TOC & Recently Viewed

Recently Viewed Topics

Nessus Network Manager

Tenable Nessus Network Manager (NNM) is a network discovery and vulnerability analysis software solution that delivers continuous network listening, profiling, and monitoring in a non-intrusive manner.

The Nessus Network Manager monitors network traffic at the packet layer to determine topology, services, and vulnerabilities and is tightly integrated with Tenable’s SecurityCenter and Log Correlation Engine (LCE) to centralize both event analysis and vulnerability management for a complete view of your security and compliance posture.

NNM Plugin Families

The NNM has two sources of “plugin” information: the .prmx and .prm plugin libraries in the plugins directory and the operating system fingerprints in the osfingerprints.txt file.

Tenable distributes its passive vulnerability plugin database in an encrypted format. This file is known as tenable_plugins.prmx and can be updated on a daily basis, if necessary. NNM plugins that are written by the customer or third parties have the extension of .prm.

The following table summarizes the Tenable NNM plugin families:

Plugin Family Description
Backdoors Plugins that detect a variety of indications that a system or application has been compromised, and potentially backdoored for persistent access.
CGI A variety of plugins that check for the presence of CGI programs, web applications, and vulnerabilities associated with them.
Cloud Services Plugins that detect the use of cloud services such as Salesforce, Dropbox, and Amazon Cloud.
Database Passive detection of database software and associated vulnerabilities.
Data Leakage Plugins that look for signs of confidential information traversing the network (e.g., Social Security numbers).
DNS Servers Checks related to DNS servers and suspicious DNS traffic.
Finger Detection and vulnerabilities related to the Finger protocol.
FTP Clients Plugins that detect FTP client software and vulnerabilities associated with it.
FTP Servers Plugins that detect FTP servers and vulnerabilities associated with it.
Generic This family contains plugins that do not fit in the other families.
IMAP Servers Detection of Internet Message Access Protocol (IMAP) servers and associated vulnerabilities.
Internet Messengers Plugins that monitor for Instant Messenger software such as AIM, Yahoo Messenger, and ICQ.
Internet Services Checks that detect traffic to Internet services such as Facebook, Twitter, Netflix, XM radio, or offsite file storage.
IoT A set of plugins to detect traffic and vulnerabilities in Internet of Things (IoT) devices. IoT devices include thermostats, cameras, and other devices connected to a network for data collection and management.
IRC Clients A set of plugins to detect traffic and vulnerabilities in IRC client software.
IRC Servers A set of plugins to detect traffic and vulnerabilities in IRC servers.
Malware Plugins that detect the presence of malware as it traverses a network.
Mobile Devices Checks that look for any traffic or vulnerabilities related to mobile devices such as smart phones and tablets.
Operating System Detection Plugins that monitor traffic to detect the operating system of hosts on the network.
Peer-To-Peer File Sharing Checks that look for Peer-to-Peer traffic indicating file sharing activity.
Policy Detects traffic that may violate corporate policy such as pornography, questionable software, or the user of third-party services that may be of concern.
POP Server Detection of Post Office Protocol (POP) servers and associated vulnerabilities.
RPC Plugins that detect Remote Procedure Call traffic and associated vulnerabilities.
Samba Checks that look for Samba traffic, for file and print sharing.
SCADA Plugins that monitor for Supervisory Control And Data Acquisition (SCADA) devices, protocols, and vulnerabilities.
SMTP Clients A set of plugins to detect traffic and vulnerabilities in Simple Mail Transfer Protocol (SMTP) client software.
SMTP Servers A set of plugins to detect traffic and vulnerabilities in Simple Mail Transfer Protocol (SMTP) servers.
SNMP Checks related to the Simple Network Management Protocol (SNMP) for a wide variety of vendors and common configuration errors.
SSH Plugins that detect Secure Shell (SSH) traffic.
Web Clients A set of plugins to detect traffic and vulnerabilities in HTTP and HTTPS clients such as web browsers.
Web Servers

A set of plugins to detect traffic and vulnerabilities in web servers.

Note: Historically, NNM has used additional families for plugin organization that were deprecated at some point. Their plugins have been integrated into current families.

 

 

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.