Logging, Monitoring & Intrusion Detection

Tenable Admin

by Josef Weiss
July 10, 2014

Required:

Log forwarding to LCE from SecurityCenter and associated Tenable Applications for full functionality

The proper Nessus .audit files for your environment (Linux/Windows):

  • LCE_check.audit
  • linux_pvs_check.audit
  • SecurityCenter_check.audit
  • Nessus_Check_Linux_Unix_MacOSX.audit
  • windows_pvs_check.audit
  • windows_nessus_check.audit

This dashboard was updated on July 9, 2014.

Updates Include:

Event Analysis

by Josef Weiss
June 24, 2014

This dashboard contains a series of components that provide an analysis of collected events over time.

Passive Network Forensics

by David Schwalenberg
April 30, 2014

Passive Network Forensics Dashboard Screenshot
This dashboard presents information passively detected over the last 72 hours, such as summaries of domains accessed and indicators of suspicious network activity. This information can be helpful for network monitoring and forensics.

PVS Trust Relationships

by Josef Weiss
March 11, 2014

This dashboard presents trust relationships between clients and servers that have been passively gathered via PVS plugins 3 and 15. These plugins collect data on internal client trusted client connections and internal server trusted connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual components. Viewing plugin output provides insight into devices that are establishing trusted connections to each other.

Event Vulnerabilities

by Cody Dumont
February 13, 2014

Event Vulnerabilities Screen Shot
This dashboard highlights the vulnerabilities discovered from the events collected from the Log Correlation Engine (LCE). Using exploitable vulnerability and vulnerability trending graphs, this dashboard helps security managers identify vulnerabilities without scanning the remote systems.

Event Vulnerability Indicators

by Cody Dumont
January 30, 2014

Event Vulnerability Indicators Screen Shot
The dashboard contains a series of components that provide an easy way to view vulnerabilities identified by the Log Correlation Engine (LCE). By using different color schemes, the user is able to identify quickly which vulnerabilities pose more risk than others.

NERC – (CIP-002) Identification of Critical Cyber Assets

by Cody Dumont
January 2, 2014

 CIP-002 Identification of Critical Cyber Assets
For organizations that are required to be NERC compliant, SecurityCenter can lead the way to compliance. The first focus area is the “Identification of Critical Cyber Assets”. SecurityCenter uses Log Correlation Engine (LCE), Passive Vulnerability Scanner (PVS), and Nessus to identify assets. When using the complete Tenable family of products, an organization can easily identify all critical assets and all associated assets.

Fortinet Firewall Dashboard

by Josef Weiss
December 5, 2013

This dashboard is a series of components that provide basic analysis of Fortigate devices.

The top three components offer trending data in regard to allowed connections, blocked connections, and sessions that have timed out. This easy to read graph can alert the analyst to potential connection-based anomalies.

The Data Events component displays the total number of TCP, UDP, and ICMP allowed/blocked connections over the last 24 hours.

Copyright Indicator

by Josef Weiss
November 14, 2013

Copyright Indicator Component

This component presents a detailed vulnerability summary on files that may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.

The associated report can be found here: Copyright Report

Threatlist Trending

by David Schwalenberg
November 6, 2013

Threatlist Trending Screenshot
This dashboard presents events and network connections that are associated with IP addresses on a known threatlist, and shows trending.

Pages