Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Dynamic Asset List Example

I was at a Security Center customer this past Friday and they had asked how they could report on just certain computers that had certain applications on them. One of the things the Security Center can do is "mine" the results of the existing and future Nessus and Passive Vulnerability Scanner results to come up with dynamic lists of IP addresses with matching criteria. For example, consider this screen shot:

Dynamicassetexample





In the above image, the Security Center has been configured to dynamically create lists of various IIS, Sendmail, Apache and other types of applications. These rules are wizard driven and look like this:

Dynamicassetexample2





That "2004" plugin ID probably isn't recognized by Nessus users because IDs 1 through 10,000 are reserved for results from Tenable's Passive Vulnerability Scanner. This rule says for each known IP address, if there has been a discovery of ID 2004 or 10263 (plugins which discover SMTP servers regardless if they are on port 25 or not) look at the content and if we see "Sendmail" and "8.13" put it on the list of "Sendmail 8.13" servers.

The Security Center allows for dynamic lists to be created like this with active or passive content based and also some interpreted content including:

  • DNS name
  • NetBIOS/Workgroup name
  • MAC Address
  • IP/Network address
  • open TCP port
  • open UDP ports
  • existence of particular vulnerability IDs
  • regular expression content search

Very sophisticated dynamic rules can be created. For example, all OSes actively fingerprinted as "Linux", in the 10.10.20.0/24 network with port 22 open could be placed on a list. 

If an organization knows about their devices or networks, they can simply upload these lists of IP addresses and CIDR blocks to the Security Center. We call these static asset lists as compared to the dynamic asset lists generated based on the vulnerability content. All asset lists can be used for reporting, filtering and asset control as shown in this image below:

Dynamicassetexample3

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.