Tenable Admin

by Josef Weiss
July 10, 2014

Required:

Log forwarding to LCE from SecurityCenter and associated Tenable Applications for full functionality

The proper Nessus .audit files for your environment (Linux/Windows):

  • LCE_check.audit
  • linux_pvs_check.audit
  • SecurityCenter_check.audit
  • Nessus_Check_Linux_Unix_MacOSX.audit
  • windows_pvs_check.audit
  • windows_nessus_check.audit

This dashboard was updated on July 9, 2014.

Updates Include:

  • Indicator Color Changes
  • LCE dead client indicator
  • Indicator text/naming changes
  • Two additional components

This dashboard provides an administrative overview of Tenable Applications, and highlights potential problems. These eight components provide indications to common problems, and allow the administrator to quickly take action to resolve concerns, and to minimize the potential loss of vulnerability or event data.

The components are:

  • Tenable Scan Jobs -- A trend line that displays a graphical representation of the number of scans started over the last 90 days. This provides a visual representation of scanning activity to the administrator.
  • Tenable SecurityCenter (Warnings and Errors) -- This matrix component provides the administrator with an indicator that alerts when certain events are triggered. The event timeframe is the last 72 hours.
  • Tenable Status Messages -- This matrix component displays normal indicators when certain criteria are met, such as daily PVS/Nessus plugin updates, feed data is valid and not expired, results are imported daily, and all dashboard components are functioning properly. It displays purple indicators if any failures occur.
  • Tenable LCE -- This matrix component displays event data related to Tenable's Log Correlation Engine. It includes indicators that trigger if the LCE license is within 5 days of expiration, and if any modifications have occurred to the LCE.
  • Tenable Nessus -- This matrix component displays event data in regard to Nessus scanners. Unregistered scanners, and scanners being overloaded are among several indications present.
  • Tenable PVS -- This matrix component displays event data in regard to Passive Vulnerability Scanners. Scanner SSL Connection Errors, Maximum Number of Threads being reached, and Service Initiation Failures are among several indicators present.
  • New Tenable SecurityCenter Warning Messages-- This table displays any warning message events triggered from the 'Warning Message' indicator within the Tenable SecurityCenter (Warnings and Errors) component.
  • New Tenable Application Audit-- This component capitalizes on the audit findings to present the administrator with information on Tenable Applications.

The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The dashboard requirements are:

  • SecurityCenter 4.8.1
  • Nessus 5.2.5
  • LCE 4.2.2
  • PVS 4.0.1
  • Log Forwarding to LCE Enable via rSyslog or Tenable LCE Client
  • Nessus .audit file for your environment