Reporting Tier (Tenable Security Center)

The primary purpose of the reporting tier was to allow for centralized analytics and reporting of data collected from the Tenable Nessus Agent operational tier (Tenable Vulnerability Management). Dashboards, analytics, reports, and Assurance Report Cards are leveraged on this tier.

Functions performed

The following processes and uses take place in the Reporting Tier (Tenable Security Center).

  • Tenable Vulnerability Management was added to Tenable Security Center as an “agent capable” scanner.
  • Agent scans in Tenable Security Center were configured to retrieve agent scan results from Tenable Vulnerability Management.
  • Analytics, dashboards, reports, and Assurance Report Cards in Tenable Security Center were leveraged for all assessment types (Agent and Network Scanning).

Considerations

  • Tenable recommended that ACME configure Tenable Security Center to retrieve agent scan results from Tenable Vulnerability Management the same day Tenable Vulnerability Management collects assessment results from agents. This configuration ensures that Tenable Security Center captures proper detection dates.
  • Tenable Security Center required additional data repositories to support the agent results. Tenable recommended that ACME establish two new repositories in Tenable Security Center for agent results, because repositories can only handle upwards of 50,000 assets each.
  • Tenable Security Center 5.7 introduced an agent-specific repository that leverages the agent UUID to better track uniqueness when results are imported into Tenable Security Center.
  • ACME needed to perform a full analysis on their current Tenable Security Center hardware configuration to determine if additional CPU/RAM/HDD was required for the additional data resulting from importing agent scan results.

Tier design

Design assumptions included:

  • ACME will establish two (2) repositories to store agent scan results.
  • ACME will establish 50-70 agent scans to retrieve agent scan results from Tenable Vulnerability Management.
  • ACME will balance each agent scan retrieval evenly across the two (2) new repositories.
  • ACME will evaluate current infrastructure to determine if additional CPU/RAM/HDD is required.