TOC & Recently Viewed

Recently Viewed Topics

Assets

Path: Assets

SecurityCenter assets are lists of devices (e.g., laptops, servers, tablets, phones, etc.) within a SecurityCenter organization. Assets can be shared with one or more users based on local security policy requirements.

You can add an asset to group devices that share common attributes. Then, you can use the asset during scan configuration to target the devices in the asset. Examples of common attributes include:

  • IP address ranges
  • hardware types
  • vulnerabilities
  • outdated software versions
  • operating systems

SecurityCenter supports template-based and custom assets. For more information, see Add an Asset from a Template and Add a Custom Asset.

Template-based Assets

Tenable provides asset templates that you can customize for your environment. Tenable-provided asset templates are updated via the SecurityCenter feed and visible depending on other configurations.

Custom Assets

SecurityCenter supports the following custom assets types: Static Assets, DNS Name List Assets, LDAP Query Assets, Combination Assets, Dynamic Assets, Watchlist Assets, and Import Assets

Static Assets

Static assets are lists of IP addresses. You can type IP addresses directly or upload a .txt file. You can use static assets immediately after configuration.

For example, if your organization assigns laptops within a defined IP address range, you can create a custom static asset for laptops using that IP address range.

Option Description

Name

A name for the asset.

Description

A description for the asset.
Tag A logical grouping for created asset objects. This reduces lengthy lists of assets with no logical grouping. Tags can be reused as desired and previously created tags will display in the tag option when subsequent assets are added. Objects shared with new users will retain the tag specified by the creator.

IP Addresses

IP addresses to include within the asset (20 K character limit). One IP address, CIDR address, or range can be entered per line.

Click Choose File to import a list of IP addresses from a saved file.

DNS Name List Assets

Option Description

Name

A name for the asset.

Description

A description for the asset.

DNS Names

The DNS hostnames for the asset to be based upon.

LDAP Query Assets

The LDAP Query asset type appears if an LDAP server is configured within your organization.

Option Description
Name A name for the asset.
Description A description for the asset.
LDAP Server

The LDAP server where you want to perform the query.

Note: If the LDAP server is configured to use a different DNS server than SecurityCenter, SecurityCenter cannot resolve hostnames retrieved from the LDAP server.

Note:SecurityCenter cannot retrieve more than one page of LDAP results. If SecurityCenter asset or user authentication queries are not retrieving all expected results, consider modifying your LDAP pagination control settings to increase the results per page.

Search Base The LDAP search base used as the starting point to search for specific LDAP data.
Search String This string may be modified to create a search based on a location or filter other than the default search base or attribute.
Generate Preview The preview query is displayed in the Results Preview section after clicking Generate Preview. The preview lists the LDAP data that matches the defined search string.

Combination Assets

Combination assets allow you to create an asset based on existing assets and the AND, OR, and NOT operators.

Option Description

Name

A name for the asset.

Description

A description for the asset.

Combination

This option accepts multiple existing assets utilizing the operators AND, OR, and NOT. Using these operators and multiple existing assets, new unique assets may be created. If the source assets change, the Combination asset updates to match the new conditions.

When this option is initially selected, the options of NOT and a list of existing assets are displayed. Selecting one of those options followed by a space will display the next valid option for building the asset and continue until the selections are complete. If the border for the combination option is red it is an indication that there is a problem in the logic of the query.

Dynamic Assets

Dynamic assets are flexible groups of condition statements that SecurityCenter uses to retrieve a list of devices meeting the conditions. SecurityCenter refreshes dynamic asset lists using the results from SecurityCenter scans. You cannot use dynamic assets until after SecurityCenter performs an initial discovery scan and retrieves a list of devices.

For example, in the asset above, SecurityCenter retrieves a list of Linux systems listening on TCP Port 80. For more information about constructing dynamic asset conditions, see Dynamic Assets.

Option Description

Name

A name for the asset.

Description

A description for the asset.

Asset Definition

Defines the rules for creating a dynamic asset list. Hovering over an existing rule will give the ability to add, edit, or delete a group or a rule to the definition.

Dynamic Asset Rule Logic

Valid Operators Effect

Plugin ID

is equal to

Value must be equal to value specified.

not equal to

Value must be not equal to value specified.

is less than

Value must be less than the value specified.

is greater than

Value must be greater than the value specified.

Plugin Text

is equal to

Value must be equal to value specified.

not equal to

Value must be not equal to value specified.

contains the pattern

Value must contain the text specified (e.g., ABCDEF contains ABC).

Posix regex

Any valid Posix regex pattern contained within “/” and “/” (example: /.*ABC.*/).

Perl compatible regex

Any valid Perl compatible regex pattern.

Operating System

is equal to

Value must be equal to value specified.

not equal to

Value must be not equal to value specified.

contains the pattern

Value must contain the text specified (e.g., ABCDEF contains ABC).

Posix regex

Any valid Posix regex pattern contained within “/” and “/” (e.g., /.*ABC.*/).

Perl compatible regex

Any valid Perl compatible regex pattern.

IP Address

is equal to

Value must be equal to value specified.

not equal to

Value must be not equal to value specified.

DNS, NetBIOS Host, NetBIOS Workgroup, MAC, SSH v1 Fingerprint, SSH v2 Fingerprint

is equal to

Value must be equal to value specified.

not equal to

Value must be not equal to value specified.

contains the pattern

Value must contain the text specified (e.g., 1.2.3.124 contains 124).

Posix regex

Any valid Posix regex pattern contained within “/” and “/” (e.g., /.*ABC.*/).

Perl compatible regex

Any valid Perl compatible regex pattern.

Port, TCP Port, UDP Port

is equal to

Value must be equal to value specified.

not equal to

Value must be not equal to value specified.

is less than

Value is less than value specified.

is greater than

Value is greater than the value specified.

Days Since Discovery, Days Since Observation

is equal to

Value must be equal to value specified. Scroll arrows are provided to allow for entry selection or the value can be manually entered. Max 365.

not equal to

Value must be not equal to value specified. Scroll arrows are provided to allow for entry selection or the value can be manually entered. Max 365.

is less than

Value is less than value specified. Scroll arrows are provided to allow for entry selection or the value can be manually entered. Max 365.

is greater than

Value is greater than the value specified. Scroll arrows are provided to allow for entry selection or the value can be manually entered. Max 365.

where Plugin ID is

Any valid Plugin ID number. Multiple Plugin IDs may be entered using a range and/or comma separated Plugin IDs (e.g., 3, 10189, 34598, 50000-55000, 800001-800055).

Severity

is equal to

Value must be equal to value specified (info, low, medium, high, or critical).

not equal to

Value must be not equal to value specified (info, low, medium, high, or critical).

is less than

Value must be less than the value specified (info, low, medium, high, or critical).

is greater than

Value must be greater than the value specified (info, low, medium, high, or critical).

where Plugin ID is

Any valid Plugin ID number. Multiple Plugin IDs may be entered using a range and/or comma separated Plugin IDs (e.g., 3, 10189, 34598, 50000-55000, 800001-800055).

Exploit Available

Is

Click True or False in the drop-down box.

Exploit Frameworks

is equal to

Value must be equal to value specified.

Is not equal to

Value must not be equal to value specified.

contains the pattern

Value must contain the pattern entered.

XRef

Value must be in the XRef option.

Watchlist Assets

A watchlist is an asset that is used to maintain lists of IPs not in the user’s managed range of IP addresses. IPs from a watchlist can be filtered on regardless of your IP range configuration. This proves to be beneficial when analyzing event activity originating outside of the user’s managed range. For example, if a block of IP addresses is a known source of malicious activity, it could be added to a Malicious IPs watchlist and added to a custom query.

Note: Watchlists only uses event data to create the asset list.

Option Description

Name

A name for the asset.

Description

A description for the asset.

IP Addresses

IP addresses to include within the asset list (20 K character limit). One address, CIDR address, or range can be entered per line.

Click Choose File to import a list of IP addresses from a saved file.

Import Assets

Option Description

Name

The asset name.

Asset

Click Choose File to choose the asset that was previously exported for import into SecurityCenter.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.