501947 |
| Moxa | edr, eds, mb3, nport, mgate, pt, AWK, iologik | 501426-501586, 501605-501609 |
| Hitachi | RTU500 | 501741, 501889-501890 |
| Sprecher Automation | Sprecon | 501747-501750 |
| Festo | bus, cecx, cecc | 501755, 501856-501861 |
| Trane | Tracer | 501756-501757 |
| Johnson Controls Metasys | NAE55 | 501833 |
| Dell | emc, idrac | 501891-501930 |
| Axis | 501933-501946, 501964 | |
| Bosch | autodome, mic | 501949-501950, 501996-501997 |
| Mobotix | s14 | 501951-501954 |
新的 Tenable OT Security 设备签名范围
| 供应商 | 产品 |
|---|---|
| Argus Control Systems | CXC RMU |
| Axis | 网络摄像头 |
| Bosch | Conettix B426 |
| Bosch | AUTODOME/MIC 摄像头 |
| CISCO | NX-OS |
| Comtrol | DeviceMaster |
| Daktronics | VFC 控制器 |
| Dell | iDRAC 6/7/8/9 |
| Digi | 蜂窝路由器 (Connect ME) |
| Eaton | Eaton |
| Envitech | RTMS Sx-300 |
| Festo |
CECC CECX |
| GTT(全局流量技术) | Opticom 相位选择器 |
| Janitza | UMG 电源质量分析仪 |
| Mitsubishi | MELSEC WS/QS/F |
| Mobotix | M16 相机 |
| OMRON | G9SP/DST1 |
| Proxim Wireless | Tsunami QuickBridge 8200 系列 |
| Raritan | PX(配电装置) |
| Ricoh | Printers |
| Rockwell | Stratix |
| Rockwell |
PowerMonitor 1000 PowerMonitor 5000 |
| Schneider | MiCOM C264 |
| Schneider | Modicon |
| Schneider | Modicon |
| Siemens |
SCALANCE M 系列 SCALANCE S 系列 SCALANCE W 系列 SCALANCE X 系列 |
| Siemens | SICAM A8000 CP-805x |
| Siemens | RuggedCom APE1808 |
| Siemens | LOGO! |
| Siemens | Sicam A8000 |
| Siemens | RuggedCom |
| Siemens |
Sicam Q100 Sicam Q200 |
| Siemens | TDC |
| Sprecher Automation | Sprecher Automation RTU |
| Teleste | MPC 视频编码器 |
| Trane | Tracer 楼宇自动化系统 |
| Trane | Symbio |
| VBrick | 视频编码器(4000/5000/6000 系列 + BPS 7000) |
| Ver-Mac | VMS(可变消息标志) |
| Vertiv | 监视程序传感器 |
已知问题
基于角色的访问控制 (RBAC) 设置中权限级别的冲突会导致用户继承最宽松群体的权限。
缺陷修复
| 缺陷修复 | 缺陷 ID |
|---|---|
| SICAM 客户端连接现在会在执行查询后正确终止。 | 01759186 |
| 针对启用了 Modbus 协议的主机,减少了 UMAS 和 Modicon 的识别尝试次数。 | 01708470 |
| 通过集成发送到 Tenable Security Center 或 Tenable Vulnerability Management 的插件信息现在支持对 Tenable Nessus Network Monitor 和 Tenable Nessus 结果的缓解跟踪。 | 01649550 |
|
Tenable Nessus Network Monitor 的过时插件信息现在会在启动时,以及运行期间每 24 小时进行清理。 |
01678186 |
| 通过 Phoenix Contact 协议通信的 Bristol 控制器不再被错误分类为 Phoenix Contact。 | 01712135 |
|
OT 安全 现在在导入到 Tenable Security Center 时会正确显示 Microsoft Windows 软件的安装日期时间戳。 |
01741760 |
| 启用或禁用数据包捕获功能现在会在系统日志中生成事件。 | 不适用 |
API 变更日志
有关 API 的更多信息,请参阅“OT 安全 API 文档”页面。
Type AttachedMachine was removed
Type AttachedMachineConnection was removed
Type AttachedMachineEdge was removed
Type BackupDetails was removed
Enum value Backup was removed from enum Capability
Type FileInfo was removed
Type FileType was removed
Field backupCompression was removed from object type FlagList
Field backupPendingDownload was removed from object type FlagList
Type IemDetails was removed
Argument additionalParams: ActiveQueriesExecuteSpecialParam was removed from field Mutation.canRunActiveQuery
Type for argument assetId on field Mutation.canRunActiveQuery changed from ID to ID!
Argument considerPrevStats: Boolean was removed from field Mutation.canRunActiveQuery
Argument force: Boolean was removed from field Mutation.canRunActiveQuery
Field createBackup was removed from object type Mutation
Type PairedMachine was removed
Type PairedMachineConnection was removed
Type PairedMachineEdge was removed
Field PortPolicyGroup.group changed type from PortGroup! to PortGroup
Field fullSweep was removed from object type PortScan
Input field fullSweep was removed from input object type PortScanOptionsParams
Field ProtocolPolicyGroup.group changed type from ProtocolGroup! to ProtocolGroup
Field backupDetails was removed from object type Query
Field iem was removed from object type Query
Field machineInfo was removed from object type Query
Field requestFile was removed from object type Query
Enum value BackupPendingDownload was removed from enum RemovableFlags
Field RulePolicyGroup.group changed type from RuleGroup! to RuleGroup
Field SchedulePolicyGroup.group changed type from ScheduleGroup! to ScheduleGroup
Type SyncStatus was removed
Field TagPolicyGroup.group changed type from TagGroup! to TagGroup
Field UserGroup.id changed type from String! to ID!
Field ValuePolicyGroup.group changed type from ValueGroup! to ValueGroup
Enum value HoneywellCodeDownload was added to enum ActivityPolicyEvent
Enum value HoneywellCodeUpload was added to enum ActivityPolicyEvent
Enum value RediscoveredAsset was added to enum ActivityPolicyEvent
Asset object implements AttackVectorStepAsset interface
Enum value lastHit was added to enum AssetField
Enum value segmentsIds was added to enum AssetField
Enum value Filter was added to enum AssetGroupType
Enum value ReadEmIcps was added to enum Capability
Enum value ReadPairing was added to enum Capability
Enum value WriteEmIcps was added to enum Capability
Enum value WritePairing was added to enum Capability
Member RediscoveredAsset was added to Union type EventDetails
Enum value RediscoveredAssetEvent was added to enum EventGroupType
Member RediscoveredAssetDef was added to Union type ExtraParametersUnion
Enum value lastHit was added to enum LinkField
Enum value segmentsIds was added to enum LinkField
Argument trace: Boolean added to field Mutation.canRunActiveQuery
Argument AutoLogoutDurationInSeconds: Int added to field Mutation.changeConfiguration
Argument EnableClassificationBanner: Boolean added to field Mutation.changeConfiguration
Argument UiClassificationBannerColor: ClassificationBannerColor added to field Mutation.changeConfiguration
Argument UiClassificationBannerText: String added to field Mutation.changeConfiguration
Argument providersMapping: [GroupProviderParams!] added to field Mutation.editUserGroup
Argument zones: [String!] added to field Mutation.editUserGroup
Argument caching: Boolean added to field Mutation.newSyslogServer
Argument providersMapping: [GroupProviderParams!] added to field Mutation.newUserGroup
Argument zones: [String!] added to field Mutation.newUserGroup
Argument caching: Boolean added to field Mutation.setSyslogServer
Argument caching: Boolean added to field Mutation.testAdHocSyslogServer
Enum value HoneywellCodeDownload was added to enum PolicyEventType
Enum value HoneywellCodeUpload was added to enum PolicyEventType
Enum value RediscoveredAsset was added to enum PolicyEventType
Input field portScanRange of type PortScanRange was added to input object type PortScanOptionsParams
Enum value IcpPairingRequestPendingApproval was added to enum RemovableFlags
Enum value WaitingForEmCertApproval was added to enum RemovableFlags
Enum value InProgress was added to enum ServerStatus
Field unresolvedDstCount was added to object type ActivityExclusion
Field unresolvedSrcCount was added to object type ActivityExclusion
Field usageInfo was added to object type ArubaServer
Field lastHit was added to object type Asset
Field unresolvedCtr was added to object type AssetExclusion
Field usageInfo was added to object type AssetFunction
Field usedInRestrictions was added to object type AssetFunction
Field zones was added to object type AssetFunction
Field usageInfo was added to interface AssetGroup
Field usedInRestrictions was added to interface AssetGroup
Field zones was added to interface AssetGroup
Field usageInfo was added to object type AssetList
Field usedInRestrictions was added to object type AssetList
Field zones was added to object type AssetList
Field usageInfo was added to object type AssetTypeFamilyGroup
Field usedInRestrictions was added to object type AssetTypeFamilyGroup
Field zones was added to object type AssetTypeFamilyGroup
Field AttackVectorStep.dstAsset is deprecated
Field AttackVectorStep.dstAsset has deprecation reason Deprecated since 3.18 (Zones), use dstAssetOrIps instead
Field dstAssetOrIps was added to object type AttackVectorStep
Field AttackVectorStep.srcAsset is deprecated
Field AttackVectorStep.srcAsset has deprecation reason Deprecated since 3.18 (Zones), use srcAssetOrIps instead
Field srcAssetOrIps was added to object type AttackVectorStep
Type AttackVectorStepAsset was added
Type AttackVectorStepIps was added
Type ClassificationBannerColor was added
Field AutoLogoutDurationInSeconds was added to object type Config
Field EmIcpAutoApprove was added to object type Config
Field EnableClassificationBanner was added to object type Config
Field UiClassificationBannerColor was added to object type Config
Field UiClassificationBannerText was added to object type Config
Field unresolvedDstCount was added to object type ConversationExclusion
Field unresolvedSrcCount was added to object type ConversationExclusion
Field unresolvedDstCount was added to object type DNP3Exclusion
Field unresolvedSrcCount was added to object type DNP3Exclusion
Type EmPairingStatus was added
Type EmUser was added
Type EmUserConnection was added
Type EmUserEdge was added
Type EmUserGroup was added
Type EmUserGroupConnection was added
Type EmUserGroupEdge was added
Field usageInfo was added to object type EmailGroup
Field icpPairingRequestPendingApproval was added to object type FlagList
Field waitingForEmCertApproval was added to object type FlagList
Field usageInfo was added to object type FortiGateServer
Type GroupProviderParams was added
Field unresolvedDstCount was added to object type IEC104Exclusion
Field unresolvedSrcCount was added to object type IEC104Exclusion
Type IcpEmPairingCertificateDetails was added
Type IcpEmPairingStatus was added
Type IcpEmPairingStatusInfo was added
Type IcpSensorExpressionsParams was added
Type IcpSensorField was added
Type IcpSensorSortParams was added
Type IcpSensorSortParamsComplexFields was added
Field unresolvedDstCount was added to object type IntrusionDetectionExclusion
Field unresolvedSrcCount was added to object type IntrusionDetectionExclusion
Field lastSync was added to object type IoServer
Field syncDetails was added to object type IoServer
Field usageInfo was added to object type IoServer
Field usageInfo was added to object type IpList
Field usedInRestrictions was added to object type IpList
Field zones was added to object type IpList
Field usageInfo was added to object type IpRange
Field usedInRestrictions was added to object type IpRange
Field zones was added to object type IpRange
Field lastHit was added to object type LeanAsset
Field addEmUser was added to object type Mutation
Field approveEmIcp was added to object type Mutation
Field approveIcpEmPairingCertificate was added to object type Mutation
Field archiveEmUserGroup was added to object type Mutation
Field archiveZone was added to object type Mutation
Field createZone was added to object type Mutation
Field deleteEmIcp was added to object type Mutation
Field deleteEmUser was added to object type Mutation
Field deleteIcpEmPairing was added to object type Mutation
Field editEmUserGroup was added to object type Mutation
Field newEmUserGroup was added to object type Mutation
Field newRediscoveredAssetPolicy was added to object type Mutation
Field setEmPassword was added to object type Mutation
Field setEmUserGroups was added to object type Mutation
Field setEmUserInfo was added to object type Mutation
Field setEmUserPassword was added to object type Mutation
Field setIcpEmPairingApiKeyConfiguration was added to object type Mutation
Field setIcpEmPairingCredentialsConfiguration was added to object type Mutation
Field setRediscoveredAssetPolicy was added to object type Mutation
Field updateZone was added to object type Mutation
Field schedule was added to object type OneServer
Field usageInfo was added to object type OneServer
Field unresolvedCtr was added to object type OpenPortExclusion
Type PairedIcp was added
Type PairedIcpConnection was added
Type PairedIcpEdge was added
Field usageInfo was added to object type PaloAltoServer
Field cisaKnownExploitedDates was added to object type PluginDetails
Field mitigatedAt was added to object type PluginHit
Field status was added to object type PluginHit
Type PluginHitStatus was added
Field usageInfo was added to object type PortGroup
Field portScanRange was added to object type PortScan
Type PortScanRange was added
Field usageInfo was added to object type ProtocolGroup
Field emArchivedUserGroups was added to object type Query
Field emPairedIcp was added to object type Query
Field emPairedIcps was added to object type Query
Field emUser was added to object type Query
Field emUserGroup was added to object type Query
Field emUserGroups was added to object type Query
Field emUserGroupsEmLevel was added to object type Query
Field emUserGroupsICPLevel was added to object type Query
Field emUsers was added to object type Query
Field icpEmPairingPendingCertificate was added to object type Query
Field icpEmPairingStatus was added to object type Query
Field iemSensorsRaw was added to object type Query
Field isEm was added to object type Query
Field plugin was added to object type Query
Field Query.userGroup changed type from UserGroup to UserGroup!
Field zone was added to object type Query
Field zones was added to object type Query
Type RawIcpSensorComplexFieldParams was added
Type RawIcpSensorComplexFieldParamsComplexFields was added
Type RawIcpSensorComplexGroupingParams was added
Type RawIcpSensorComplexGroupingParamsComplexFields was added
Field usageInfo was added to object type RecurringGroup
Field usedInRestrictions was added to object type RecurringGroup
Type RediscoveredAsset was added
Type RediscoveredAssetDef was added
Type RediscoveredAssetEvent was added
Type RediscoveredAssetParams was added
Type ReferenceByType was added
Field referencesByType was added to object type Rule
Field usageInfo was added to object type RuleGroup
Field usageInfo was added to object type SMTPServer
Field lastSync was added to object type ScServer
Field syncDetails was added to object type ScServer
Field usageInfo was added to object type ScServer
Field unresolvedCtr was added to object type ScanExclusion
Field usageInfo was added to object type ScheduleFunction
Field usedInRestrictions was added to object type ScheduleFunction
Field usageInfo was added to interface ScheduleGroup
Field usedInRestrictions was added to interface ScheduleGroup
Field usageInfo was added to object type SegmentGroup
Field usedInRestrictions was added to object type SegmentGroup
Field zones was added to object type SegmentGroup
Object type Sensitivity has description Enum of Sensitivity
Field activeQueriesEnabled was added to object type Site
Field cpuUsagePercentage was added to object type Site
Field Site.host description changed from The host name of the system to The host name/IP of the system
Field memUsagePercentage was added to object type Site
Field onlineSensorsCount was added to object type Site
Field totalMemBytes was added to object type Site
Field totalSensorsCount was added to object type Site
Field caching was added to object type SyslogServer
Field usageInfo was added to object type SyslogServer
Field usedForSystemLog was added to object type SyslogServer
Field usageInfo was added to object type TagGroup
Field unresolvedDstCount was added to object type TagWriteExclusion
Field unresolvedSrcCount was added to object type TagWriteExclusion
Field usageInfo was added to object type TimeInterval
Field usedInRestrictions was added to object type TimeInterval
Type UsageInfo was added
Field unresolvedCtr was added to object type UsbChangeExclusion
Field User.passwordTime description changed from When did you set the password to Password set time
Field providersMapping was added to object type UserGroup
Field usageInfo was added to object type UserGroup
Field zones was added to object type UserGroup
Type UserGroupAuthProvider was added
Type UserGroupAuthProviderConnection was added
Type UserGroupAuthProviderEdge was added
Field idsRuleSetDate was added to object type Version
Field nessusPluginSetDate was added to object type Version
Type Zone was added
Type ZoneConnection was added
Type ZoneEdge was added
Type isEmMachine was added
Tenable OT Security 3.17.40 SP (2024-01-05)
新功能
Oracle Linux 8 支持
您现在可以通过 Oracle Linux 8 选项使用 Tenable Core 来安装 OT 安全。
被动监控支持
当您在 Oracle Linux 8 上运行 OT 安全 时,您可使用 ERSPAN(封装的远程交换机端口分析器)流量源进行被动监控。
改进
升级至 Tenable Nessus Network Monitor 6.3.1
OT 安全 现在支持 Tenable Nessus Network Monitor 6.3.1。
管理用户界面变更
随着 OT 安全 在 Oracle Linux 8 上发布,OT 安全 的登录流和管理页面也得到改进。
缺陷修复
| 缺陷修复 | 缺陷 ID |
|---|---|
| 修复了一个内存泄漏会在被动监控期间影响 Shepherd 容器的问题。 | 01735969 |
| 修复了一个导致 Tenable 插件无法离线更新的间歇性问题。 | 01712160 |
| 修复了定期重启应用程序会防止 Tenable Nessus Network Monitor 数据老化的问题。 | 01678186 |
| 修复了“Not In”运算符的策略忽略重复计划组的问题。 | 01687973 |
| 改进了针对包含不常见协议实现之设备的 BACNet 问询。 | 01640388 |
| 修复了代码下载活动期间 Siemens PLC Start 的错误策略警报问题。 | 不适用 |
| 修复了 Siemens SIMATIC Manager(第 7 步)“写入标签”警报,以检测和报告写入类型。 | 不适用 |
| 修复了 Siemens SIMATIC Manager(第 7 步)“写入标签”警报,以显示标签值和标签大小。 | 不适用 |
文件名和校验
文件名和 MD5 或 SHA-256 校验已发布在“Tenable OT Security 下载”页面。