TOC & Recently Viewed

Recently Viewed Topics

Dashboards

The dashboards page displays vulnerability and event data using various predefined components. View the Dashboard page by simply logging in or selecting Dashboard from the Dashboard menu item.

Tip: Because components draw from vulnerability, event, and other data sources, it is advisable to create and configure data sources before adding any components.

The Dashboard page is configured with one or more dashboards that contain different views and layouts populated with components including tables and custom charts (e.g., bar, line, area, pie, and matrix). The dashboard tables and charts are fully customizable and allow data to be retrieved from various sources using a wide variety of configurations. Each of these component types allow you to view the vulnerability, event, ticket, user, and alert data in a way that provides instant analysis of the important data anomalies with the ability to drill into the underlying data set for further evaluation (vulnerability and event data only).

Dashboard elements can also be shared between users or exported/imported to another SecurityCenter as required.

SecurityCenter utilizes a matrix layout that provides for customizable displays based on the intersection of row and column data. These displays can integrate if-then-else logic to vary the display depending on the current state of the underlying data set.

SecurityCenter provides many dashboard templates. The SecurityCenter feed provides new and updated dashboard templates created by Tenable’s team based on industry standards and customer requests.

For examples of SecurityCenter dashboards, please visit the SecurityCenter Dashboard blog at http://www.tenable.com/sc-dashboards.

Working with Dashboards

Dashboards allow SecurityCenter users to organize and consolidate components by named collections. For example, instead of having twenty discrete dashboard components on the initial login display, it is helpful to create multiple dashboards grouped by function, each with a subset of components. One dashboard could contain five components that are related to active scanning, a second one could contain seven more related to passive scanning, and so on. This collection of components allows for a more focused security analysis with the ability to drill into the desired data quickly and without confusion. The dashboard view can be changed by selecting the preferred dashboard from the Switch Dashboard drop-down box.

Adding Dashboards

To create a new dashboard, click Options > Add Dashboard on the right side of the Dashboard page.

A new window displays the list of available dashboard template categories, along with options to create a custom dashboard or import a dashboard.

Select categories by clicking on the box, which displays a list of available dashboards. Once chosen, a selection of template names and descriptions appear along with a choice of sub-categories to further narrow the list. When viewing the details of a template, many options, including the name, description, schedule, and systems to focus the dashboard on, may be customized before adding it to your dashboard collection. Select the Add button at the bottom of a dashboard template to add that template to the dashboard.

If Import Dashboard is selected, a dialog window appears. This window provides options to name the dashboard and browse to the dashboard file to be imported from the local computer. After the selections are completed, click the Submit button to create the new dashboard.

If Advanced is selected, a window opens to provide the name, description, and layout of the new dashboard. Submit this information to create the dashboard. Select the new dashboard from the Switch Dashboard menu to display a blank dashboard and allow for editing of the dashboard to add components. The components may be selected from the templates already provided or by creating a custom component.

See Working with Components for information about how to create, edit, and delete custom dashboard components.

Add Component

Click on Add Component to display the list of available dashboard component template categories. Click on the box to select a category and display a list of available components. Once chosen, a selection of template names and descriptions appear and a choice of sub-categories may be available to further narrow the list. Select an individual template to open the properties of the component to provide details. The Name, Description, [update] Schedule, and focus of the data may be modified. Click the Add button at the bottom to add the component to the currently selected dashboard.

In the Actions section, you can create custom charts and graphs to add as a component of the dashboard.

See Working with Components for information about how to create, edit, and delete custom dashboard components.

Options

Option Description

Add Dashboard

This option allows you to add a new dashboard to SecurityCenter. New dashboards may be created from templates or created by adding individually created components to the page.

Manage Dashboards

This option displays a list of available dashboards. This list helps to easily view pertinent information about their permissions, availability status, and last modification time. The list may be narrowed using the filters option. Click the gear icon on the right of the dashboard information to enable a menu to access the view, edit, share, export, copy, and delete functions. The Options drop-down menu provides the ability to import dashboards is available or the ability to change back to the dashboard view.

Export Dashboard (Available from the Manage Dashboards page)

Dashboards can be exported as XML files for use on other SecurityCenter systems. This is particularly useful where complex component definitions have been created and must be used in other locations. This function provides three options for component objects:

  • Remove All References – all object references are removed, altering the definitions of the components. Importing users do not need to make any changes for components to be useable.
  • Keep All References – object references are kept intact. Importing users must be in the same organization and have access to all relevant objects for the components to be useable.
  • Replace With Placeholders – object references are removed and replaced with their respective names. Importing users see the name of the reference object, but need to replace it with an applicable object within their organization before the component is useable.
Note: Due to changes in the dashboard XML file formats over SecurityCenter versions, exported dashboards are not always compatible for import between SecurityCenter versions.
Add Component This option allows you to add individual components to the selected dashboard. Components may be added using available templates or creating a custom component.
Edit Dashboard This option allows the user to edit an existing dashboard based on the options available in the dashboard configuration. These include the name, description, and layout of the dashboard.
Share Dashboard

Use this function to share a Dashboard with any group in your current organization. Revoking a previously shared Dashboard may also be performed using this option.

Additional steps must be taken to view a shared Dashboard.

Send to Report This options allows you to create a report from the Dashboard. Click this option to display a new window with options to name the report, provide a description, and determine the frequency (on demand, now, once, daily, weekly, or monthly) for running the report. Click Submit to create the report. A green report confirmation window appears at the bottom of the window with a link to view the report. The newly created report can also be viewed by clicking the Report option in the main menu.

Set as Default

This option sets the Dashboard currently being used as the default dashboard for future visits to the page.

Delete Dashboard Delete the selected dashboard.

Working with Custom Components

You can create custom components for dashboards. The components are various types of charts; Table, Bar, Pie, Line, Area, and Matrix. After selecting the desired component, options for data source and display must be entered to complete the process. The tables below show available options for each component type:

Table Option Description

General

Name

A name for the chart.

Description

A description for the chart.

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Type

Vulnerability, Mobile, Event, Ticket, Alert, or User.

Source

For vulnerability data type, sources include Cumulative or Mitigated depending on the desired data source. For event type, the source defaults to Active.

Note: The Source option is not available because only active event data is permitted for event-based components.

Tool

Determines the analysis tool to use for creating the chart.

Filters

Additional filters to use on the data source.

Display

Results Displayed

The number of displayed results (maximum: 999). If the Viewport Size setting is smaller than this setting, the results display is limited to the Viewport Size setting with a scrollbar to display the additional results.

Viewport Size

The number of records (maximum: 50) to display along with a scrollbar to handle additional records. For example, if Results Displayed is set to 100 and Viewport Size is 15, 15 records are displayed with a scrollbar to view the additional 85 records.

Sort Column

(Except Event Data Type) Column that the results are sorted by.

Sort Direction

(Except Event Data Type) Descending (default) or Ascending.

Display Columns

Desired columns to be shown in the component output.

 

Bar Option Description

General

Name

A name for the chart.

Description

A description for the chart.

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Type

Vulnerability, Mobile, Event, Alert, or Ticket.

Source

For vulnerability data type sources, include Cumulative or Mitigated depending on the desired data source. For event type, the source defaults to Active.

Note: The Source option is not available because only active event data is permitted for event-based components.

Tool

Determines the analysis tool to use for creating the chart.

Filters

Additional filters to use on the data source.

Display

Results Displayed

The number of displayed results (maximum: 100).

Sort Column

(Vulnerability/Ticket Data Type only) Column that the results are sorted by.

Sort Direction

(Vulnerability/Ticket Data Type only) Descending (default) or Ascending.

Display Column

Desired column shown in the component output.

 

Pie Option Description

General

Name

A name for the chart.

Description

A description for the chart.

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Type

Vulnerability, Mobile, Event, or Ticket

Source

For vulnerability data type sources If Data Type of Vulnerability is chosen, sources include: Cumulative or Mitigated depending on the desired data source. For event type, the source defaults to Active.

Note: The Source option is not available because only active event data is permitted for event-based components.

Tool

Determines the analysis tool to use for creating the chart.

Filters

Vulnerability, Event, or Ticket filters used to narrow down the series source.

Display

Results Displayed

The number of displayed results (default: 10).

Sort Column

Column that the results are sorted by.

Sort Direction

Descending (default) or Ascending.

Display Columns

Desired columns shown in the component output.

 

Line/Area Option Description

General

Name

A name for the chart.

Description

A description for the chart.

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Date Type

The date type can be relative to the current time when the chart is loaded or an absolute time frame that is the same on each page visit.

Date Range

Available options include:

  • Last Minutes – 15, 20, 30
  • Last Hours – 1, 2, 4, 6, 12, 24 (default), 48, 72
  • Last Days – 5, 7, 25, 50
  • Last Months – 3, 6, 12

Add/Edit Series

Name

Series name

Data

Data Type

Note: For line/area charts, vulnerability data analysis often requires that the underlying repository be a trending repository. If the selected repository is not a trending repository, no historical analysis is available.

Vulnerability or Event.

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Filters

Filters used to narrow down the series source.

Display

Series Data

Data to display in the chart (Total, Info, Low, Medium, High, Critical).

 

Matrix Option Description

General

Name

A name for the chart.

Description

A description for the chart.

Cells

Size

Creating a Matrix chart starts with defining the size. The matrix default is 4 columns by 4 rows, but may be any size from 1 column by 1 row to 10 columns by 10 rows. Click the Generate Cells link to create the initial blank matrix which may be populated and further defined with settings described below.

Column

(max 10)

Columns are normally used to define a group of vulnerability, mobile, event, ticket, user, or alert data. For example, five columns could be used in a matrix component, one each for critical, high, medium, low, and informational vulnerabilities. Hover the cursor over the right-hand side of the top cell of a column to display a drop-down box.

The header drop-down box contains three options: Edit Header, Delete Cells, and Copy.

Click on the Edit Header option to set the column name and update frequency. The update frequency determines how often the underlying data set is refreshed. Refreshing the data more often is useful for seeing a more current view of the data; however, it can have a detrimental effect on system performance. Matrix columns are updated as clusters and not individually. For example, if column A and C have an update frequency of Daily and column B has an update frequency of Every 12 Hours, columns A and C update together and column B updates by itself. This means that if there is a missing query in column A, column C does not update. However, if there is a missing query in column B, columns A and C update.

Click on Delete Cells to delete the column of cells. There is not a confirmation window.

Click on Copy to copy the current column, which may then be edited as needed. Once 10 columns exist, the Copy option is no longer available.

Row

(max 10)

Rows are another grouping element, used to define the operations being performed against each column element for that row. For example, if each column determines the vulnerability type (critical, high, medium, low, and informational), a row could be created labeled Ratio. Each cell in that row could be used to calculate the ratio of the particular vulnerability type count against the total vulnerability count.

Hover the cursor over the right-hand side of the cell in a row entry to display a drop-down box. The box contains options to Edit Header, Delete Cells, and Copy.

Click on Edit Header to change the header name for the row.

Click on Delete Cells to delete the row of cells. There is not a confirmation window.

Click on Copy to copy the current row, which may then be edited as needed. Once 10 rows exist, the Copy option is no longer available.

Editing Cells

Cells contain the actual data operations. Cells are defined by query and condition options. Click on a cell to modify the cell definition. The options are described below:

Query Options

Option Description

Data

Type

Available types include: Query Value, Static Text, Icon, Bar, and Ratio

Data Type

Available data types include vulnerability, mobile, event, ticket, alert, and user. The query value rules displayed in the condition section are dynamically defined by the data type used. For example, if a data type of Event is chosen, query value rules include Event Count, IP Count, or Port Count.

Filters

Filter the data based on specific parameters.

Rules

Type

Available types include: Query Value, Static Text, Icon, Bar, and Ratio.

Rule

Note: Bar and Ratio charts use ratios rather than counts in the lists below.

  • Vulnerability: IP Count, Port Count, Score Count, and Vulnerability Count
  • Mobile: Vulnerability Count, Device Count, and Score Count
  • Event: IP Count, Port Count, Score Count, and Event Count
  • Ticket: Ticket Count
  • Alert: Alert Count
  • User: User Count

Display Options

The display options determine the background and foreground colors along with any custom text, if applicable.

Rules

There are two basic types of rules in a matrix cell definition: the default (or fallback) rule and rule(s) that are added. By default, a single editable rule is added to each cell definition. This rule cannot be deleted and describes what appears in the cell if no other conditions have been defined or triggered. A default condition looks similar to the following:

This rule can be edited to display any of the available display options. Added rules may look similar to the following:

When hovered over, a rule displays an edit and a delete icon. To save edits to a rule, click the checkmark icon or click the x icon to cancel the changes.

Rules are reviewed from top to bottom and trigger the display rule on the first rule match. Once a rule triggers, none of the subsequent rules are reviewed. If none of the added rules match, the default rule is automatically performed.

Creating a Simple Matrix Component

The matrix component has a great deal of power and functionality. The following matrix component is an example of a simple matrix component:

This shows percentages of hosts with exploitable vulnerabilities over the last 7 days and the exploit frameworks that can be used to exploit them.

Modify and use the steps below based on your dashboard needs.

To create a simple matrix component:

  1. Open the dashboard you want to modify.

  2. Click the Options drop-down box.
  3. Click Add Component.

    The Add Component page appears.

  4. In the Custom section, click Matrix.

    The Add Matrix Component page appears.

  5. Type a Name for the component.
  6. Type a Description you want to appear when hovering the over the component.
  7. In the Cells section, select the number of Columns and Rows for the matrix.

    For example, 5 columns and 3 rows.

  8. Click Generate Cells.

    The matrix editor appears.

  9. Hover over the column and row header cells and click the gear icon drop-down menu.

  10. Click Edit Header.
  11. Type a Label for the column or row header.
  12. Click Submit.

    The matrix editor appears, with the new header label displayed.

  13. Repeat the header label steps for the other header cells.
  14. Hover over the body cells and click the edit icon.

    The Add Matrix Component page appears.

  15. Customize the matrix component options.

    For example, this matrix component displays Vulnerability data by a ratio from the Cumulative database. The numerator filters are looking for vulnerabilities that have an exploit available with a Critical severity and were discovered within the last 7 days. The Denominator filters are for vulnerabilities that have a Critical severity and were discovered within the last 7 days. The rules are looking for percentages of the vulnerabilities that match and designate the ratio value with the corresponding color based on the percentages found.

  16. Repeat the body cell steps for the other body cells.

    In the example above, the other cells are similar with many of the same rules. The differences are adding a Numerator filter to include the Exploit Framework we are looking for and a Denominator filter for the Exploit Available option.

  17. Click Submit.

    The matrix element appears.

For more information about configuring matrix components and to download samples, visit the Tenable™ SecurityCenter Dashboards blog: http://www.tenable.com/sc-dashboards.

Copy Component Options

In addition to adding and editing components, components can be copied to the current or different Dashboard. Click on the gear icon in the top right corner of the component and choose Copy to bring up a copy component window over the existing component.

The Copy option gives the user the ability to change the name of the component and the option of choosing the destination Dashboard from the drop-down menu where the component is copied.

Navigating the Dashboard Components

SecurityCenter users have several options when interacting with dashboard components. Hover over a component to display a gear icon drop-down menu and, when applicable, an arrow, both in the top right of the component. The gear icon contains options to Edit, Refresh, Copy, and Delete the component. The arrow allows users to browse the component dataset behind the broader numbers presented in the dashboard component. Click the browser’s back button to return to the Dashboard view.

Note: Various dashboards do not provide the browse option because their underlying data snapshot source does not support browse capability.

Reorder dashboard components by clicking and holding the title bar, then dragging it to the new desired position on the page.

The Refresh option refreshes the component data based on the most recent underlying data. A circular icon in motion appears as the component updates.

The Delete option deletes the component from the dashboard. When selected a window opens asking for confirmation of the deletion of the component. The action cannot be undone.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.