Skip to content

Upgrade Guide for the OT Security Add-on for Splunk

Upgrading from Version 2.x to 3.0.1

Version 3.0 contains significant changes to the underlying data model and dashboards and it is recommended that the upgrade be performed via the web UI to ensure that all necessary steps are completed. In addition, it is recommended that you back up any custom dashboards or content before performing the upgrade as these may be overwritten during the upgrade process.

Changes/guidance after upgrade include:

  1. After upgrading, the old navigation menu will need to be removed and updated with the new navigation menu included in version 3.0. See Configuration Page for details on how to update the navigation menu.
  2. All dashboards have been converted to Dashboard Studio in this update. Searches have been updated to reflect new macro defintions and baseline related lookups. The legacy versions of the dashboards will be retained during the upgrade process. If customizations were previously made to dashboards, it is recommended that you add these customizations to the new dashboards as the legacy dashboards will be removed in a future release. See the OT Dashboards Overview Page.
  3. The OT Asset and OT SW Asset data models has been updated to use a macros ot_asset_index and ot_sw_asset_index to define the index in the data set constraint. After upgrading, the macro definition will need to be updated to reflect the index being used for OT Asset and OT SW Asset data.
  4. Asset groups and baselines have been updated to use new KV store collections. After upgrading, the old asset groups and baselines will need to be re-created in the new collection. To create asset groups and baselines in the new KV store collection, see the OT Tools Section of the OT Dashboards Overview Page. Previously created asset groups and baselines can be found in KV store collection cip_baseline_groups and system_baselines.

Upgrading from Version 2.1 to 2.2

Version 2.1 to 2.2 mostly contains additional dashboards and content that can be leveraged and upgrading via the web UI is recommended.

Additional changes/guidance after upgrade include:

  1. After upgrading, the old navigation menu will need to be removed and configuration step 1 below will need to be performed for Navigation Menu Updates to be reflected.
  2. Any customizations to existing dashboards will not be overwritten during the upgrade phase. Depending on your requirements you may wish to review the default versions of these dashboards as small changes have been made. It is recommended that you back up any local version of the dashboard before reverting to the default dashboard.