Tenable Vulnerability Management Specialist – Assessment and Analysis + TenableCore
This post summarzie as a Tenable Vulnerability Management Specialist, what you should know, such as installation and configuration, operations, a technology overview including architecture and design discussions for typical environments, and detailed scanning and analysis instructions.
Host Discovery
Template Good For:
- Great starting point
- Quickly identifies assets for running VA (vulnerability assessment) only on live targets
- Minimal network impact
Best Practice
- daily - run scan on the network to discover new hosts
- use scan scheduling to automatically discover assets
- do not scan through firewall
- if icmp is not disabled on network devices, a discovery scan can cause false positives and other issues
- If has to scan through firewall
- ensure firewall is correctly configured to allow Scanner
- Disable ICMP in Discovery scan
Options
- customize host discovery scans based upon network need
- Configurate a host discovery scan to perform OS identitifation and port scanning
- Ping/scanning customization: Adjust Ping settings to avoid false positives and prevent interfering with hosts
- Tune a scan to improve performance
- For port scan tuning, if it is for speed, choose only SYN, leave TCP and UDP disabled.
- based on scanner's hardware resources, tune Advanced-Max simultaneous checks (various options) for speed, accuracy and thoroughness
- Nessus Global Scan settings - Nessus Scanner settings can impact performance
Analysis
Create a tag
Tags:
- Asset Assessed - True/False
- OS : is equal to (Use Wildcards!)
- Source : is equal to
Alternative Host Discovery
- Third Party Integrations (ServiceNow, FireMon, Noetic)
- CMDB
- Asset Discovery
- Cloud Connectors
- AWS, Azure, GCP
Alternative Host Discovery - Tenable Nessus Network Monitor (NNM)
Main Steps:
- Deploy Tenable Nessus Scanner (Internal) or Cloud Scanner (Public IP)
- Policy : Discovery Scan
- Scan targets
- Scan schedule (Optional)
Vulnerability Assessment
A comparison between "Basic Network Scan" and "Advanced Scan"
https://community.tenable.com/s/article/What-are-the-differences-between-the-Basic-Network-Scan-and-Advanced-Scan?language=en_US
Settings |
Basic Network Scan |
Advanced Scan |
| Allows plugins to be enabled or disabled | No | Yes |
| Allows audits to be added to the scan | No | Yes |
| Default Max simultaneous hosts per scan | 30 | 5 |
| Default Network Timeout | 5 | 5 |
| Default Simultaneous checks per hosts | 4 | 5 |
| Default Port scan range | Common ports | Default ports |
| Default CGI scanning | Disabled | Disabled |
| Default methods for Host Discovery |
|
|
| Default Paranoina level (a.k.a. Override normal accuracy) |
Normal | Normal |
Table 1: Summary of capabilities between Web Application Scanning and legacy Nessus WAS scans.
Features |
Web Application Scanning |
Legacy Nessus WAS |
| VM & WAS Unified Visibility | Yes | - |
| Safe Scanning | Yes | - |
| Advanced Authentication | Yes | No |
| Manual Crawling | Yes | No |
| OWASP Top 10 Project Support | Yes | No |
| Known Vulnerability Detection | - | Yes |
| Unknown Vulnerability Detection | Yes | - |
| Modern Framework Support | Yes | No |
| High Detection Accuracy | Yes | - |
Table 2: Details of capabilities between Web Application Scanning and legacy Nessus WAS
https://community.tenable.com/s/article/What-s-the-difference-between-Tenable-io-WAS-and-Legacy-Nessus-WAS?language=en_US
Features |
Web Application Scanning |
Legacy Nessus WAS |
| VM & WAS Unified Visibility | Web application assets are integrated with the same dashboards as other assets automatically for unified visibility. | Web application assets can be integrated into Tenable.sc by creating additional filters to customize the dashboard. |
| Safe Scanning | Users can create a list of blocked URLs to exclude from scans and define customized scan performance thresholds to avoid application disruption. | Users need to define customized scan performance thresholds to avoid application disruption. |
| Advanced Authentication | Supports a broad range of authentication options such as forms, cookies, NTLM, and Selenium scripts to address most web application requirements. Automatically detect when authentication is required and validate when authentication has been successfully configured. | Supports only login forms and cookie-based authentication. The product is unable to automatically detect or validate successful authentication. |
| Manual Crawling | Records manual crawling of web applications using Selenium to assess and validate user-defined workflows. This is an important capability for assessing Single Page Applications. | Manual crawling is not available. |
| OWASP Top 10 Project Support | The product is purpose-built for the OWASP Top 10 and provides out-of-the-box vulnerability assessment and reporting aligned to OWASP risk categories. | OWASP Top 10 is not supported out-of-the-box. Users can create custom dashboards to manually align specific vulnerabilities to OWASP risk categories. |
| Known Vulnerability Detection | Detects known or specified vulnerabilities related to Content Management Systems (WordPress, Joomla!, And Drupal). CVE plugins supporting web application servers, language engines, web frameworks, and JavaScript libraries are also available. | Supports a leading range of known or specified vulnerabilities based on CVE plugins. |
| Unknown Vulnerability Detection | Detects unknown or generic vulnerabilities in support of OWASP Top 10 without the need for specific CVE plugins. | Provides detection of generic cross-site scripting and injection vulnerabilities in support of OWASP Top 10. |
| Modern Framework Support | Supports web applications built with modern web frameworks such as HTML5, JavaScript, AJAX, and Single Page Applications, as well as traditional web frameworks. | Modern web framework support is not available. |
| High Detection Accuracy | Leading vulnerability detection accuracy with minimal false positives and negatives across all web applications. | Strong vulnerability detection accuracy across web applications built using traditional frameworks. |
Best Practice
Options
- Reporting and Advanced Options
- Plugins
Agents
Compiance Assessment
Vulnerability Analysis
TenableCore Tenable NNM - Nessus Network Monitor
TenableCore Tenable Nessus
You can use the Tenable Core operating system to run an instance of Tenable Nessus in your environment. After you deploy Tenable Core + Tenable Nessus, you can monitor and manage your Tenable Nessus processes through the secure Tenable Core platform.
To deploy Tenable Core + Tenable Nessus as a VMware virtual machine:
-
Download the Tenable Core Nessus VMware Image file from the Tenable Downloads page.
- Open your VMware virtual machine in the hypervisor.
- Import the Tenable Core + Tenable Nessus VMware .ova file from your computer to your virtual machine. For information about how to import a .ova file to your virtual machine, see the VMware documentation.
- In the setup prompt, configure the virtual machine to meet your organization's storage needs and requirements, and those described in System and License Requirements.
-
Launch your Tenable Core + Tenable Nessus instance.
The virtual machine boot process appears in a terminal window.
References
- What are the differences between the "Basic Network Scan" and "Advanced Scan"
- What's the difference between Web Application Scanning and Nessus Legacy WAS?
- Troubleshooting credentialed scanning on Windows
What ports are required for Tenable products? - How to check the SSL/TLS Cipher Suites in Linux and Windows
- Useful plugins to troubleshoot credential scans
版权声明:
作者:zhangchen
链接:https://www.techfm.club/p/148420.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。
THE END
二维码
共有 0 条评论