Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[New Integration] Tenable.ot #12104

Open
8 tasks
cpascale43 opened this issue Dec 13, 2024 · 0 comments
Open
8 tasks

[New Integration] Tenable.ot #12104

cpascale43 opened this issue Dec 13, 2024 · 0 comments
Labels
Epic Integration:tenable_ot Tenable OT Security [Integration not found in source] Partner release-pending

Comments

@cpascale43
Copy link

Description

Tenable OT Security provides comprehensive visibility and security monitoring for converged operational technology (OT) and IT environments. It helps organizations protect industrial control systems, critical infrastructure, and building management systems by detecting vulnerabilities, tracking configuration changes, and identifying threats across the OT/IT attack surface.

Architecture

The integration collects data from Tenable OT Security through their GraphQL API, which provides several key interfaces through a single endpoint (/graphql). There are four main source types:

Findings

  • Primary vulnerability data source
  • Collects per-asset vulnerability instances
  • Includes status, temporal data, and asset context
  • Provides severity and VPR scoring

Assets

  • Comprehensive asset inventory data
  • Includes device properties, classifications, and relationships
  • Contains criticality ratings and risk scores
  • Tracks configuration and state changes

Events

  • Security event monitoring data
  • Covers configuration, SCADA, network threats, and general events
  • Includes severity, source/destination context, and resolution status
  • Provides audit trail information

Plugins

  • Vulnerability detection metadata
  • Plugin configurations and capabilities
  • Affected asset tracking
  • Detection and scoring details

Reference:

Dashboard Ideas

The dashboard should provide comprehensive visibility into OT/IT security posture while enabling rapid threat detection and response. Key categories and suggested visualizations include:

Asset visibility and management

  • Real-time asset inventory tracking using tenable:ot:assets data
  • Licensed vs unlicensed asset distribution
  • Asset communication patterns and relationships
  • Configuration state monitoring
  • Historical asset trend analysis

Vulnerability intelligence

  • Cumulative vulnerability tracking from tenable:ot:vuln
  • Vulnerability assessment coverage maps
  • Scan effectiveness metrics
  • Risk-based prioritization views
  • Remediation progress tracking

Plugin performance and health

  • Plugin status monitoring using tenable:ot:plugin data
  • Plugin configuration compliance
  • Detection coverage analysis
  • Plugin update status
  • Performance impact metrics

Cross-source analytics

  • Correlation between asset state and vulnerability findings
  • Plugin effectiveness in vulnerability detection
  • Asset risk scoring incorporating multiple data sources
  • Security coverage gap analysis
  • Operational impact assessment

Real-time monitoring

  • Active scan status tracking
  • New vulnerability detection alerts
  • Asset state change notifications
  • Plugin health monitoring
  • Security policy violation alerts

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists, useful guidelines to follow
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to:
@cpascale43 cpascale43 added Epic Integration:tenable_ot Tenable OT Security [Integration not found in source] Partner release-pending labels Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Epic Integration:tenable_ot Tenable OT Security [Integration not found in source] Partner release-pending
Projects
None yet
Development

No branches or pull requests

1 participant