240 likes | 378 Views
Vulnerability Types. And How to Use Them. Vulnerabilities and SecurityCenter. Networks have vulnerabilities! SecurityCenter can display network vulnerability information gathered from multiple sources Nessus scans Passive Vulnerability Scanner (PVS) detections
E N D
Vulnerability Types And How to Use Them
Vulnerabilities and SecurityCenter • Networks have vulnerabilities! • SecurityCenter can display network vulnerability information gathered from multiple sources • Nessus scans • Passive Vulnerability Scanner (PVS) detections • Log Correlation Engine (LCE) detections • Compliance checks
Active Vulnerabilities • Nessus actively scans the network for vulnerabilities • Nessus uses plugins to gather this vulnerability information • Plugin type “Active Vulnerabilities” • Plugin IDs from 10001 to 799999
Active Vulnerabilities Creating an Active Vulnerabilities table…
Active Vulnerabilities – Example • Using in a report or dashboard component This component uses additional filters to discover vulnerability to a specific exploit framework…
Active Vulnerabilities – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Active Vulnerabilities • In general, SecurityCenter shows all vulns that have not been mitigated (Cumulative) • For Active Vulnerabilitesonly, SecurityCenter can display those vulns that have been found to be mitigated (Mitigated)
Active Vulnerabilities – Examples • Using the Mitigated source Number of patched vulnerabilities that took 30 days to patch (“Patch Rate”) Number of patches that occurred within the past 30 days (“Patch Date”)
Passive Vulnerabilities • The Passive Vulnerability Scanner (PVS) passively detects vulnerabilities based on the traffic seen on the network • PVS uses plugins to gather this vulnerability information • Plugins type “Passive Vulnerabilities” • Plugin IDs from 1 to 10000
Passive Vulnerabilities Creating a Passive Vulnerabilities table…
Passive Vulnerabilities – Example • Using in a report or dashboard component This component uses additional filters to discover critical vulnerabilities within the last 7 days…
Passive Vulnerabilities – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Event Vulnerabilities • The Log Correlation Engine (LCE) detects vulnerabilities based on log events gathered from devices and applications on the network • LCE uses plugins to gather this vulnerability information • Plugin type “Event Vulnerabilities” • Plugin IDs from 800000 to 899999
Event Vulnerabilities Creating an Event Vulnerabilities table…
Event Vulnerabilities – Example • Using in a report or dashboard component This component uses additional filters to discover malware… Note that the Plugin Name text will match anywhere in a plugin’s name and is not case sensitive
Event Vulnerabilities – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Compliance Checks • Nessus can be used to run audit scans on the network to measure compliance • Failed compliance checks may indicate vulnerabilities • High severity = Failed check • Informational = Passed check • Medium severity = Check must be performed manually, or an advisory • SecurityCenter uses plugins to gather this compliance information • Plugin type “Compliance” • Plugin IDs from 1000001 and up
Compliance Checks Creating a Compliance Checks table…
Compliance Checks – Example • Using in a report or dashboard component This component uses additional filters to discover specific audit references…
Compliance Checks – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Plugins Screen Plugin type
Vulnerabilities and SecurityCenter • Networks have vulnerabilities! • SecurityCenter can display network vulnerability information gathered from multiple sources • All = Vulnerabilities from all sources • Active Vulnerabilities = From Nessus scans • Passive Vulnerabilities = From PVS detections • Event Vulnerabilities = From LCE detections • Compliance = Compliance checks
For Questions Contact Tenable Customer Support Portal