Tenable OT Security 2024 版本说明

合规性仪表盘

• 合规性仪表盘让您可以使关键安全措施符合法规要求、跟踪进度和改进情况以及加强安全状况。有关更多信息，请参阅“合规性仪表盘”。

• OT Security 支持以下安全框架：CAF 原则、OTCC 子域、ISO 27001 控件和 NIS 2 指令（第 21 条）。

FOX TLS 快照

• 支持 Phoenix Contact ILC 快照。

• 包括用于跟踪 FOX TLS 配置变更的审计日志。

安全性强化措施

• 内部通信加密：模块之间的通信或与外部集成点的通信利用更强的加密密码。

• 内部数据库加密：OT Security 存储区域中应用了更高级别的加密密码。

漏洞

OT Security 现在能识别以下新漏洞：

有关 API 的更多信息，请参阅“Tenable OT Security API 文档”。

Enum value lastSnapshot was added to enum AssetField
Enum value BlockFoxDriver was added to enum BlockType
Enum value BlockFoxDriversProject was added to enum BlockType
Enum value AvgDays was added to enum FieldFunction
Enum value SecureModeFailure was added to enum IotConnectorStatus
Enum value UnknownFailure was added to enum IotConnectorStatus
Enum value lastSnapshot was added to enum LinkField
Argument snapshot: Boolean (with default value) added to field Mutation.newProtocolPolicy
Argument snapshot: Boolean (with default value) added to field Mutation.setProtocolPolicy
Enum value resolutionDuration was added to enum PolicyHitAggregationField
Type AggregationsAssetsExpressionsParams was added
Type AggregationsAssetsField was added
Type AggregationsAssetsSortParams was added
Type AggregationsAssetsSortParamsComplexFields was added
Field lastSnapshot was added to object type Asset
Field AssetMapTimeFrame was added to object type Config
Field lastSnapshot was added to object type LeanAsset
Type PluginHitsExpressionsParams was added
Type PluginHitsSortParams was added
Type PluginHitsSortParamsComplexFields was added
Type PluginsAssetsExpressionsParams was added
Type PluginsAssetsField was added
Type PluginsAssetsSortParams was added
Type PluginsAssetsSortParamsComplexFields was added
Field assetsExternalConn was added to object type Query
Field assetsExternalConnRaw was added to object type Query
Field eventAggregationsAssetsRaw was added to object type Query
Field pluginHits was added to object type Query
Field pluginHitsRaw was added to object type Query
Field pluginsAssetsRaw was added to object type Query
Field Query.pluginsRaw description changed from Raw dynamic query on plugins to Raw dynamic query on plugin hits
Type RawAggregationsAssetsComplexFieldParams was added
Type RawAggregationsAssetsComplexFieldParamsComplexFields was added
Type RawAggregationsAssetsComplexGroupingParams was added
Type RawAggregationsAssetsComplexGroupingParamsComplexFields was added
Type RawPluginHitsComplexFieldParams was added
Type RawPluginHitsComplexFieldParamsComplexFields was added
Type RawPluginHitsComplexGroupingParams was added
Type RawPluginHitsComplexGroupingParamsComplexFields was added
Type RawPluginsAssetsComplexFieldParams was added
Type RawPluginsAssetsComplexFieldParamsComplexFields was added
Type RawPluginsAssetsComplexGroupingParams was added
Type RawPluginsAssetsComplexGroupingParamsComplexFields was added
Type pluginHits was added

供应商和协议支持

• MOXA 发现协议 — OT Security 现在会主动检测 MOXA 设备并对其进行指纹采样。直接查询设备以进行识别。对 MOXA 设备进行主动查询需要 MOXA 凭据。

• Siemens SICAM 8050 RTU — OT Security 现在支持 Siemens SICAM 8050。您可以使用主动查询来对背板模块进行指纹采样。执行此操作需要 SNMP v3 凭据。

• Fox-TLS 协议

  • OT Security 现在会主动检测使用 FOX-TLS 协议的设备并对其进行指纹采样。

  • 对此类设备进行主动查询需要 FOX-TLS 凭据。

  • 已在 Phoenix Contact ILC 2050 BI 设备上进行测试。

高级 IoT 可见性

• OT Security 现在包含 IoT 连接器引擎，支持集成 IoT（物联网）或 VMS（视频管理系统）服务器。

• 您可以使用以下任何一种连接方法来集成 IoT/VMS 服务器：

  • 使用远程应用程序 API 服务

  • 使用代理

• 集成后，OT Security 会导入应用程序服务器管理的所有设备，例如摄像头、门禁系统、火灾报警面板等。

  有关更多信息，请参阅“IoT 连接器”。

资产关系

• OT Security 现在以可视化方式显示资产关系。

• 您可以使用单个资产页面上的“相关资产”选项卡来跟踪该资产的所有已知关系。

• OT Security 会根据查询和被动监控自动确定资产之间的关系，这样就无需手动修改这些关系。

• 相关资产基于设备的实际通信路径，这与依赖第 3 层（互联网协议或 IP）连接性的网络映射不同。

  有关更多信息，请参阅“相关资产”。

资产关系 - 嵌套 OT 设备

• 嵌套设备是指连接在可编程逻辑控制器 (PLC) 背板或设备后面的 PLC 或其他工业控制系统 (ICS) 模块。此设备类似于直接连接到通信适配器的变频驱动器 (VFD)。

• 在此版本中，OT Security 仅检测 Rockwell 设备和 Rockwell 连接类型（例如 CIP、DirectNet、ControlNet、DH+）的嵌套设备。

• OT Security 通过被动监控或使用背板扫描主动查询的方式来观察 OT 设备之间的嵌套关系。

• 在资产详细信息页面上，“相关资产”>“背板视图”处会列出所有相关资产。如果某个模块下存在嵌套设备，则会显示 图标。

  有关更多信息，请参阅“嵌套设备”。

资产关系 - IoT 连接器

• OT Security 将所有托管的 IoT 设备映射到其各自的应用程序服务器。

• 要查看由特定应用程序服务器管理的所有 IoT 设备，您必须配置 IoT 引擎，并从应用程序服务器同步资产。以 IP 摄像头为例，您可以查看管理该摄像头的 VMS 服务器。通过“清单”>“IoT 连接器”>“相关资产”页面导航至此 VMS 服务器，即可查看此 VMS 服务器管理的所有摄像头。

动态指纹识别引擎 (DFE) 更新

您现在可从云端更新动态指纹识别引擎 (DFE)。此功能的一些主要优点包括：

• 按需更新：直接从云端即时下载并应用最新的分类变更，确保清单始终处于最新状态。

• 增强灵活性：无需等待本地更新或新版本发布即可获取更多指纹信息，实现即时且持续的改进。

• 无缝集成：在新的指纹可用时将其纳入系统，在主要版本发布的间隔期间接收重要更新以增强响应能力。

  有关更多信息，请参阅“DFE 更新”。

可导出执行概述报告 PDF

• OT Security 现在提供生成执行概述报告并以 PDF 格式导出的选项。

• 要查看和下载“执行概述”报告，请转至“仪表盘”>“执行报告”。

• 此功能是对 OT Security 报告功能早期版本的增强。

有关更多信息，请参阅“生成执行报告”。

资产诊断报告导出

• 您现在可以导出资产的详细诊断报告，以用于支持目的。您还可以批量导出多个资产的诊断报告。有关更多信息，请参阅“导出诊断报告”。

Tenable Security Center 集成增强

• 从 Tenable Security Center 6.4 开始，与 OT Security 的集成会在 Tenable Security Center 中引入额外的上下文信息。

• 集成后，OT Security 的资产详细信息会与 Tenable Security Center 同步。这些资产详细信息包括：“名称”、“类型”、“类别”、“运行状态”、“固件版本”、“供应商”、“型号”、“系列”、“背板信息”、“MAC”、“普渡层”、“位置”和“说明”。

• 启用该功能无需进行特别的配置或设置，只需使用运行 OT Security 和 Tenable Security Center 的最新版本即可。

重新设计主动查询管理

• 主动查询现以信息卡片的形式提供，可根据需要进行自定义。

• 您可以为每种类型的主动查询创建查询变体，并像在早期版本中一样对其进行自定义。

• 状态列会显示主动查询是正在运行、已停止还是已暂停。

  有关更多信息，请参阅“管理主动查询”。

主动查询管理 — 执行历史记录

• 您现在可以下载最近一次查询执行详细信息的 CSV 导出文件。如果主动查询针对多个资产或协议，则此信息也会显示在导出的结果中。在初始设置期间，这有助于针对不同资产进行查询故障排除。有关更多信息，请参阅“下载最近一次的查询日志”。

主动查询管理 —“仍然尝试”按钮

• 您现在可以覆盖在故障排除期间主动查询尝试次数的限制。当您对主动查询所涉及的设备或网络进行任何防火墙或网络更改时，OT Security 现在提供“仍然尝试”选项，以便继续进行查询。

主动查询管理 — 添加了 Ping 查询

• OT Security 现在包含独立的 Ping 查询，该查询依赖于互联网控制消息协议 (ICMP) 来测试资产是否可路由或可访问。该查询本质上与在资产发现或资产追踪主动查询期间使用的 Ping 查询是一样的。

Pendo 工具集成

• 资源中心：直接在应用程序内访问多种有用资源：

  注意：访问资源中心需要连网。

  • 知识库搜索：在应用程序内搜索产品知识库 (KB)，快速获取答案和信息。

  • 功能更新：接收有关最新功能更新和新版发布的应用程序内通知。

  • 新用户欢迎流程：提供快速概览，展示产品的主要优点和关键功能，帮助您迅速熟悉产品。

Tenable One - 开放端口发现结果

• 当 OT Security 与 Tenable One 集成时，除了同步资产和漏洞之外，现在还能同步受监控资产上的开放端口。

• 您可以使用资产的开放端口信息进行动态标记，并揭示更多可能导致入侵的潜在攻击路径。

漏洞状态跟踪

• OT Security 现在会保留并展示已缓解（已修复）的漏洞。

• 在“漏洞”页面上查看资产或总体漏洞时，您现在可以查看未修复漏洞与已修复漏洞的对比情况。

• 已修复的漏洞在一年后将不再显示。

通用协议解析器

• OT Security 现在采用通用协议解析器，以便您快速添加协议检测功能。此解析器是 Tenable 研究中使用的内部工具。

• 通用解析器依赖于 LUA 脚本，并由嵌入式 Suricata IDS 引擎提供技术支持。

从“关于”视图访问帐户详细信息

激活 OT Security 后，您可以在“关于”视图中查看 Tenable 客户 ID。

要访问此信息，请在界面右上角单击用户名，然后从下拉菜单中选择“关于”。此视图会显示您的帐户详细信息，包括客户 ID。请注意，联系技术支持或 Customer Success 团队时需要提供此客户 ID。

• 如果在早期版本中启用了 SNMP 端口查询，您必须在“主动查询管理”设置下重新启用。

• 基于角色的访问控制 (RBAC) 设置中权限级别的冲突会导致用户继承最宽松群体的权限。

有关 API 的更多信息，请参阅“Tenable OT Security API 文档”。

Type ActiveQueriesOpType was removed
Field ActiveQuery.operation changed type from ActiveQueriesOpType! to OpType!
Field ActiveQueryBase.operation changed type from ActiveQueriesOpType! to OpType!
Field AssetDiscovery.operation changed type from ActiveQueriesOpType! to OpType!
Field PingEnabled was removed from object type Config
Enum value PingType was removed from enum DiscoveryQueryTypes
Enum value NessusAdvancedScan2Type was removed from enum FirewallOpType
Enum value NessusAdvancedScanType was removed from enum FirewallOpType
Field InactiveProbing.operation changed type from ActiveQueriesOpType! to OpType!
Enum value DnsType was removed from enum ItQueryTypes
Enum value InactiveAssetProbe was removed from enum ItQueryTypes
Enum value PortScanAssetEnrichment was removed from enum ItQueryTypes
Enum value PortScanQueryType was removed from enum ItQueryTypes
Type for argument operation on field Mutation.createActiveQuery changed from ActiveQueriesOpType! to OpType!
Field PortScan.operation changed type from ActiveQueriesOpType! to OpType!
Default value for argument countTimeout on field Asset.eventAggregations changed from 700 to 3000
Default value for argument countTimeout on field Asset.eventAggregationsRaw changed from 700 to 3000
Default value for argument countTimeout on field Asset.events changed from 700 to 3000
Default value for argument countTimeout on field Asset.eventsRaw changed from 700 to 3000
Default value for argument countTimeout on field Asset.plugins changed from 700 to 3000
Enum value VideoManagementSystem was added to enum AssetType
Default value for argument countTimeout on field Baseline.links changed from 700 to 3000
Enum value FoxTls was added to enum BasicCredentialsTypes
Enum value Moxa was added to enum BasicCredentialsTypes
Enum value NoSpaceLeftOnDevice was added to enum CannotUpdatePluginSetReason
Enum value NoSpaceLeftOnDevice was added to enum CannotUpdateSuricataRulesReason
Enum value IotConnectors was added to enum Capability
Enum value FoxTls was added to enum CredentialsType
Enum value Moxa was added to enum CredentialsType
Enum value SicamSnmp was added to enum CredentialsType
Enum value AssetDiscoveryType was added to enum DiscoveryQueryTypes
Enum value DnsType was added to enum DiscoveryQueryTypes
Enum value InactiveAssetProbe was added to enum DiscoveryQueryTypes
Enum value PortScanAssetEnrichment was added to enum DiscoveryQueryTypes
Enum value PortScanQueryType was added to enum DiscoveryQueryTypes
Default value for argument countTimeout on field EventAggregation.events changed from 700 to 3000
Enum value AssetDiscoveryType was added to enum FirewallOpType
Enum value osVersion was added to enum IcpSensorField
Default value for argument countTimeout on field Mutation.bulkEditAssets changed from 700 to 3000
Default value for argument countTimeout on field Mutation.bulkEditAssetsWithRemove changed from 700 to 3000
Default value for argument countTimeout on field Mutation.bulkHideAsset changed from 700 to 3000
Default value for argument countTimeout on field Mutation.bulkRestoreAsset changed from 700 to 3000
Default value for argument countTimeout on field Mutation.resolveEvents changed from 700 to 3000
Default value for argument countTimeout on field Plugin.affectedAssets changed from 700 to 3000
Enum value fixedAssets was added to enum PluginField
Enum value vprLevel was added to enum PluginField
Enum value CIP_ETHIP_UDP was added to enum ProtocolType
Enum value DOT1BR was added to enum ProtocolType
Enum value DOT1BR_CORRUPT was added to enum ProtocolType
Enum value MOXA_HTTP was added to enum ProtocolType
Enum value SICAM_SNMP was added to enum ProtocolType
Default value for argument countTimeout on field Query.assets changed from 700 to 3000
Default value for argument countTimeout on field Query.assetsForGrid changed from 700 to 3000
Default value for argument countTimeout on field Query.assetsPendingDeletion changed from 700 to 3000
Default value for argument countTimeout on field Query.assetsRaw changed from 700 to 3000
Default value for argument countTimeout on field Query.eventAggregations changed from 700 to 3000
Default value for argument countTimeout on field Query.eventAggregationsRaw changed from 700 to 3000
Default value for argument countTimeout on field Query.events changed from 700 to 3000
Default value for argument countTimeout on field Query.eventsForGrid changed from 700 to 3000
Default value for argument countTimeout on field Query.eventsRaw changed from 700 to 3000
Default value for argument countTimeout on field Query.groupedAssetsRaw changed from 700 to 3000
Default value for argument countTimeout on field Query.groupedEventsRaw changed from 700 to 3000
Default value for argument countTimeout on field Query.iemPluginsRaw changed from 700 to 3000
Default value for argument countTimeout on field Query.iemPolicies changed from 700 to 3000
Default value for argument countTimeout on field Query.iemRecentEvents changed from 700 to 3000
Default value for argument countTimeout on field Query.iemSensorsRaw changed from 700 to 3000
Default value for argument countTimeout on field Query.links changed from 700 to 3000
Default value for argument countTimeout on field Query.plugins changed from 700 to 3000
Default value for argument countTimeout on field Query.pluginsRaw changed from 700 to 3000
Argument countTimeout: Int (with default value) added to field Query.systemLog
Argument filter: SystemLogExpressionsParams added to field Query.systemLog
Argument search: String added to field Query.systemLog
Argument slowCount: Boolean added to field Query.systemLog
Argument sort: [SystemLogSortParams!] added to field Query.systemLog
Enum value SICAM_SNMP was added to enum RestrictedProtocolType
Enum value EmptyClientResponseError was added to enum SnapshotStatus
Enum value SicamSnmp was added to enum SnmpV3CredentialsTypes
Enum value VideoManagementSystem was added to enum UserDefinedAssetType
Field lastRunBy was added to interface ActiveQuery
Field usageInfo was added to interface ActiveQuery
Field lastRunBy was added to object type ActiveQueryBase
Field usageInfo was added to object type ActiveQueryBase
Type ActiveQueryExecution was added
Type ActiveQueryExecutionConnection was added
Type ActiveQueryExecutionEdge was added
Type ActiveQueryExecutionOnAsset was added
Type ActiveQueryExecutionOnAssetConnection was added
Type ActiveQueryExecutionOnAssetEdge was added
Type AgentConnector was added
Field activePlugins was added to object type Asset
Field fixedPlugins was added to object type Asset
Field relationships was added to object type Asset
Field lastRunBy was added to object type AssetDiscovery
Field usageInfo was added to object type AssetDiscovery
Type AssetRelationship was added
Type AssetRelationshipConnection was added
Type AssetRelationshipEdge was added
Type AssetRelationshipExpressionsParams was added
Type AssetRelationshipField was added
Type AssetRelationshipIoTConnectorsDetails was added
Type AssetRelationshipNesting was added
Type AssetRelationshipNestingCipIpDetails was added
Type AssetRelationshipNestingControlNetDetails was added
Type AssetRelationshipNestingDhPlusDetails was added
Type AssetRelationshipNestingUnknownDetails was added
Type AssetRelationshipSortParams was added
Type AssetRelationshipSortParamsComplexFields was added
Type CanDownload was added
Type CanUpdateDfe was added
Type CannotUpdateDfeReason was added
Type ChannelType was added
Field IotConnectorsAvailable was added to object type Config
Type ConnectionType was added
Field dstPort was added to object type Conversation
Field Conversation.port is deprecated
Field Conversation.port has deprecation reason Use dstPort instead
Directive deprecated was added to field Conversation.port
Field srcPort was added to object type Conversation
Type CoreOsVersion was added
Type DfeDownloadUrl was added
Type DfeInfo was added
Field customerId was added to object type EmLicenseDetails
Field id was added to object type EmUser
Type Error was added
Type ErrorCategory was added
Type ErrorKey was added
Type ErrorVariable was added
Type ErrorVariableConnection was added
Type ErrorVariableEdge was added
Type ExacqAddOptionsParams was added
Type ExacqConnector was added
Type ExacqEditOptionsParams was added
Field lastRunBy was added to object type InactiveProbing
Field usageInfo was added to object type InactiveProbing
Type IotConnectionMethod was added
Type IotConnectorInfo was added
Type IotConnectorInfoConnection was added
Type IotConnectorInfoEdge was added
Type IotConnectorStatus was added
Type IotConnectorType was added
Type IotConnectorWebProtocol was added
Field errors was added to object type Job
Field customerId was added to object type LicenseDetails
Type LogRecordField was added
Type MilestoneAddOptionsParams was added
Type MilestoneConnector was added
Type MilestoneEditOptionsParams was added
Type MobotixAddOptionsParams was added
Type MobotixConnector was added
Type MobotixEditOptionsParams was added
Field activeQueryExecutionsCsv was added to object type Mutation
Field addAgentIotConnector was added to object type Mutation
Field addExacqIotConnector was added to object type Mutation
Field addMilestoneIotConnector was added to object type Mutation
Field addMobotixIotConnector was added to object type Mutation
Field assetReport was added to object type Mutation
Field assetsReport was added to object type Mutation
Field createSnmpQuery was added to object type Mutation
Field deleteIotConnector was added to object type Mutation
Field editAgentIotConnector was added to object type Mutation
Field editExacqIotConnector was added to object type Mutation
Field editMilestoneIotConnector was added to object type Mutation
Field editMobotixIotConnector was added to object type Mutation
Field editSnmpQuery was added to object type Mutation
Field testAgentIotConnector was added to object type Mutation
Field updateDfe was added to object type Mutation
Type OpType was added
Field fixedAssets was added to object type Plugin
Field Plugin.totalAffectedAssets description changed from Total affected assets on the plugins, with no regard to the filter to Total affected assets on the plugin, with no regard to the filter
Field totalFixedAssets was added to object type Plugin
Field vprLevel was added to object type Plugin
Field lastRunBy was added to object type PortScan
Field usageInfo was added to object type PortScan
Field activeQueryExecutions was added to object type Query
Field activeQueryExecutionsOnAsset was added to object type Query
Field canOfflineUpdateDfe was added to object type Query
Field canOnlineUpdateDfe was added to object type Query
Field dfeDownloadUrl was added to object type Query
Field dfeInfo was added to object type Query
Field iotConnector was added to object type Query
Field iotConnectors was added to object type Query
Type QuerySource was added
Type RelationshipDirection was added
Type RelationshipType was added
Field osVersion was added to object type SensorDetails
Type Snmp was added
Type SnmpOptionsParams was added
Type SystemLogExpressionsParams was added
Type SystemLogSortParams was added
Type SystemLogSortParamsComplexFields was added
Field id was added to object type User
Type VprLevel was added

• 升级过程期间可能出现一个问题，需要您调整 /tmp 分区的大小。如果由于空间不足导致升级失败，请调整 /tmp 分区的大小。

文件名和 MD5 或 SHA-256 校验已发布在“OT Security 下载”页面。

EM-ICP 配对迁移

• 升级到版本 3.18 后，重新配对所有之前链接的站点或 ICP。

• 新升级的 Tenable OT Security Enterprise Manager (OT Security EM) 3.18 版没有链接的站点，因此您需要配对 ICP。

• 升级 OT Security EM 之前，务必将已配对的站点 (ICP) 列表记录下来。

• 如果您未能对之前链接的站点生成快照或进行记录，可使用脚本获取这些详细信息。如需帮助，请联系 Tenable 支持部门。

Enterprise Manager (EM) — 许可

• OT Security EM 现在具有用于激活控制台的产品内许可。

• 所有 OT Security EM 客户都应具有 EM 专用的 20 位激活代码。

• 如果您没有 EM 激活代码，请联系 Customer Success Manager。

ICP 升级期间的许可证强制执行

• 升级 Tenable OT Security (ICP) 时，许可证必须有效才能开始更新。

• 如果许可证已超出限制或过期，许可证将不再自动更新或者您需要重新应用许可证。

供应商和协议支持

• Honeywell C300 — OT Security 包括以下可检测代码上传和下载事件的新策略。

  • Honeywell 代码下载

  • Honeywell 代码上传

• Siemens SICAM 8050 RTU — OT Security 现在通过 SNMP v3 支持 Siemens SICAM 8050 RTU。可以直接向这些设备发送查询，以对其进行检测和指纹采样。用于对这些 RTU 进行指纹采样的主动查询依赖 SNMP v3，该版本要求提供 SNMPv3 凭据。

基于角色的访问控制 (ICP)

OT Security 现在包含对“本地设置”>“用户管理”所做的以下更改：

• 产品管理员现在可使用区域配置用户组的权限。

• 可配置的区域基于资产组。

• 这些区域确定了用户或组可以查看的资产。

• 用户只能查看属于其用户组的资产，以及与这些资产相关的漏洞和事件。

• OT Security 负责监控区域外的资产，但对相关区域之外的用户隐藏这些资产。

• 您可以将非管理员帐户配置为归属于特定组和区域，以限制其对相关资产的可见性。

Enterprise Manager - 基于角色的访问控制

OT Security EM 现在包含对“本地设置”>“用户管理”所做的以下更改：

• 包含用于控制每个链接站点的可见性和管理权限的设置。

• 您现在可以控制哪些用户组可以访问每个 OT Security ICP。

• 您现在可以在 OT Security EM 和 ICP 级别配置用户的权限。每个 EM 用户现在都可以访问链接的 ICP，并将访问权限设置为只读或写入。

Enterprise Manager - 身份验证提供程序（LDAP、AD 和 SAML）支持

• 在 OT Security EM 中，您现在可以利用 SSO 提供程序 (SAML) 进行身份验证。

• OT Security EM 现在支持配置 AD 和 LDAP 身份验证。

Enterprise Manager - 通过 OT Security 界面实现 ICP-EM 配对过程

• 您现在可以使用 OT Security 中的 Enterprise Manager 页面将 ICP 与 OT Security EM 配对。您可以使用 API 密钥或用户名和密码进行配对。

• Enterprise Manager 页面包含将 ICP 与 EM 配对的分步指南。

• 在 OT Security 中，您可通过“本地设置”>“系统配置”>“Enterprise Manager”访问该页面。有关更多信息，请参阅“将 ICP 与 Enterprise Manager 配对”。

可自定义的分类横幅

• OT Security 现在在“本地设置”>“设备”页面中包含“分类横幅”选项。出于合规性目的，您可以使用此选项在 OT Security 界面上启用持久性横幅。例如：向界面添加横幅“机密”。

• 为符合 DFARS 252.204-7012 的规定，您现在可以相应地为此类 CUI（受控非密信息）或敏感数据设置该横幅。

• 用户无法清除或隐藏此横幅或分类标记。此全局设置影响所有 OT Security 用户。

Tenable One — 发现结果和缺陷

• 如果您已将 OT Security 与 Tenable One 集成，现在无需进一步配置，即可在 Tenable One 中查看并优先处理 OT Security 漏洞。

• 升级到最新版本后，您可以在 Tenable One 中同时访问资产上下文和漏洞详细信息。

“重新发现的资产”策略

• OT Security 现在包含新策略：重新发现的资产。

• “重新发现的资产”策略可让您跟踪在特定时间段内处于离线状态的资产。

• 默认策略名称为“在资产无活动两小时后重新发现”。

• 您可以通过“策略”>“网络事件”>“重新发现的资产”创建此策略。

自定义威胁检测 (IDS) 签名

• 现在，您可以将所有 IDS 特定的入侵指标 (IoC) 手动上传到 OT Security。

• 您现在可使用命令行将 Suricata 格式化的 IDS 规则导入 OT Security。

Syslog 事件警报缓存（“存储并转发”）

• 若在使用 TCP Syslog 时出现连接中断的情况，OT Security 会缓存事件并在网络连接重新建立后发送这些事件。

• 在“本地设置”>“Syslog 服务器”中创建新的 Syslog 服务器时，“允许 syslog 消息缓存”选项可用。

• 在连接中断时，OT Security 会按排队顺序即时发送缓存的事件。

Enterprise Manager — 站点传感器可见性

• OT Security EM 现在包括以下两个传感器特定的小组件：

  • 传感器状态：表示在线与离线传感器的数量。

  • 每个站点的传感器数：表示链接到 OT Security EM 的每个站点的在线或离线传感器的数量。

Enterprise Manager — 许可

• OT Security EM 现在具有用于激活控制台的产品内许可。如果您没有 EM 的激活代码，请联系 Customer Success Manager。

Enterprise Manager — 设备详细信息

• OT Security EM 包含关于所有配对的 OT Security 设备 (ICP) 的以下额外指标：

  • CPU 利用率、内存、磁盘、插件及 IDS 时间戳，以及许可证属性和消耗情况。

  • “ICP”页面的“传感器”列显示传感器总数以及在线传感器数量。该列还包含指向该站点的“传感器”页面的链接。

身份验证服务器的新配置工作流

• OT Security EM 现在包含经过简化的 AD/SSO/LDAP 配置工作流。

• 您现在可以将 OT Security 中的用户组分配到特定的身份验证服务器。

• 此改进的身份验证服务器工作流会同时影响 OT Security 和 OT Security EM。

对 KEV 插件属性的支持

若 OT Security 检测到的任何漏洞已收录在美国网络安全和基础设施安全局 (CISA) 已知被利用漏洞 (KEV) 目录中，页面现在会显示其到期日期。KEV 目录有助于安全团队确定应首先修复哪些风险，从而降低对组织构成的最大威胁。有关更多信息，请参阅“已知被利用漏洞”。

Tenable 软件更新

OT Security 现已更新到最新版本的 Tenable Nessus 和 Tenable Nessus Network Monitor。

多个身份验证服务器

OT Security 现在支持多个身份验证服务器，以便于在组织中使用多种 SSO 或 LDAP 服务。

主动查询 — 多端口配置

OT Security 现在可以发起针对单个协议的多个端口的主动查询。如果您的组织对同一协议使用多种网络端口，您可以告知 OT Security 检查所有可能的端口以获取有关设备或服务的详细信息。

许可证升级要求

更新 OT Security 时，确保许可证未过期或超出限制。如果出现这种情况，请在完成软件更新后重新为系统授权。

对 WMI 安装软件的改进 — Windows LTSC 支持

Windows 长期服务通道 (LTSC) 设备上的 WMI 查询现在可以准确请求并列出所有安装的软件。

备份和还原 - 由 Tenable Core 提供支持

备份和还原功能已从 OT Security 中移出，并在 Tenable Core 中启用，以便您可以在 OT Security 中管理备份并还原备份。您现在可以在 Tenable Core 中的“备份/还原”下配置系统备份。有关更多信息，请参阅《Tenable Core 用户指南》中的“还原备份”。

DNS 配置变更

DNS 服务器配置已从 OT Security 移动到 Tenable Core 中的“网络”页面。

漏洞

OT Security 现在能识别以下新漏洞：

基于角色的访问控制 (RBAC) 设置中权限级别的冲突会导致用户继承最宽松群体的权限。

Oracle Linux 8 支持

您现在可以通过 Oracle Linux 8 选项使用 Tenable Core 来安装 OT Security。

被动监控支持

当您在 Oracle Linux 8 上运行 OT Security 时，您可使用 ERSPAN（封装的远程交换机端口分析器）流量源进行被动监控。

升级至 Tenable Nessus Network Monitor 6.3.1

OT Security 现在支持 Tenable Nessus Network Monitor 6.3.1。

管理用户界面变更

随着 OT Security 在 Oracle Linux 8 上发布，OT Security 的登录流和管理页面也得到改进。

文件名和 MD5 或 SHA-256 校验已发布在“Tenable OT Security 下载”页面。