How to create custom Dashboard to see all the vulnerabilities in your linux and windows systems using Tenable Network Security Center

Tenable Network Security is very powerful tool to scan your system OS’es and applications to identify what is the vulnerabilities in the systems or applications and to re-mediate the security vulnerabilities. And the good thing is it uses Passive scanning.

Passive scanning is a method of vulnerability detection that relies on information gleaned from network data that is captured from a target computer without direct interaction.
Packet sniffing applications can be used for passive scanning to reveal information such as operating system, known protocols running on non-standard ports and active network applications with known bugs. Passive scanning may be conducted by a network administrator scanning for security vulnerabilities or by an intruder as a preliminary to an active attack.

For an intruder, passive scanning’s main advantage is that it does not leave a trail that could alert users or administrators to their activities. For an administrator, the main advantage is that it doesn’t risk causing undesired behavior on the target computer, such as freezes. Because of these advantages, passive scanning need not be limited to a narrow time frame to minimize risk or disruption, which means that it is likely to return more information.

Passive scanning does have limitations. It is not as complete in detail as active vulnerability scanning and cannot detect any applications that are not currently sending out traffic; nor can it distinguish false information put out for obfuscation.

Passive scanning, by its nature, is politically less sensitive and technically a dramatically lighter touch on the network. It provides accurate, up-to-date information as soon as a system appears and starts “talking.

Not like the Active scanning

Active scanning for system inventory information and vulnerability data is a powerful tool that can return great benefits. Active scanning on your network also can return great headaches, however. It can have a high political cost and far-reaching effects on system uptime and reliability. If not done carefully, it can be an ineffective, inefficient way to gather information.

This Below information is gathered in Tenable website it shows the Features Security Center.

 

Asset Discovery

SecurityCenter Continuous View SecurityCenter
Active Discovery Multiple active discovery methods
MDM Integration Query Mobile Device Management systems to augment asset attributes
Passive Discovery Monitor network activity and network logs to identify transient and unmanaged devices

Vulnerability Assessment

SecurityCenter Continuous View SecurityCenter
Broad Asset Coverage Tenable supports the widest range of servers, endpoints, network devices, operating systems, databases, applications in physical, virtual and cloud infrastructures
Multiple Scanning Options Tenable supports non-credentialed, remote scans as well as credentialed, local scans for deep, granular analysis of assets that are online as well as offline or remote scans
Agent-less or Agent-based Scanning Multiple scanning modes allow organizations to scan more assets, more frequently to reduce their attack surface
Passive Vulnerability Detection Analyze network traffic to identify server- and client-side vulnerabilities in new, transient, and unmanaged assets

Compliance and Configuration Auditing

SecurityCenter Continuous View SecurityCenter
Industry Standards Templates for PCI, HIPAA/HITECH and NERC
Government Standards Templates for FISMA, GLBA and SOX
Security Standards Templates for CERT, CIS, COBIT/ITIL, DISA STIGS and NIST

Malware Detection

SecurityCenter Continuous View SecurityCenter
Suspicious Processes Compare processes with known malware
Autorun Settings Audit autorun settings for persistent malware

Anomalous Behavior Detection and Analysis

SecurityCenter Continuous View SecurityCenter
Vulnerability and Intrusion Correlation Correlate IDS logs with active and passively discovered vulnerabilities to prioritize response
Statistical Anomaly Detection Automatically record and optionally alert when event anomalies occur.
New Activity Automatically record and optionally alert when never before seen users, devices and connections are detected on the network
SQL Injection Attacks Monitor SQL activity to identify indicators of compromise
Command & Control Communications Detect inbound and outbound communications with known botnets and C&C systems
User Accounts Detect account activity that may indicate stolen credentials or suspicious insider behavior
Data Exfiltration Detects sensitive unencrypted data such as credit card data and social security numbers as it leaves the network.

Integrations

SecurityCenter Continuous View SecurityCenter
Third-party Products Interoperate with patch management, mobile device management, cloud, threat intelligence applications, and more.
APIs APIs enable centralized management, reporting, remediation, and workflows

Alerting and Notification

SecurityCenter Continuous View SecurityCenter
Email Notification Send email alerts for selected vulnerability or alert occurrences
Ticket Creation Create and assign tickets for further investigation
Syslog Alerts Send events to enterprise SIEM systems

Vulnerability Analytics

SecurityCenter Continuous View SecurityCenter
Reports Library of schedulable reports that can be automatically distributed
Dashboards Library of drillable dashboards that organize and consolidate vulnerability analytics information
Trending Line charts display vulnerability analytics and status over time
Vulnerability Assurance Report Cards Communicate vulnerability analytic and scores to management in an easy in understand format

Continuous Monitoring Analytics

SecurityCenter Continuous View SecurityCenter
Reports Library of network event and activity reports that can be automatically distributed
Dashboards Library of drillable dashboards that display an integrated view of vulnerabilities, events, and network activity.
Trending Line charts display vulnerability, event, and network activity status over time.
Continuous Monitoring Assurance Report Cards Communicate vulnerability, events, and network analytics and scores to management in an easy to understand format
Tenable Critical Cyber Controls Measure and communicate the overall health of your security program to management

 

 

Okay lets get started in creating custom dashboard

Step 1: Login to your Tenable Network Security portal using your authenticated username and password as shown below

tenable_1login

 

Step 2: After you successfully login go to the ‘Manage Dashboard’. In the upper right side corner click

Options -> Add Dashboard

And below image will be shown this are Templates that can be use according to your needs and for this article we will cover the template to show the Security vulnerabilities of the Linux and Windows OS.

tenable_3

 

Step 3: Click the template called “Threat Detection & Vulnerability Assessments” There’s a lot of template to choose from according to your needs.

tenable_4

 

Step 4: In the “Search box” type the word ‘security’ and look for the “Vulnerability Tren” this will be our default template that will be going to use. The Vulnerability Trend dashboard monitors vulnerabilities on an organization’s network. By increasing visibility into the vulnerability status of their network, security teams can focus mitigation strategies accordingly. The trend data informs security teams where to focus their efforts in order to better defend their network. By monitoring the change in detected vulnerabilities, security teams can adjust their efforts as needed in order to mitigate the greatest vulnerabilities. The components present trend data about vulnerabilities on the network. This includes 25-day trends of new vulnerabilities by severity, exploitability, CVSS score, and external network connections. Each of these trend charts calculates their data points every 24 hours to provide the most accurate data possible. Also displayed are matrices that track vulnerabilities by time range, operating system, severity, and exploitability. These components can help an organization understand the vulnerability status of their network.

 

before you click the “Add” button you may want to add the IP range or the repositories click the “Targets” to show the options for IPs/DNS Names and Repositories.

Targets -> IPs / DNS Names

then type the IP’s you can either use /24 or IP range from 192.168.51.0-192.168.51.255 without spaces

192.168.100.0/23
192.168.20.0/24
192.168.51.0-192.168.51.255
192.168.52.0-192.168.53.255

And repositories this are the repository that was created before to categorize the locations of sites.

Target -> Repositories

Now you can click ‘Add’ then it will load to your Dashboard it will take 1 to 2minutes to load the graphs and generate a report for you.

tenable_7

That’s it its done. You can customize the widget according to your needs.

 

Be the first to comment on "How to create custom Dashboard to see all the vulnerabilities in your linux and windows systems using Tenable Network Security Center"

Leave a comment

Your email address will not be published.