Synopsis
A configuration download has been detected on the remote OT asset.
Description
The system detected a change in the controller configuration that was made via the network.
An attacker may use configuration changes to disrupt normal operations, to cause production losses, or to create a security threat.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
1) Check whether the change was made as part of scheduled work and whether the source of the operation is approved for making such changes.
2) In the code revision tab, check if the code has changed. If it has changed, validate with an OT engineer that it matches the planned scope.
3) If this was not part of a planned operation, check the source asset of the event to determine if it has been compromised.
Plugin Details
Supported Sensors: Tenable OT Security