Compliance Monitoring

Upping the Ante: Tenable’s Log Correlation Engine Now Standard in SecurityCenter Continuous View

by Allan Carey on April 18, 2013

After a very successful launch of SecurityCenter Continuous View (CV) last year, Tenable has further enhanced the analytical power and value of SecurityCenter CV with the addition of Tenable’s Log Correlation Engine (LCE) as a standard component of the solution. Today’s announcement highlights the addition of LCE to SecurityCenter CV which brings together vulnerability management, compliance reporting, and security information and event management (SIEM) into a single, integrated security and compliance intelligence platform. LCE provides the ability to import logs from hundreds of devices...

SecurityCenter 4.6.2 Provides Enhanced CyberScope Monitoring and Reporting

by Manish Patel on February 7, 2013

SecurityCenter already supports extensive CyberScope reporting and monitoring with unique combination of active as well as passive scanning. In previous releases, a separate utility was required to pull data and generate a CyberScope report with relevant CVE and CPE data. SecurityCenter now directly generates and publishes CyberScope reports like all other reports. In addition, SecurityCenter now generates two new reports: Asset Reporting Format (ARF) and Assessment Summary Report (ASR) that identify assets and their attributes and allow the exchange of vulnerability results of multiple assets at the aggregate level.

Using Nessus to Audit Microsoft SharePoint 2010 Configurations

by Paul Asadoorian on January 23, 2013

Trust, but Verify Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit Microsoft SharePoint server configurations. The audit policy uses both operating system and database information from a SharePoint server farm and compares it against the settings specified in the DISA STIG guide for Microsoft SharePoint 2010 servers . This blog entry discusses some of the Nessus functionality that was used to create the audit file. Poll the typical office about what functionality SharePoint delivers, and the responses tend to be quite varied. Often, SharePoint first...

Auditing Open Ports on Windows Systems Using Nessus

by Paul Asadoorian on September 26, 2012

Tenable recently released three new checks used for auditing the configurations of Windows systems. The new configuration auditing options allow users to audit open ports. This post provides details about the three new checks, and describes how Nessus users could use them to maintain tight control over the number of open ports on their Windows systems. 1. AUDIT_ALLOWED_OPEN_PORTS This check allows users to audit the list of open ports against an "allowed" list of ports that can be open on a target. For example, let’s assume there is a company policy to only allow SMB ports 445 and 139 to be open on a target. The resulting configuration audit would look as follows: &ltcustom_item&gt type : AUDIT_ALLOWED_OPEN_PORTS description : "Audit TCP Open Ports" value_type : POLICY_PORTS value_data : "445,139" port_type : TCP &lt/custom_item&gt

Tenable Releases SecurityCenter Continuous View

by Dale Gardner on August 9, 2012

Today, Tenable announced the availability of a new edition of SecurityCenter, called Continuous View. This edition of SecurityCenter uniquely encompasses both scanning and monitoring, with the inclusion of Tenable's Passive Vulnerability Scanner (PVS). That makes SecurityCenter Continuous View uniquely capable of addressing vulnerability, configuration, and compliance management requirements for emerging technologies like mobile devices, cloud-based services, social applications, and virtual systems. The flexible licensing approach provided by SecurityCenter Continuous View allows enterprise customers to deploy PVS in much the same way as they do with Nessus within SecurityCenter, pretty much as many as needed. Existing SecurityCenter customers can upgrade to a ContinuousView license and begin to enjoy the benefits of continuous monitoring with PVS. These include: Real-time identification of server and client vulnerabilities Identification of mobile devices and their vulnerabilities Passive discovery of all internal and external web servers and databases Identification of trust and communication paths Passive monitoring of virtual environments

File Integrity Auditing with Nessus

by Paul Asadoorian on May 18, 2012

Tenable has added a compliance check for Windows which allows users to compare file hashes using a .audit script (Windows compliance checks v2.0.32 or later). By default, MD5 is used to compare two versions of a file, however, users can compare hashes generated with SHA1, SHA256, SHA384, SHA512, or RIPEMD160 algorithms. Microsoft PowerShell must be installed and WMI must be enabled on the target for these checks to work. If the Windows firewall is enabled, be certain it's configured to allow inbound remote administration ( Windows Firewall: Allow inbound remote administration exception )...

Compliance Auditing with Microsoft PowerShell

by Paul Asadoorian on April 26, 2012

Compliance Auditing with PowerShell Microsoft's PowerShell framework has been part of their product line for quite some time. In recent years, it has played a major role in new operating system versions (such as Window 7 and Windows Server 2008) thanks to its inclusion in common engineering criteria. All future Microsoft server products will have PowerShell support integrated in them by default. This means Microsoft products will benefit from a single management interface, rather than a mixed usage of the registry, WMI, or other system files/utilities. For those unfamiliar with PowerShell, it's a command-line shell meant to perform administrative tasks using cmdlets. Cmdlets are purpose-built commands designed to accomplish specific tasks for reading registry keys, files, wmi-objects, starting and stopping Windows services, and a host of other tasks. A wide range of cmdlets and their usage are documented on Microsoft's website . The ability to run PowerShell cmdlets remotely opens up interesting possibilities from a compliance perspective. For example, it's now possible to read a file, apply several different filters, and determine compliance. You can also run a cmdlet and let the user review the output, then tailor the output as needed. Tenable recently added an AUDIT_POWERSHELL check to Windows compliance checks which allows users to do just that, right from an .audit file. Below is the basic syntax:

SecurityCenter 4.4 Released

by Paul Asadoorian on April 17, 2012

SecurityCenter 4.4 Expands USM Capabilities SecurityCenter version 4.4 is available today from Tenable Network Security. Customers can download the updated release from the Tenable Support Portal. You can view a video tutorial of the new features on the Tenable YouTube channel, or watch it below: SecurityCenter is the central component of Tenable’s USM platform. It provides robust enterprise security monitoring by uniquely combining active and passive vulnerability assessments with log and event monitoring to create intelligent and actionable reports. SecurityCenter users also benefit from real-time and flexible dashboards for both security monitoring and maintaining compliance. SecurityCenter version 4.4 includes dramatic performance gains, improved integration with other management systems, reporting and user interface enhancements, and many other new features. A detailed list is available on the Tenable website. Some of the highlights include:

New IBM iSeries Audit Policy

by Paul Asadoorian on February 13, 2012

A new configuration auditing policy designed to test IBM Systems against the iSeries Security Reference Version 5 Release 4 is now available on the Tenable Support Portal . Users can log into the Tenable Support Portal to obtain this audit policy. The file is called "IBM v5 r4 iseries security reference" and is located in the "IBM iSeries Configuration Audits" section. To use this audit policy, update the plugins and create a new policy to perform compliance checks against an AS400 system.