Tenable OT Security 2025 版本说明

提示:您可以订阅以接收关于 Tenable 文档更新的提醒。

Tenable OT Security 4.2.40 SP 3 (2025-05-28)

错误修复 缺陷 ID
Tenable OT Security 可确保 SNMP 查询中的获取邻居选项返回的数据不再造成不必要的资产合并。 不适用
现在,主动查询失败的德语错误消息会以正确格式显示。 不适用
Tenable OT Security 现在可确保系统在升级期间仅保留两个最近版本的备份数据,从而丢弃较早版本的备份数据。 不适用

Tenable OT Security 4.2.38 SP 2 (2025-05-09)

OT Security 将嵌入式 Nessus 版本更新至 10.8.4,以响应最近的安全公告。

Nessus 在较早的 OT Security 版本中不受此漏洞影响。

有关更多信息,请参阅“Tenable 产品安全公告”。

错误修复 缺陷 ID
容器日志存储功能已优化,能够更高效地使用磁盘空间,避免设备因空间不足而受到影响。 02234368
OT Security 现在可确保导入更新的资产详细信息 CSV 文件操作(通过“数据源”>“使用 CSV 文件更新资产详细信息”)能够按照预期正常运行。 01406014
OT Security 确保 IoT 容器不再妨碍应用程序的启动或初始化。 02236749

文件名和 MD5 或 SHA-256 校验和已发布在“OT Security 下载”页面。

2025 年 5 月 8 日

Tenable 很高兴地宣布,云产品 Workspace 已迎来多项重要升级!我们重新设计了 Workspace,以便您更方便地查看和访问 Tenable 产品:

  • 优化的产品概述:您现在可以轻松查看已购买的产品,以及一系列可供探索的其他产品。

  • 详细的产品信息:可查看更多产品详情并观看演示,以便您深入了解每款产品的功能。

  • 产品使用情况:我们新增了一项使用情况功能,可显示您对已订阅产品的使用百分比。您可以借此快速跳转至“许可证信息”页面。

  • 试用状态可见性:如果您当前正在评估某款产品,或在过去一年内曾进行过试用,您现在可以直接在 Workspace 中查看试用状态(试用中试用已过期)。

这些改进旨在帮助您充分利用 Tenable 解决方案,并探索提升安全态势的新方法。如要了解详情,请通过任意 Tenable 云应用程序访问 Workspace 页面。

Tenable OT Security 4.2.33 SP (2025-04-22)

此版本解决了阻止升级到 4.2 的问题。

错误修复 缺陷 ID
Tenable OT Security 现在可确保引用不存在的 IP 的开放端口不再阻止升级。 不适用

文件名和 MD5 或 SHA-256 校验和已发布在“OT Security 下载”页面。

Tenable OT Security 4.2.32 (2025-04-16)

基于 SNMP 的高级网络发现和抓取程序

SNMP 抓取程序可增强第 2 层可见性,使安全团队能够全面了解 OT 网络拓扑。与许多安全供应商不同,OT Security 利用 SNMP 数据来发现和映射所有连接的设备和交换机,甚至包括无法主动连接或被动监控的设备和交换机。

  • 在 SNMP 凭据可用时,OT Security 中新的发现引擎会使用 SNMP 查询来发现连接到交换机的新设备。

  • 相关资产下,OT Security 会跟踪资产及与之连接的设备。例如,交换机及与之连接的资产。OT Security 还表示与资产连接的端口。

  • 您可以使用 SNMP 查询或 SNMP 初始扩充中的获取邻居选项来获取附近设备的详细信息。

智能硬件生命周期管理

对于您环境中的 OT/IoT 设备,利用强大的生命周期结束插件库来管理硬件投资的生命周期,以此补充现有的软件 EOL 跟踪功能。

  • 扩展供应商支持,新增 Schneider 和 Siemens 这两家生命周期跟踪服务供应商。插件会报告新的资产漏洞,并要求这些供应商表示是否可以提供修复支持。

  • 清单页面中,为生命周期增加新的设备属性过滤器。

灵活部署 Windows 版 OT Security(测试版)

借助新的传感器部署选项,您无需使用专用设备即可直接在 Windows 设备上安装 OT Security 传感器。这为未来的集成铺平了道路,包括潜在的 Nessus 兼容性。

  • 一款早期产品,允许您执行各种 OT 查询(例如发现、识别)以及从 Windows 计算机到 OT 设备(如 PLC)的背板查询。

  • 显示在分段或隔离子网内执行的操作,即使在只有 PC 可用或无法部署 OT Security 设备的环境中也是如此。

IoT 连接器改进

通过从联网的 IoT 和视频管理系统 (VMS) 中进行高级数据提取,更深入地了解与 IoT 相关的风险。增强对在 Windows 和已安装 Ubuntu 的 IoT 代理上使用凭据进行身份验证的支持可以扩展集成功能,从而改善资产可见性和大规模管理能力。

  • 对底层 IoT 引擎进行了大量性能改进和稳定性修复。

  • 支持使用 VMS 凭据,这可以有效地使受支持的 VMS 矩阵加倍。

  • IoT 连接器还提供资产名称、型号和流等详细信息。

主导航菜单更改

经过重新设计的用户体验可以简化 OT Security 的导航。最新的导航更新简化了访问和管理关键 OT Security 数据的方式,以加快通用工作流。更新包括经过重构的主工具栏、用于快速访问资产清单、发现结果和事件详细信息的直观侧面板。

  • 包括新增一个整合了策略主动查询管理数据收集类别,以及新的数据源页面。

  • 清单页面重新组织为页内选项卡,以便快速访问。

  • 网络映射页面现已移至网络类别,以提高上下文可见性。

更少的重新启动操作

  • 对于各种配置更改,OT Security 将不那么频繁地重新启动。每当需要重新启动系统时,OT Security 会改为选择重新启动应用程序。

对 Microsoft Hyper-V 部署的支持

  • 在 Microsoft Hyper-V 上,您现在可以使用 .zip 文件将 OT Security 部署为虚拟机。

支持 KVM、Proxmox、Nutanix、libvirt 部署

  • 现在,您可以使用 qcow2 映像文件来部署 OT Security,以启用对基于 KVM 的虚拟化平台的支持。

Tenable 软件更新

嵌入式 Tenable 应用程序、Nessus 和 Nessus Network Monitor 现在都已升级到最新版本。

漏洞

Tenable 会识别此版本中的多个新漏洞。请在此处查看完整列表。

新的 Tenable OT Security 设备指纹引擎 (DFE) 覆盖范围

供应商 产品
ABB AC 系列驱动器
Automated Logic Corp

WebCtrl 工业网关

WebCtrl BMS 控制器

Optiflex for WebCtrl
Benning 监控控制单元 (MCU)
Cisco 小型企业交换机
Dahua Security 摄像头和录像机
Ingeteam INGECON 光伏逆变器
Microhard 蜂窝调制解调器
Schneider Powerlogic HDPM
Schneider Electric

ACM 功率计

PowerLogic EGX
Siemens Siprotec5 以太网通信模块
Walchem WMT 散热塔控制器
错误修复 缺陷 ID
OT Security 未更新 IoT 连接器报告为离线的资产上的上次查看时间戳。 不适用
OT Security 移除了对在 Rockwell ControlLogix 设备上拍摄 PLC 代码快照期间捕获的标签数量的限制。 不适用
恢复到 4.2 之前的版本不再因 Tenable Core 依存关系而失败。 不适用
SNMPv3 凭据现在可以正确获取 SNMP 端口状态或 SNMP 连接的邻居。 不适用
对于单个资产,一些漏洞插件现在会正确将状态显示为“未修复”或“已修复”。 482636

有关 OT Security API 的更多信息,请参阅“API 文档”。

复制 
Enum value discontinuedDate was added to enum AggregationsAssetsField
Enum value hardwareState was added to enum AggregationsAssetsField
Enum value lifecycleStatus was added to enum AggregationsAssetsField
Enum value replacementProduct was added to enum AggregationsAssetsField
Enum value discontinuedDate was added to enum AssetField
Enum value hardwareState was added to enum AssetField
Enum value lifecycleStatus was added to enum AssetField
Enum value replacementProduct was added to enum AssetField
Enum value OtAgent was added to enum AssetSourceType
Enum value ReadOtAgents was added to enum Capability
Enum value ReadOverlappingIps was added to enum Capability
Enum value WriteOtAgents was added to enum Capability
Enum value WriteOverlappingIps was added to enum Capability
Enum value EmUpdateRequired was added to enum ErrorCategory
Enum value LicenseInactive was added to enum ErrorCategory
Enum value discontinuedDate was added to enum LinkField
Enum value hardwareState was added to enum LinkField
Enum value lifecycleStatus was added to enum LinkField
Enum value replacementProduct was added to enum LinkField
Enum value id was added to enum LogRecordField
Argument options: AgentAddOptionsParams added to field Mutation.addAgentIotConnector
Argument options: AgentEditOptionsParams added to field Mutation.editAgentIotConnector
Enum value OtAgent was added to enum OpenPortsSource
Enum value discontinuedDate was added to enum PluginsAssetsField
Enum value hardwareState was added to enum PluginsAssetsField
Enum value lifecycleStatus was added to enum PluginsAssetsField
Enum value replacementProduct was added to enum PluginsAssetsField
Argument countTimeout: Int (with default value) added to field Query.origins
Argument filter: OriginExpressionsParams added to field Query.origins
Argument search: String added to field Query.origins
Argument slowCount: Boolean added to field Query.origins
Argument sort: [OriginSortParams!] added to field Query.origins
Enum value BACnet was added to enum RelationshipType
Enum value Gateway was added to enum RelationshipType
Enum value SnmpCrawler was added to enum RelationshipType
 Input field queryNeighbors of type Boolean was added to input object type SnmpOptionsParams
Enum value assetDiscontinuedDate was added to enum findingField
Enum value assetHardwareState was added to enum findingField
Enum value assetLifecycleStatus was added to enum findingField
Enum value assetReplacementProduct was added to enum findingField
Type AgentAddOptionsParams was added
Field hasVmsCredentials was added to object type AgentConnector
Field version was added to object type AgentConnector
Field vmsConnectionStatus was added to object type AgentConnector
Field vmsDbIp was added to object type AgentConnector
Field vmsDbPort was added to object type AgentConnector
Field vmsPassword was added to object type AgentConnector
Field vmsUsername was added to object type AgentConnector
Type AgentEditOptionsParams was added
Type AgentVmsConnectionStatus was added
Field discontinuedDate was added to object type Asset
Field hardwareState was added to object type Asset
Field lifecycleStatus was added to object type Asset
Field replacementProduct was added to object type Asset
Type AssetRelationshipBacnetDetails was added
Type AssetRelationshipGatewayDetails was added
Type AssetRelationshipSnmpCrawlerDetails was added
Field version was added to object type ExacqConnector
Field FlagList.graphQLToggle is deprecated
Field FlagList.graphQLToggle has deprecation reason Deprecated since 4.2, flag not used anymore
Directive deprecated was added to field FlagList.graphQLToggle
Field FlagList.initialized is deprecated
Field FlagList.initialized has deprecation reason Deprecated since 4.2, flag not used anymore
Directive deprecated was added to field FlagList.initialized
Field FlagList.ipChange is deprecated
Field FlagList.ipChange has deprecation reason Deprecated since 4.2, flag not used anymore
Directive deprecated was added to field FlagList.ipChange
Type HardwareState was added
Field version was added to interface IotConnectorInfo
Field discontinuedDate was added to object type LeanAsset
Field hardwareState was added to object type LeanAsset
Field lifecycleStatus was added to object type LeanAsset
Field replacementProduct was added to object type LeanAsset
Field version was added to object type MilestoneConnector
Field version was added to object type MobotixConnector
Field bulkEditSensors was added to object type Mutation
Directive deprecated was added toArgument location of field initSystem in type Mutation
Directive deprecated was added toArgument time of field initSystem in type Mutation
Field reloadAuthProviderAfterChange was added to object type Mutation
Field supportActive was added to object type Origin
Type OriginExpressionsParams was added
Type OriginSelectField was added
Type OriginSortParams was added
Type OriginSortParamsComplexFields was added
Type SensorsBulkAction was added
Field queryNeighbors was added to object type Snmp
Field id was added to object type SystemLog
Field SystemLog.timeStamp is deprecated
Field SystemLog.timeStamp has deprecation reason Use lowercase timestamp instead
Directive deprecated was added to field SystemLog.timeStamp
Field timestamp was added to object type SystemLog

文件名和 MD5 或 SHA-256 校验和已发布在“OT Security 下载”页面。

Tenable OT Security 4.1.45 SP (2025-03-19)

错误修复 缺陷 ID
OT Security 现在可确保资产不再被错误地分类为 Dahua IP 摄像头。 不适用
创建新的或重复的网络基线偏差策略现在可以按预期进行。 不适用
执行报告功能现在可以毫无问题地生成报告。 不适用
升级期间,OT Security 可确保当前 Influx 进程在运行更多 Influx 设置脚本之前完成加载。 不适用
OT Security 可确保缺少实例 ID 的 BACnet 资产现在按预期显示这些 ID。 不适用

Tenable OT Security 4.1.38 (2025-02-20)

重叠 IP 地址支持

  • 在重用相同 IP 地址范围的网络中,OT Security 通过使用传感器进行区分,以防止意外的资产合并。

  • 重用 IP 范围的每个网络实例都需要专用的传感器。例如,具有相同 IP 配置的三条生产线需要三个独立的传感器,以确保区分每条生产线的资产。

    有关更多信息,请参阅“重复的内部网络”。

IEC 变电站可见性

  • 您现在可以导入变电站配置数据以增强资产清单,如此一来 OT Security 便能够针对变电站的错误配置提供关键安全见解。有关更多信息,请参阅“SCD 文件”。

改进的 Nessus VM 扫描控制

Tenable 现在在 OT Security 中为用户定义的 Nessus 扫描引入了以下新配置选项。创建扫描时,您可以调整其速度、详细程度和强度。有关更多信息,请参阅“Nessus 插件扫描”。

  • 全面测试

    • 执行扫描时,Nessus 可以对系统运行额外的深入检查。启用此选项可增强扫描的完整性,但同时也会增加扫描的持续时间。

    • 定期使用全面扫描有助于提升“AI Aware”功能在 OT Security 中的表现。

  • 更高的详细程度

    • 某些插件可以在扫描过程中生成数据更丰富的输出。但是,您必须启用此设置,插件才能在其输出中包含额外的数据。

    • 如果选中此选项,扫描输出将包括以下信息性插件:56310、64582 和 58651。

  • 扫描性能

    • Tenable 现在支持管理员自定义各个 Nessus 扫描的性能。这些设置包括同时针对一个目标评估的插件数量、并发扫描目标计数和超时秒数。

    • 降低最大检查数和最大主机数的值可以减少扫描的影响。然而,这也可能增加扫描的持续时间。

AI Aware 检测

Tenable 的新 AI 检测功能有助于您监控自己的人工智能应用程序和服务。OT Security 会从授权扫描中获取数据,然后在“发现结果”或“漏洞”工作台上显示这些数据。

合规性仪表盘:NERC-CIP 支持

合规性仪表盘现在支持映射 NERC CIP 中可通过 OT Security 检测的控制措施。

Enterprise Manager:集中更新

OT Security EM 4.1 版本开始,系统管理员可以将其配对的 ICP(运行 4.0 或更高版本)远程升级到与 EM 相同的版本。有关更多信息,请参阅“ICP 更新”。

虽然此功能是在 OT Security 4.0 中引入的,但从版本 4.1 开始才可以使用。

重要:为使 EM 集中式更新生效,ICP 必须能够在端口 28305 和 8000 (TCP) 上访问 EM。

发现结果的 CVSSv3 分数:发现结果和漏洞表现在新增一个额外的 CVSSv3 列。

清单的“全选”功能:“全选”复选框已在“清单”页面中恢复,以便用户更方面地进行多选。

传感器主动查询 — 批量配置:您现在可以批量选择并启用或禁用传感器的主动查询行为。

网络端口配置:通过 Tenable Core Cockpit 接口在端口 8000 上配置网络端口。您现在可以在应用程序外部查看和配置每个网络接口的角色。例如:启用拆分端口。

漏洞

Tenable 会识别此版本中的多个新漏洞。请在此处查看完整列表。

新的 Tenable OT Security 设备指纹引擎 (DFE) 覆盖范围

供应商 产品
Moxa MGate 5000 系列
Sprecher Automation RTU
Elspec G5 数字故障记录仪
Wiesemann & Theis ComServer
Honeywell Experion C300PM、C300OM
Wago 控制器 750、PFC

有关 OT Security API 的更多信息,请参阅“API 文档”。

复制 
Field ntpChange was removed from object type FlagList
 Field ntpFault was removed from object type FlagList
 Field ntpServersUnreachable was removed from object type FlagList
 Field emSetSystemTime was removed from object type Mutation
 Argument keepNetworkConfig: Boolean! was removed from field Mutation.factoryReset
 Field setSystemTime was removed from object type Mutation
 Input field origins of type [String!] was added to input object type AssetDiscoveryOptionsParams
 Enum value Scd was added to enum AssetSourceType
 Enum value AlreadyExists was added to enum ErrorCategory
 Enum value ContentTooBig was added to enum ErrorCategory
 Enum value FailedToAllocateOverlapping was added to enum ErrorCategory
 Enum value NotContainingAnyAssets was added to enum ErrorCategory
 Enum value OverlappingNetsAlreadyInOrigin was added to enum ErrorCategory
 Enum value Processing was added to enum ErrorCategory
 Member IEC61850SubscribeFailure was added to Union type EventDetails
 Member IEC61850UnauthorizedWrite was added to Union type EventDetails
 Enum value IEC61850 was added to enum ExclusionType
 Enum value IEC61850SubscriptionFailure was added to enum IDSSrcDstEvent
 Enum value IEC61850UnauthorizedWrite was added to enum IDSSrcDstEvent
 Enum value awaitingFirstUse was added to enum IcpSensorField
 Enum value origin was added to enum IcpSensorField
 Argument origins: [String!] added to field Mutation.editNessusUserScan
 Argument settings: NessusUserScanSettingsArgs added to field Mutation.editNessusUserScan
 Argument origin: ID added to field Mutation.editSensor
 Argument origins: [String!] added to field Mutation.newNessusUserScan
 Argument settings: NessusUserScanSettingsArgs added to field Mutation.newNessusUserScan
 Argument origin: String added to field Mutation.testAdHocBasicCredentials
 Argument origin: String added to field Mutation.testAdHocPasswordOnlyCredentials
 Argument origin: String added to field Mutation.testAdHocSnmpV2Credentials
 Argument origin: String added to field Mutation.testAdHocSnmpV3Credentials
 Argument origin: String added to field Mutation.testCredentials
 Enum value cvss3Score was added to enum PluginField
 Enum value cvss3Score was added to enum PluginsAssetsField
 Enum value IEC61850SubscriptionFailure was added to enum PolicyEventType
 Enum value IEC61850UnauthorizedWrite was added to enum PolicyEventType
 Argument origins: [String!] added to field Query.getDiscoveryEstimation
 Argument dbOnly: Boolean added to field Query.nessusUserScan
 Argument dbOnly: Boolean added to field Query.nessusUserScans
 Enum value SensorAwaitingFirstUse was added to enum RemovableFlags
 Enum value pluginCvss3Score was added to enum findingField
Field origins was added to object type AssetDiscovery
Field scdSubscriptionsRecoByIedCsvIsRunning was added to object type FlagList
Field scdSubscriptionsRecoCsvIsRunning was added to object type FlagList
Field sensorAwaitingFirstUse was added to object type FlagList
Type IEC61850Exclusion was added
Type IEC61850SubscribeFailure was added
Type IEC61850UnauthorizedWrite was added
Type IcpUpdateStatus was added
Type IecReportClient was added
Type IecReportClientConnection was added
Type IecReportClientEdge was added
Field bulkEditSensorActive was added to object type Mutation
Field createOrigin was added to object type Mutation
Field deleteOrigin was added to object type Mutation
Field deleteOverlappingNetworks was added to object type Mutation
Field newIEC61850Exclusion was added to object type Mutation
Field scdMisconfigRecommendationByIedCsv was added to object type Mutation
Field scdMisconfigRecommendationCsv was added to object type Mutation
Field scdSubscriptionsRecommendationByIedCsv was added to object type Mutation
Field scdSubscriptionsRecommendationCsv was added to object type Mutation
Field updateOverlappingNetworks was added to object type Mutation
Field updateOverlappingPool was added to object type Mutation
Field origins was added to object type NessusUserScan
Field settings was added to object type NessusUserScan
Type NessusUserScanSettings was added
Type NessusUserScanSettingsArgs was added
Type NetworkUpdateInput was added
Type Origin was added
Type OriginConnection was added
Type OriginEdge was added
Field cvss3Score was added to object type Plugin
Field iecCanUploadScd was added to object type Query
Field iecReportsByAssetId was added to object type Query
Field iecScdsInfo was added to object type Query
Field isAssetIec was added to object type Query
Field origin was added to object type Query
Field origins was added to object type Query
Field overlappingPool was added to object type Query
Field scdRecommendationsCount was added to object type Query
Field scdRecommendationsCountByIed was added to object type Query
Field itemsCount was added to object type RuleGroup
Type ScdInfo was added
Type ScdInfoConnection was added
Type ScdInfoEdge was added
Type ScdRecommendations was added
Type SensorActiveAction was added
Field origin was added to object type SensorDetails
Field updateStatus was added to object type Update
Type thoroughTestsType was added
Type verbosityType was added

文件名和 MD5 或 SHA-256 校验和已发布在“OT Security 下载”页面。