Dynamic Asset List Example
I was at a Security Center customer this past Friday and they had asked how they could report on just certain computers that had certain applications on them. One of the things the Security Center can do is "mine" the results of the existing and future Nessus and Passive Vulnerability Scanner results to come up with dynamic lists of IP addresses with matching criteria. For example, consider this screen shot:
In the above image, the Security Center has been configured to dynamically create lists of various IIS, Sendmail, Apache and other types of applications. These rules are wizard driven and look like this:
That "2004" plugin ID probably isn't recognized by Nessus users because IDs 1 through 10,000 are reserved for results from Tenable's Passive Vulnerability Scanner. This rule says for each known IP address, if there has been a discovery of ID 2004 or 10263 (plugins which discover SMTP servers regardless if they are on port 25 or not) look at the content and if we see "Sendmail" and "8.13" put it on the list of "Sendmail 8.13" servers.
The Security Center allows for dynamic lists to be created like this with active or passive content based and also some interpreted content including:
- DNS name
- NetBIOS/Workgroup name
- MAC Address
- IP/Network address
- open TCP port
- open UDP ports
- existence of particular vulnerability IDs
- regular expression content search
Very sophisticated dynamic rules can be created. For example, all OSes actively fingerprinted as "Linux", in the 10.10.20.0/24 network with port 22 open could be placed on a list.
If an organization knows about their devices or networks, they can simply upload these lists of IP addresses and CIDR blocks to the Security Center. We call these static asset lists as compared to the dynamic asset lists generated based on the vulnerability content. All asset lists can be used for reporting, filtering and asset control as shown in this image below:
Related Articles
Unified IT and Web App Security: On-Prem Web App Scanning Integrated into Security Center
October 17, 2023On-prem web app scanning is now available within Tenable Security Center, offering comprehensive exposure management with accurate analysis, OWASP Top 10 coverage and easy setup. Here’s what you need to know.
What Is VPR and How Is It Different from CVSS?
April 16, 2020This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR th...
Tenable Releases SecurityCenter Continuous View
August 9, 2012<p>Today, Tenable <a href="http://www.tenable.com/news-events/press-releases/2012-tenable-network-security-unveils-securitycenter-continuous-view" target="_self" title="Tenable Network Security Unveils SecurityCenter Continuous View">announced </a>the availability of a new edition of SecurityCenter, called Continuous View.</p> <p>This edition of SecurityCenter uniquely encompasses both scanning and monitoring, with the inclusion of Tenable's Passive Vulnerability Scanner (PVS). That makes SecurityCenter Continuous View uniquely capable of addressing vulnerability, configuration, and compliance management requirements for emerging technologies like mobile devices, cloud-based services, social applications, and virtual systems.</p> <p>The flexible licensing approach provided by SecurityCenter Continuous View allows enterprise customers to deploy PVS in much the same way as they do with Nessus within SecurityCenter, pretty much as many as needed.</p> <p>Existing SecurityCenter customers can upgrade to a ContinuousView license and begin to enjoy the benefits of continuous monitoring with PVS. These include:</p> <ul> <li>Real-time identification of server and client vulnerabilities </li> <li>Identification of mobile devices and their vulnerabilities </li> <li>Passive discovery of all internal and external web servers and databases </li> <li>Identification of trust and communication paths </li> <li>Passive monitoring of virtual environments </li> </ul>
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- SecurityCenter