Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Daily Usage Summary

by Michael Willison
June 27, 2014

 

The Daily Usage Summary dashboard collects and displays daily information that the IT Security team should review frequently during the workday. These components are helpful in monitoring activity within the corporate network.   For daily review, the operation center may need to monitor user logins, both successful and unsuccessful, and monitor for configuration changes.  This dashboard provides several components that track data loss prevention (DLP) events, Tenable Passive Vulnerability Scanner (PVS) events, user activity, and configuration changes.  This dashboard refreshes hourly and should be monitored throughout the workday.

The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Discovery & Detection.

The dashboard requirements are:

  • SC 4.8.1
  • LCE 4.2.2
  • PVS 4.0.2

Listed below are the included components:

  • Daily User Summary – Logins - This component collects the top 10 cumulative user logins over the past 24 hours. The data provided in the chart assists in understanding which accounts have logged in and out within the past 24 hours. Additionally, the chart provides a count of the login occurrences. For example, the service_admin account could be used as a service account and may log into multiple systems.  However, the Joe_Smith account, a standard user account, may only login a few times during the course of a normal day.  The result is that service accounts are more likely to exist in the pie chart, but standard users are not. This component refreshes hourly and should be monitored throughout the workday.
  • Data Leakage by Port - The Data Leakage by Port component collects the top 10 ports that have been flagged for possible data leakage. Data leakage events are triggered when the presence of sensitive data such as a credit cards or social security numbers are discovered in the PVS or logged events. PVS analyzes data in motion and identifies sensitive data, such as credit card information, as well as general types of documentation sharing.  PVS identifies a wide variety of file sharing and data in motion activity, which can be used to highlight inbound and outbound communications. This component refreshes hourly and should be monitored throughout the workday.
  • Login Failures – Reason - This component collects the top 10 failed logins. For example, these failed login attempts could be invalid SSH users or unknown users in Linux.  Failed logins could also be caused by automatic service accounts that have expired passwords, thus causing an account to try and login every five minutes.  These events can also be caused by a password guessing attack. Any large number of failed logins should be investigated immediately to determine a reason for these failures. This component refreshes hourly and should be monitored throughout the workday.
  • Configuration Changes - This component collects the top 10 configuration changes.  Adding a new user account into Windows, changing a firewall rule, or installing new software may generate these events. Networks are always evolving and constantly require changes.  SecurityCenter Continuous View (CV) customers can detect these changes by monitoring LCE and syslog events. PVS can alert in real-time when new hosts are discovered. This component refreshes hourly and should be monitored throughout the workday.
  • PVS Events -The PVS Events component collects the top 10 PVS events by hour. Passive vulnerability scanning is the process of monitoring network traffic at the packet layer to determine topology, clients, applications, and related security issues. Tenable has expanded the functionality of PVS to include traffic profiling and system compromise detections.PVS detects vulnerabilities on the network by passively analyzing communication streams, and has the ability to identify interactive and encrypted network sessions. PVS can detect when new hosts are added to a network, track trusted sessions with other systems, and monitor port usage. PVS can also detect the number of hops each system is from the PVS sensor. This component refreshes hourly and should be monitored throughout the workday.
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.