Logging, Monitoring & Intrusion Detection

Tenable Admin

by Josef Weiss
April 17, 2014

Required: Log forwarding to LCE from SecurityCenter and associated Tenable Applications for full functionality

This dashboard provides an administrative overview of Tenable Applications, and highlights potential problems. These six components provide indications to common problems, and allow the administrator to quickly take action to resolve concerns, and to minimize the potential loss of vulnerability or event data.

The components are:

PVS Trust Relationships

by Josef Weiss
March 11, 2014

This dashboard presents trust relationships between clients and servers that have been passively gathered via PVS plugins 3 and 15. These plugins collect data on internal client trusted client connections and internal server trusted connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual components. Viewing plugin output provides insight into devices that are establishing trusted connections to each other.

Event Vulnerabilities

by Cody Dumont
February 13, 2014

Event Vulnerabilities Screen Shot
This dashboard highlights the vulnerabilities discovered from the events collected from the Log Correlation Engine (LCE). Using exploitable vulnerability and vulnerability trending graphs, this dashboard helps security managers identify vulnerabilities without scanning the remote systems.

Event Vulnerability Indicators

by Cody Dumont
January 30, 2014

Event Vulnerability Indicators Screen Shot
The dashboard contains a series of components that provide an easy way to view vulnerabilities identified by the Log Correlation Engine (LCE). By using different color schemes, the user is able to identify quickly which vulnerabilities pose more risk than others.

NERC – (CIP-002) Identification of Critical Cyber Assets

by Cody Dumont
January 2, 2014

 CIP-002 Identification of Critical Cyber Assets
For organizations that are required to be NERC compliant, SecurityCenter can lead the way to compliance. The first focus area is the “Identification of Critical Cyber Assets”. SecurityCenter uses Log Correlation Engine (LCE), Passive Vulnerability Scanner (PVS), and Nessus to identify assets. When using the complete Tenable family of products, an organization can easily identify all critical assets and all associated assets.

Fortinet Firewall Dashboard

by Josef Weiss
December 5, 2013

This dashboard is a series of components that provide basic analysis of Fortigate devices.

The top three components offer trending data in regard to allowed connections, blocked connections, and sessions that have timed out. This easy to read graph can alert the analyst to potential connection-based anomalies.

The Data Events component displays the total number of TCP, UDP, and ICMP allowed/blocked connections over the last 24 hours.

Copyright Indicator

by Josef Weiss
November 14, 2013

Copyright Indicator Component

This component presents a detailed vulnerability summary on files that may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.

The associated report can be found here: Copyright Report

Threatlist Trending

by David Schwalenberg
November 6, 2013

Threatlist Trending Screenshot
This dashboard presents events and network connections that are associated with IP addresses on a known threatlist, and shows trending.

PVS Network Trending

by Cody Dumont
November 5, 2013

PVS Network Trending Screen Shot
This dashboard leverages PVS's ability to detect network traffic in real-time. Some examples are SSH, SSL, VNC and RDP.

Virus Trending

by David Schwalenberg
October 23, 2013

Virus Trending Screenshot
This dashboard presents virus indication events detected by various products and shows trending.

Pages