Embed Size (px)
Citation preview
Vulnerability TypesAnd How to Use Them
Vulnerabilities and SecurityCenter
•Networks have vulnerabilities!•SecurityCenter can display network vulnerability information gathered from multiple sourceso Nessus scanso Passive Vulnerability Scanner (PVS) detectionso Log Correlation Engine (LCE) detectionso Compliance checks
Active Vulnerabilities
•Nessus actively scans the network for vulnerabilities
•Nessus uses plugins to gather this vulnerability informationo Plugin type “Active Vulnerabilities” o Plugin IDs from 10001 to 799999
Active Vulnerabilities
Creating an Active Vulnerabilities
table…
Active Vulnerabilities – Example
•Using in a report or dashboard component
This component uses additional filters to discover vulnerability to a specific exploit framework…
Active Vulnerabilities – Example
•Using in an asset
Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Active Vulnerabilities
• In general, SecurityCenter shows all vulns that have not been mitigated (Cumulative)
•For Active Vulnerabilitesonly, SecurityCenter can display those vulns that have been found to be mitigated (Mitigated)
Active Vulnerabilities – Examples
•Using the Mitigated source
Number of patched vulnerabilities that took 30 days to patch (“Patch Rate”)
Number of patches that occurred within the past 30 days (“Patch Date”)
Passive Vulnerabilities
•The Passive Vulnerability Scanner (PVS) passively detects vulnerabilities based on the traffic seen on the network
•PVS uses plugins to gather this vulnerability informationo Plugins type “Passive Vulnerabilities” o Plugin IDs from 1 to 10000
Passive Vulnerabilities
Creating a Passive Vulnerabilities
table…
Passive Vulnerabilities – Example
•Using in a report or dashboard component
This component uses additional filters to discover critical vulnerabilities within the last 7 days…
Passive Vulnerabilities – Example
•Using in an asset
Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Event Vulnerabilities
•The Log Correlation Engine (LCE) detects vulnerabilities based on log events gathered from devices and applications on the network
•LCE uses plugins to gather this vulnerability informationo Plugin type “Event Vulnerabilities” o Plugin IDs from 800000 to 899999
Event Vulnerabilities
Creating an Event Vulnerabilities
table…
Event Vulnerabilities – Example
•Using in a report or dashboard component
This component uses additional filters to discover malware…
Note that the Plugin Name text will match anywhere in a plugin’s name and is not case sensitive
Event Vulnerabilities – Example
•Using in an asset
Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Compliance Checks
•Nessus can be used to run audit scans on the network to measure compliance
•Failed compliance checks may indicate vulnerabilities
o High severity = Failed checko Informational = Passed checko Medium severity = Check must be performed manually, or an advisory
•SecurityCenter uses plugins to gather this compliance informationo Plugin type “Compliance” o Plugin IDs from 1000001 and up
Compliance Checks
Creating a Compliance Checks
table…
Compliance Checks – Example
•Using in a report or dashboard component
This component uses additional filters to discover specific audit references…
Compliance Checks – Example
•Using in an asset
Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID
Plugins Screen
Plugin type
Vulnerabilities and SecurityCenter
•Networks have vulnerabilities!•SecurityCenter can display network vulnerability information gathered from multiple sources
o All = Vulnerabilities from all sourceso Active Vulnerabilities
= From Nessus scanso Passive Vulnerabilities
= From PVS detectionso Event Vulnerabilities
= From LCE detectionso Compliance
= Compliance checks
For Questions ContactTenable Customer Support Portal
