Event Vulnerability Indicators

by Cody Dumont
January 30, 2014

The dashboard contains a series of components that provide an easy way to view vulnerabilities identified by the Log Correlation Engine (LCE).  By using different color schemes, the user is able to identify quickly which vulnerabilities pose more risk than others.

The Log Correlation Engine (LCE) 4.2.0 examines log event data to find vulnerabilities. The Tenable plugins that report this information are plugin IDs in the range of 800000 – 899999; these are the Event Vulnerabilities type plugins.

This collection of components provides a very inclusive set of the indicator style components that provide a detailed view into the vulnerably identified by LCE.  These components are being published together, however they work great with other threat detection or monitoring style dashboards.  Adding one or more of these components to an existing dashboard is easy using the SecurityCenter 4.7 Dashboard app feed.  Simply look under the category “Threat Detection”, select the tags for indicator and events, choose the component you would like, and in a few minutes the current vulnerabilities identified by SecurityCenter have been discovered.  

The dashboard and its components are available in the SecurityCenter 4.7 Dashboard app feed, an app store of dashboards, reports, and assets.  The dashboard requirements are:

  • SecurityCenter 4.7.1
  • LCE 4.2.2

Listed below are the included components:

  • Event Vulnerability Indicators - Detection Indicators: This indicator matrix provides a quick look at what software and hardware has been detected using event vulnerabilities.  
  • Event Vulnerability Indicators - Most Common Event Vulnerability Indicators: This component takes the most common keywords found in the event vulnerabilities and correlates the events to provide an easy way to navigate the many vulnerabilities discovered by LCE.  
  • Event Vulnerability Indicators - Plugin Family Indicator: This component displays indicators of vulnerabilities identified by the plugin family and the plugin type.  
  • Event Vulnerability Indicators - Events Indicating Hacker Activity: This component displays vulnerabilities that are easily exploited or indicate activities commonly attributed to hackers. 
  • Event Vulnerability Indicators - Event Statistics Indicators: This component provides an easy method to access all the statistics collected by LCE and reported to SecurityCenter.  
  • Event Vulnerability Indicators - Browser Vulnerability Indicators: This component displays all the common keywords for the Web Clients plugin family and the event plugin type.  
  • Event Vulnerability Indicators - Database Event Indicators: This component displays all the common keywords for the Database plugin family and the event plugin type.  
  • Event Vulnerability Indicators - Web Server Vulnerabilities: This component displays all the common keywords for the Web Server plugin family and the event plugin type.  
  • Event Vulnerability Indicators - OS Detection Indicators: This component displays all operating systems detected by the event plugin type.