TOC & Recently Viewed

Recently Viewed Topics

Configuration Settings

Path: System > Configuration

The configuration menu includes the following settings:

Data Expiration Settings

Data expiration determines how long SecurityCenter retains acquired data.

Option

Description

Active

The number of days you want SecurityCenter to retain active or agent scan vulnerability data stored in IP repositories. The default value of this option is 365 days.

Passive

The number of days you want SecurityCenter to retain PVS vulnerability data stored in IP repositories. The default value of this option is 7 days.

Event

The number of days you want SecurityCenter to retain LCE event data stored in IP repositories. The default value of this option is 365 days.

Compliance

The number of days you want SecurityCenter to retain audit compliance data stored in IP repositories. The default value of this option is 365 days.

Mitigated

The number of days you want SecurityCenter to retain mitigated vulnerability data. The default value of this option is 365 days.

Closed Tickets

The number of days you want SecurityCenter to retain closed tickets. The default value of this option is 365 days.

Scan Results

The number of days you want SecurityCenter to retain scan results. The default value of this option is 365 days.

Report Results

The number of days you want SecurityCenter to retain report results. The default value of this option is 365 days.

External Schedules Settings

The SecurityCenter external schedule settings are used to determine the update schedule for the common tasks of pulling PVS data, IDS signature updates, and IDS correlation updates.

Option

Description

Pull Interval

This option configures the interval that SecurityCenter will use to pull results from the attached PVS instances. The default setting is 1 hour. The timing is based from the start of the SecurityCenter service on the host system.

IDS Signatures

Frequency to update SecurityCenter IDS signatures via third-party sources. The schedule is shown along with the time zone being used.

IDS Correlation Databases

Frequency to push vulnerability information to the LCE for correlation. The schedule is shown along with the time zone being used.

Each of the update schedule times may also be configured to occur by time in a particular time zone, which can be selected via the Time Zone link next to each hour selection.

Mail Settings

The Mail option designates SMTP settings for all email related functions of SecurityCenter. Available options include SMTP host, port, authentication method, encryption, and return address. In addition, a Test SMTP Settings link is displayed in the top left of the page to confirm the validity of the settings.

Note: The Return Address defaults to noreply@localhost. Use a valid return email address for this option. If this option is empty or the email server requires emails from valid accounts, the email will not be sent by the email server.

Miscellaneous Settings

The Miscellaneous Configuration area offers options to configure settings for web proxy, syslog, notifications, and enable or disable a variety of reporting types that are encountered and needed only in specific situations.

Web Proxy

From this configuration page, a web proxy can be configured by entering the host URL (proxy hostname or IP address), port, authentication type, username, and password. The host name used must resolve properly from the SecurityCenter host.

Syslog

The Syslog section allows for the configuration and sending of SecurityCenter log events to the local syslog service. When Enable Forwarding is enabled, the forwarding options are made available for selection. The Facility option provides the ability to enter the desired facility that will receive the log messages. The Severity option determines which level(s) of syslog messages will be sent: Informational, Warning, and/or Critical.

Notifications

The Notifications section defines the SecurityCenter web address used when notifications are generated for alerts and tickets.

Report Generation

Among the reporting standards for the Defense Information Systems Agency (DISA) are the Asset Report Format (ASR) and the Assessment Results Format (ARF) styles. Additionally, there is CyberScope reporting utilizing Lightweight Asset Summary Results Schema (LASR) style reports used by some segments of governments and industry. These formats are typically used only by select groups and organizations for specific needs that do not apply to many organizations.

You must enable the Enable DISA ARF, Enable DISA ASR, and Enable Cyberscope sliders to allow users to choose these report types during report creation. For more information, see Reports.

License Settings

The License Configuration section allows you to configure licensing and activation code settings for SecurityCenter and all attached Tenable products.

For information about the SecurityCenter license count, see Licenses. To add a license, see Add a License.

Plugins/Feed Settings

The Plugins/Feed Configuration page displays the following information:

  • the Plugin Detail Locale for SecurityCenter.
  • the feed and plugin update (scanner update) schedules.

    Schedule

    Description

    SecurityCenter Feed

    Specifies the schedule for SecurityCenter to retrieve the latest SecurityCenter feed from Tenable.
    Active Plugins Specifies the schedule for SecurityCenter to retrieve the latest active plugins feed (for Nessus and Tenable.io scanners) from Tenable. SecurityCenter pushes the feed to Nessus and Tenable.io scanners.
    Passive Plugins Specifies the schedule for SecurityCenter to retrieve the latest passive plugins feed from Tenable. SecurityCenter pushes the feed to PVS instances.
    Event Plugins

    Specifies the schedule for SecurityCenter to retrieve the latest event plugins feed from Tenable. SecurityCenter uses the feed locally with LCE data but does not push the feed to LCE; LCE retrieves the feed directly from Tenable.

For more information, see Edit Plugin and Feed Settings and Schedules.

Custom Plugins

You can upload a custom plugin as a custom CA certificate file. All custom plugins must have unique Plugin ID numbers and have family associations based on existing SecurityCenter families.

Note:

Custom plugin uploads must now be a complete feed. In order to upload custom plugins the provided tar.gz file must include the relevant NASLs and a custom_feed_info.inc file comprised of the following two lines:

PLUGIN_SET = "201202131526";

PLUGIN_FEED = "Custom";

The administrator user must manage this file and update the PLUGIN_SET option for each upload. The PLUGIN_SET format is YYYYMMDDHHMM.

For example, running the following command against the custom_feed_info.inc file and custom plugins in a directory will create a new tar and gziped uploadable archive file called custom_nasl_archive.tar.gz that contains both custom plugins:

# tar -cvzf custom_nasl_archive.tar.gz custom_feed_info.inc *.nasl

It is recommended that the custom_nasl_archive.tar.gz file be updated for each addition and update of custom NASLs.

For more information, see Upload a Custom CA Certificate.

Feed Schedules

SecurityCenter automatically updates SecurityCenter feeds, active plugins, passive plugins, and event plugins. If you upload a custom feed or plugin file, the system merges the custom file data with the data contained in the associated automatically updating feed or plugin.

You can upload tar.gz files or .xml files with a maximum size of 1500 MB. SecurityCenter supports .xml files only when the file contains translated content for use with the local language plugin feature.

For more information, see Edit Plugin and Feed Settings and Schedules.

Custom File Details

All custom plugins must have unique Plugin ID numbers and have family associations based on existing SecurityCenter families.

Custom plugin uploads must be a complete feed. In order to upload custom plugins the provided tar.gz file must include the relevant NASLs and a custom_feed_info.inc file comprised of the following two lines:

PLUGIN_SET = "201202131526";

PLUGIN_FEED = "Custom";

The administrator user must manage this file and update the PLUGIN_SET option for each upload. The PLUGIN_SET format is YYYYMMDDHHMM.

For example, running the following command against the custom_feed_info.inc file and custom plugins in a directory will create a new tar and gzip uploadable archive file called custom_nasl_archive.tar.gz that contains both custom plugins:

# tar -cvzf custom_nasl_archive.tar.gz custom_feed_info.inc *.nasl

It is recommended that the custom_nasl_archive.tar.gz file be updated for each addition and update of custom NASLs.

Plugin Detail Locale

The local language plugin feature allows you to display portions of plugin data in local languages. When available, translated text displays on all pages where plugin details are displayed.

Select Default to display plugin data in English.

SecurityCenter cannot translate text within custom files. You must upload a translated Active Plugins .xml file in order to display the file content in a local language.

For more information, see Configure Plugin Text Translation.

Security Settings

Use the Security section to define the SecurityCenter web interface login parameters and options for account logins. You can also configure banners, headers, and classification headers and footers.

Option

Description

Session Timeout

The web session timeout in minutes (default: 60).

Maximum Login Attempts

The maximum number of user login attempts allowed by SecurityCenter before the account is locked out (default: 20). Setting this value to 0 disables this feature.

Minimum Password Length

This setting defines the minimum number of characters for passwords of accounts created using the local TNS authentication access (default: 3).

Password Complexity Provides the option to enforce a minimum password length (4 characters) and the use of an upper case letter, lower case letter, numerical character, and special character.

Startup Banner Text

Type the text banner that is displayed prior to the login interface.

Header Text

Adds custom text to the top of the SecurityCenter user interface pages. The text may be used to identify the company, group, or other organizational information. The option is limited to 128 characters.

Classification Type

Adds a header and footer banner to SecurityCenter to indicate the classification of the data accessible via the software. Current options are None, Unclassified, Confidential, Secret, Top Secret, and Top Secret – No Foreign.

Sample header:

Sample footer:

Note: When set to an option other than None, the available report style for users will only show the plain report style types. The Tenable report styles do not support the classification banners.

Allow Session Management This setting is disabled by default. When enabled, the Session Limit option will appear. This feature displays the option that will allow the administrator user to set a session limit for all users.
Disable Inactive Users This setting disables accounts after a set period of inactivity. Type the number of days to keep the account active before disabling in the Days Users Remain Enabled option that appears when this option is switched on.
Session Limit

Any number entered here will be saved as the maximum number of sessions a user can have open at one time.

If you log in and the session limit has already been reached, you will be prompted with a warning that the oldest session with that username will be logged out automatically. You can cancel the login, or proceed with the login and end the oldest session.

Note: This behavior is different for CAC logins. The previously described behavior is bypassed as was the old login behavior.

Login Notifications Sends notifications for each time a user logs in.
FIPS Configuration Allows the user to enable or disable FIPS mode for communication. Transitioning from one mode to the other will require a restart.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.