Tenable has recently added several TASL correlation rules which detect a variety of network changes. These rules automatically detect:
- Changes to servers such as new software and added patches
- Changes to users such as adding/removing a user, changing their passwords and disabling their accounts
- Changes to network devices such as saving new configs of a router or switch
- Changes to the network such as new hosts being added
Here is a screen shot of what these look like under the Security Center:
These new TASLs also compliment the existing scripts which detect user account to host relationships and alerting when new Ethernet addresses are discovered in DHCP logs and logs from Tenable's Passive Vulnerability Scanner.