Transcript Vulnerability Types - Tenable Discussions Forum

Vulnerability Types
And How to Use Them
Vulnerabilities and SecurityCenter
• Networks have vulnerabilities!
• SecurityCenter can display network vulnerability
information gathered from multiple sources
Nessus scans
o Passive Vulnerability Scanner (PVS) detections
o Log Correlation Engine (LCE) detections
o Compliance checks
o
Active Vulnerabilities
• Nessus actively scans the network for
vulnerabilities
• Nessus uses plugins to gather this vulnerability
information
Plugin type “Active Vulnerabilities”
o Plugin IDs from 10001 to 799999
o
Active Vulnerabilities
Creating an
Active Vulnerabilities
table…
Active Vulnerabilities – Example
• Using in a report or dashboard component
This component uses
additional filters to
discover vulnerability
to a specific exploit
framework…
Active Vulnerabilities – Example
• Using in an asset
Vulnerability types
cannot be directly
used in assets;
instead, use the
appropriate range
for the plugin ID
Active Vulnerabilities
• In general, SecurityCenter shows all vulns that
have not been mitigated (Cumulative)
• For Active Vulnerabilites
only, SecurityCenter can
display those vulns that
have been found to be
mitigated (Mitigated)
Active Vulnerabilities – Examples
• Using the Mitigated source
Number of patched
vulnerabilities that
took 30 days to patch
(“Patch Rate”)
Number of patches
that occurred within
the past 30 days
(“Patch Date”)
Passive Vulnerabilities
• The Passive Vulnerability Scanner (PVS)
passively detects vulnerabilities based on the
traffic seen on the network
• PVS uses plugins to gather this vulnerability
information
Plugins type “Passive Vulnerabilities”
o Plugin IDs from 1 to 10000
o
Passive Vulnerabilities
Creating a
Passive Vulnerabilities
table…
Passive Vulnerabilities – Example
• Using in a report or dashboard component
This component uses
additional filters to
discover critical
vulnerabilities within
the last 7 days…
Passive Vulnerabilities – Example
• Using in an asset
Vulnerability types
cannot be directly
used in assets;
instead, use the
appropriate range
for the plugin ID
Event Vulnerabilities
• The Log Correlation Engine (LCE) detects
vulnerabilities based on log events gathered
from devices and applications on the network
• LCE uses plugins to gather this vulnerability
information
Plugin type “Event Vulnerabilities”
o Plugin IDs from 800000 to 899999
o
Event Vulnerabilities
Creating an
Event Vulnerabilities
table…
Event Vulnerabilities – Example
• Using in a report or dashboard component
This component uses
additional filters to
discover malware…
Note that the Plugin Name text will match anywhere
in a plugin’s name and is not case sensitive
Event Vulnerabilities – Example
• Using in an asset
Vulnerability types
cannot be directly
used in assets;
instead, use the
appropriate range
for the plugin ID
Compliance Checks
• Nessus can be used to run audit scans on the
network to measure compliance
• Failed compliance checks may indicate
vulnerabilities
o
High severity = Failed check
o
Informational = Passed check
o
Medium severity = Check must be performed manually, or an advisory
• SecurityCenter uses plugins to gather this
compliance information
Plugin type “Compliance”
o Plugin IDs from 1000001 and up
o
Compliance Checks
Creating a
Compliance Checks
table…
Compliance Checks – Example
• Using in a report or dashboard component
This component uses
additional filters to
discover specific
audit references…
Compliance Checks – Example
• Using in an asset
Vulnerability types
cannot be directly
used in assets;
instead, use the
appropriate range
for the plugin ID
Plugins Screen
Plugin type
Vulnerabilities and SecurityCenter
• Networks have vulnerabilities!
• SecurityCenter can display network vulnerability
information gathered from multiple sources
o
All = Vulnerabilities from all sources
o
Active Vulnerabilities
= From Nessus scans
o
Passive Vulnerabilities
= From PVS detections
o
Event Vulnerabilities
= From LCE detections
o
Compliance
= Compliance checks
For Questions Contact
Tenable Customer Support Portal