Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Daily Host Alerts

by Andrew Freeborn
November 18, 2015

A new host on the network should not be an unexpected nor unplanned activity. This dashboard provides information such as new hosts on the network to help administrators and analysts with situational awareness. The detailed information provided by this dashboard on new hosts and related alerts can help keep analysts knowledgeable of host-based events in the environment.

Many hosts are constantly generating events for a variety of reasons such as normal system events, users logging into a host or an application writing an event to a log. Administrators and analysts can quickly drill-down into details of hosts and their events using this dashboard. Using this detailed information, administrators for example can help troubleshoot issues faster by reviewing logs separate from the host. Analysts for example can review alerts by user to help narrow down information for an investigation. This dashboard can provide many ways to aid investigations or troubleshooting, as well as, provide awareness of new hosts on the network through passive network analysis.

This dashboard presents to analysts an easy way to see data that was collected actively, passively and through log correlation. Actively collected data is shown in the dashboard for instance by displaying the new alerts generated on a host. Passively collected data is shown in the dashboard for instance by displaying the new hosts found in the network. Even though these sources of data collection operate in different ways, this dashboard intelligently displays the combined data in an easy to view manner. This intelligent combination of data is accomplished through log correlation to give administrators and analysts precise and accurate information.

Users typically work a repeatable set of hours in a work-week and generate alerts during those hours. Observing alerts outside of a user’s typical working hours should be investigated for expected activity. Analysts can quickly see this data in the dashboard in an easy to see format to help them perform this job. New user activity on a host should also be investigated as soon as possible to validate appropriate activity. This activity can be expected for routine administrator and analyst activity, but this information should be broad knowledge for situational awareness. Administrators and analysts have access to up to date information in the dashboard and this helps them to more effectively perform their task.

The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Discovery & Detection. The dashboard requirements are:

  • SecurityCenter 4.8.2
  • PVS 4.4.0
  • LCE 4.6.0

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View (CV), Passive Vulnerability Scanner (PVS) and Log Correlation Engine (LCE). SecurityCenter CV performs log normalization from hundreds of unique data sources. Regardless of whether logs in a SIEM or log data store are sent to SecurityCenter CV or directly from applications and systems, they will be recognized and mined for vulnerabilities, user identification and asset discovery. PVS provides deep packet inspection to continuously discover and track users, applications, cloud infrastructures, trust relationships, and vulnerabilities. LCE performs automatic discovery of users, infrastructure, and vulnerabilities across more technologies than any other vendor including operating systems, network devices, hypervisors, databases, tablets, phones, web servers and critical infrastructure.

This dashboard contains the following components:

  • Daily Host Alerts Trend (Last 5 Days): The “Daily Host Alerts Trend” line component displays a count of new alerts generated on hosts and when they were first seen on the network
  • Daily Host Alerts (Last 5 Days): The “Daily Host Alerts” table component displays the new host alerts for the last 5 days
  • Daily Host Alerts by User (Last 5 Days): The “Daily Host Alerts by User” table component displays alerts of user activity for the last five days
  • New Hosts (Last 5 Days): The “New Hosts” table component lists newly discovered hosts seen in the last five days
  • New Users (Last 5 Days): The “New Users” table component shows new user activity in the last five days

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training