Tenable Vulnerability Management – Tenable.IO – Basic Usage

admin 好物分享

Tenable Vulnerability Management® (formerly known as Tenable.io) allows security and audit teams to share multiple Tenable NessusTenable Nessus Agent, and Tenable Nessus Network Monitor scanners, scan schedules, scan policies, and scan results among an unlimited set of users or groups.

Tenable Vulnerability Management can schedule scans, push policies, view scan findings, and control multiple Tenable Nessus scanners from the cloud. This enables the deployment of Tenable Nessus scanners throughout networks to both public and private clouds as well as multiple physical locations.

In this post, I am gonna show some basic steps to bring this popular Tenable Vulnerability Scanning tools into your environment as quick as I can. 

If need read more marterials, please go to Tenable Docs sit, Get Started with Tenable Vulnerability Management. You can use the following getting started sequence to configure and mature your Tenable Vulnerability Management deployment.

  1. Prepare a Deployment Plan
  2. Install and Link Scanners
  3. Configure Scans
  4. Additional Tenable Vulnerability Management Configurations
  5. Review and Analyze
  6. Expand


Diagram

While the main Tenable Vulnerability Management interface is hosted in the cloud, and scanners are placed where needed:

Compare with other Tenable Products

Tenable Security Center (Formerly Tenable.sc)

Whole Tenable.sc Architecture is hosted entirely on premise:

Essentially, this means that Tenable.sc customers are responsible for the hardware for the entire infrastructure, including data storage. The Tenable Vulnerability Management “console” (and data storage) is hosted in the cloud and is therefore Tenable's responsibility.


Your Tenable.sc is on-prem, with all your Nessus Pro scanners linked to Tenable.sc providing all the remote scanning of your network.

For devices which are not on your network (remote workstations) then you need to use Nessus Agents.

Tenable.sc does not directly support Nessus Agents, so you need a collector for your Agent data.

You can either use the older method of having your Nessus Agents communicate with Nessus Manager, which then forwards those to Tenable.sc

or you the modern way of use Tenable.io as your collector, and then Tenable.sc collecting the Agent data from Tenable.io. You do not login to Tenable.io, you still use Tenable.sc as your console.

image


Tenable One

Tenable One is an Exposure Management Platform to help organizations gain visibility across the modern attack surface, focus efforts to prevent likely attacks and accurately communicate cyber risk to support optimal business performance.

Tenable One Enterprise Products

All products in Tenable One Standard, plus:

Attack Path Analysis
Tenable Attack Surface Management

Tenable PCI ASV Scanning

Note: Tenable Vulnerability Management excludes PCI Quarterly External scan data from dashboards, reports, and workbenches intentionally. This is due to the scan's paranoid nature, which may lead to false positives that Tenable Vulnerability Management would otherwise not detect.

In Tenable PCI ASV, you can create the following scans using scan templates:

  • Vulnerability Management Scan using the Internal PCI Network Scan and PCI Quarterly External Scan templates

  • Tenable Web App Scanning scan using the PCI template

PCI DSS requires organizations to complete quarterly internal network scans, so you may also need to create a scan using the PCI Internal Network Scan template. However, you do not need to submit the internal network scan results for ASV review and validation.

Install Scanner in On-Prem Windows

Install Scanner in Cloud Environment - Azure

Install Scanner in Linux

Settings -> Sensors:

Linked Scanners:

Installing Nessus on Linux
Note: It will take a while (5 minuets) for scanner to be installed and linked to sensor.cloud.tenable.com:443
 root@u-20-1-test:~# curl -H 'X-Key: 0d169e0728bf08521839b3be97015d6061aace1a831f8c4a0ffef4ec03914f9c' 'https://sensor.cloud.tenable.com/install/scanner?name=scanner-name&groups=scanner-group' | bash % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ** Beginning Nessus installation process. **0 --:--:-- --:--:-- --:--:-- 0 100 9129 0 9129 0 0 18442 0 --:--:-- --:--:-- --:--:-- 18442 Downloading Nessus install package for Ubuntu. Installing Nessus. Selecting previously unselected package nessus. (Reading database ... 143634 files and directories currently installed.) Preparing to unpack Nessus-ubuntu1404_amd64.deb ... Unpacking nessus (10.5.3) ... Setting up nessus (10.5.3) ... HMAC : (Module_Integrity) : Pass SHA1 : (KAT_Digest) : Pass SHA2 : (KAT_Digest) : Pass SHA3 : (KAT_Digest) : Pass TDES : (KAT_Cipher) : Pass AES_GCM : (KAT_Cipher) : Pass AES_ECB_Decrypt : (KAT_Cipher) : Pass RSA : (KAT_Signature) : RNG : (Continuous_RNG_Test) : Pass Pass ECDSA : (PCT_Signature) : Pass ECDSA : (PCT_Signature) : Pass DSA : (PCT_Signature) : Pass TLS13_KDF_EXTRACT : (KAT_KDF) : Pass TLS13_KDF_EXPAND : (KAT_KDF) : Pass TLS12_PRF : (KAT_KDF) : Pass PBKDF2 : (KAT_KDF) : Pass SSHKDF : (KAT_KDF) : Pass KBKDF : (KAT_KDF) : Pass HKDF : (KAT_KDF) : Pass SSKDF : (KAT_KDF) : Pass X963KDF : (KAT_KDF) : Pass X942KDF : (KAT_KDF) : Pass HASH : (DRBG) : Pass CTR : (DRBG) : Pass HMAC : (DRBG) : Pass DH : (KAT_KA) : Pass ECDH : (KAT_KA) : Pass RSA_Encrypt : (KAT_AsymmetricCipher) : Pass RSA_Decrypt : (KAT_AsymmetricCipher) : Pass RSA_Decrypt : (KAT_AsymmetricCipher) : Pass INSTALL PASSED Unpacking Nessus Scanner Core Components... Created symlink /etc/systemd/system/nessusd.service → /lib/systemd/system/nessusd.service. Created symlink /etc/systemd/system/multi-user.target.wants/nessusd.service → /lib/systemd/system/nessusd.service. - You can start Nessus Scanner by typing /bin/systemctl start nessusd.service - Then go to https://u-20-1-test:8834/ to configure your scanner Applying auto-configuration. Starting Nessus. Waiting for Nessus to start and link... ...................... Auto-configuration complete. Nessus is now linked to sensor.cloud.tenable.com:443 root@u-20-1-test:~#

Linked Scanner:

Scanner Details:

Web Application Scanning

Choose Web Application Scanning Module from Drop down menu:

You can use Quick Actions - > Create a Web App scan 
There are a few scanning options / templates, such as PCI, API, Quick Scan, etc. Choose Quick Scan

Enter URL as your targets :

Infrastructure Scan (Vulnerability Management Scan)

Quick Actions - > Create a VM scan - > Basic Network Scan (A full system scan suitable for any host)

External Scan

Create a Scan - Basic Network Scan - > Scanner Type : Tenable Cloud Scanner 
Targets: <Public IP>, Domain Name / URL

Internal Scan:

If you have your installed internal scanner, you should be able to choose the one, as shown below, which we installed before. 

Report

From the three dots of each scan, choose Export:

You will have a few options for the exported report format:

Videos

 

Install and Configure Free Tenable Nessus Vulnerability Scanner in Windows:

References

  • https://cloud.tenable.com/

https://blog.51sec.org

版权声明:
作者:admin
链接:https://www.techfm.club/p/58345.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>