Configuration

Required User Role: Administrator

To view your configuration settings, in the top navigation, click Settings & Information > MiscellaneousConfiguration.

The Mail Configuration page displays SMTP settings for all email-related Tenable Enclave Security functions. Click the Test SMTP Settings button to validate the settings.

Option Description Default

Host

The SMTP server host.

--

Port

The SMTP server port.

--

Authentication Method

The authentication method Tenable Enclave Security uses to connect to the SMTP server:

  • None - Tenable Enclave Security does not authenticate the connection.

  • Login - Tenable Enclave Security secures the connection with login authentication.

  • Plain - Tenable Enclave Security secures the connection with plain (username/password) authentication.

  • CRAM-SHA1 - Tenable Enclave Security secures the connection with CRAM-SHA1 authentication.

  • CRAM-MD5 - Tenable Enclave Security secures the connection with CRAM-SHA1 authentication.

--

Username

The username that Tenable Enclave Security uses to authenticate to the SMTP server.

Note: Type the Username in a format supported by your SMTP server (for example, [email protected] or domain\username).

--

Password

The password that Tenable Enclave Security uses to authenticate to the SMTP server.

--

Encryption

The email encryption type:

  • None - Tenable Enclave Security does not encrypt the email.

  • TLS - Tenable Enclave Security forces TLS encryption for the email.

  • SSL - Tenable Enclave Security forces SSL encryption for the email.

  • TLS, if available - Tenable Enclave Security uses TLS encryption if the receiving server is compatible.

--

Return Address

The email address that appear as the sender in the scan results email.

Note: Use a valid return email address for this option. If this option is empty or the email server requires emails from valid accounts, the email server cannot send the email.

--

Verify Peer

When enabled, Tenable Enclave Security requests peer verification for SMTP servers using SSL or TLS connections.

disabled

Verify Peer Name

When enabled, Tenable Enclave Security requests peer name verification for SMTP servers using SSL or TLS connections.

disabled

Allow Self Signed Certificates

When enabled, Tenable Enclave Security allows connections to the SMTP server using self-signed SSL certificates.

enabled

The Miscellaneous Configuration page displays options for the web proxy and syslog forwarding.

Web Proxy

Use these settings to configure a web proxy.

Option

Description

 Default

Host

The host URL (proxy hostname or IP address) of the web proxy server.

The hostname used must resolve properly from the Tenable Enclave Security host.

 --

Port

The port of the web proxy server.

 --

Authentication Type

The authentication type Tenable Enclave Security uses to connect to the web proxy server.

Select one of the following:

  • Basic - Tenable Enclave Security uses basic authentication, which encodes the username and password with Base64.

  • NTLM - Tenable Enclave Security uses NTLM authentication.

 --

Username

The username that Tenable Enclave Security uses to authenticate to the web proxy server.

 --

Password

The password that Tenable Enclave Security uses to authenticate to the web proxy server.

 --

Syslog

Use these settings to allow Tenable Enclave Security to send administrative log events to the local syslog service.

Option

Description

 Default

Enable Forwarding

Enables log forwarding options.

 disabled

Facility

Type the facility you want to receive the log messages.

 LOG_USER

Severity

Specifies which syslog message levels you want to forward: Informational, Warning, or Critical.

 Informational

The License Configuration page displays your license details, usage, and expiration dates. For information about licensing in Tenable Enclave Security, see Licenses.

The Plugins/Feed Configuration page displays the Plugin Detail Locale for Tenable Enclave Security and the feed and plugin update schedules.

Plugin Detail Locale

The local language plugin feature allows you to display portions of plugin data in local languages. When available, translated text displays on all pages where plugin details appear.

Select Default to display plugin data in English.

Note: Tenable Enclave Security cannot translate text within custom files. Upload a translated Active Plugins.xml file to display the file content in a local language.

For more information, see Configure Plugin Text Translation.

Schedules

Tenable Enclave Security automatically updates Tenable Enclave Security feeds, active plugins, passive plugins, and event plugins. If you upload a custom feed or plugin file, the system merges the custom file data with the data contained in the associated automatically updating feed or plugin.

You can upload tar.gz files with a maximum size of 1500 MB.

Update

Description

Tenable Security Center Feed

Retrieves the latest Tenable Security Center feed from Tenable. This feed includes data for general use, including templates (for example, dashboards, ARCs, reports, policies, assets, and audit files), template-required objects, some general plugin information, and updated VPR values.
Active Plugins

Retrieves the latest active plugins feed (for Tenable Nessus and Tenable Vulnerability Management scanners) from Tenable. Tenable Security Center pushes the feed to Tenable Nessus and Tenable Vulnerability Management scanners.
Passive Plugins

Retrieves the latest passive plugins feed from Tenable. Tenable Security Center pushes the feed to Tenable Nessus Network Monitor instances.
Event Plugins

Retrieves the latest event plugins feed from Tenable. Tenable Security Center uses the feed locally with Log Correlation Engine data but does not push the feed to Log Correlation Engine; Log Correlation Engine retrieves the feed directly from Tenable.
WAS Plugins Retrieves the latest Tenable Web App Scanning plugins from Tenable. Tenable Security Center pushes the feed to Tenable Web App Scanning instances.
TVDL Plugins

Retrieves the latest Container Security plugins from Tenable.

For more information, see Edit Plugin and Feed Settings and Schedules.

Use the Security section to define the Tenable Enclave Security user interface login parameters and options for account logins. You can also configure banners, headers, and classification headers and footers.

Option

Description

 Default

Session Timeout

The web session timeout in minutes.

 60

Maximum Login Attempts

The maximum number of user login attempts Tenable Enclave Security allows before locking out the account. To disable this feature, set the value to 0.

 20

Minimum Password Length

This setting defines the minimum number of characters for passwords of accounts created using the local TNS authentication access.

 3
Password Complexity

When enabled, user passwords must be at least 4 characters long and contain at least one of each of the following:

  • An uppercase letter
  • A lowercase letter
  • A numerical character
  • A special character

Note: After you enable Password Complexity, Tenable Enclave Security prompts all users to reset their passwords the next time they log in to Tenable Enclave Security.

Note: If you enable Password Complexity and set the Minimum Password Length to a value greater than 4, Tenable Enclave Security enforces the longer password requirement.

 disabled

Startup Banner Text

Type the text banner that appears before to the login interface.

 --
User Text Adds custom text to the bottom of the user profile menu. You can use the text to identify a company, group, or other organizational information (maximum 128 characters). --

Classification Type

Adds a header and footer banner to Tenable Enclave Security to indicate the classification of the data accessible via the software. The options are None, Custom, Unclassified, Confidential, Secret, Top Secret, and Top Secret – No Foreign.

If you select Custom, the following options appear:

  • Custom Text - Type the text that you want to appear in the banner (maximum 128 characters).

  • Text Color - Select the text color for the banner.

  • Background Color - Select the background color for the banner.

Note: Custom banners in reports are supported only for Arial Regular font.

Note: If you set Classification Type to an option other than None, users can only see the plain report styles. The Tenable report styles do not support the classification banners.

 None
Allow API Keys When enabled, allows users to generate API keys as an authentication method for Tenable Enclave Security API requests. For more information, see Enable API Key Authentication. disabled
Allow Session Management When enabled, allows administrators to set a session limit for all users. disabled
Session Limit

Specifies the maximum number of sessions a user can have open at once.

If you log in and the session limit has already been reached, Tenable Enclave Security notifies you that the oldest session with that username will be logged out automatically. You can cancel the login or proceed with the login and end the oldest session.

Note: This behavior is different for Common Access Cards (CAC) logins. Tenable Enclave Security does not check active sessions for CAC authentication.

 7
Disable Inactive Users

When enabled, Tenable Enclave Security disables user accounts after a set period of inactivity. You cannot use a disabled user account to log in to Tenable Enclave Security, but other users can use and manage objects owned by the disabled user account.

 disabled
Days Users Remain Enabled When you enable Disable Inactive Users, specify the number of inactive days you want to allow before automatically disabling a user account. 90
Login Notifications Sends notifications for each successful and failed login.