TOC & Recently Viewed

Recently Viewed Topics

Dashboards

The dashboards page is the first screen displayed when you log in to the SecurityCenter user interface. It displays vulnerability and event data using various predefined components. The Dashboard can also be displayed by selecting Dashboard from the Dashboard menu item.

Tip: Because components draw from vulnerability, event, and other data sources, it is advisable to create and configure data sources before adding any components.

The Dashboard page is configured with one or more dashboards that contain different views and layouts populated with components including tables and custom charts (e.g., bar, line, area, pie, and matrix). The dashboard tables and charts are fully customizable and allow data to be retrieved from various sources using a wide variety of configurations. Each of these component types allows the user to view the vulnerability, event, ticket, user, and alert data in a way that provides instant analysis of the important data anomalies with the ability to drill into the underlying data set for further evaluation (vulnerability and event data only).

Dashboard elements can also be shared between users or exported/imported to another SecurityCenter as required.

SecurityCenter utilizes a matrix layout that provides for customizable displays based on the intersection of row and column data. These displays can integrate “if-then-else” logic to vary the display depending on the current state of the underlying data set.

There are many dashboard templates provided with SecurityCenter. The SecurityCenter feed provides new and updated dashboard templates created by Tenable’s team based on industry standards and customer requests.

For examples of SecurityCenter dashboards, please visit the SecurityCenter Dashboard blog at http://www.tenable.com/sc-dashboards.

Working with Dashboards

Dashboards allow SecurityCenter users to organize and consolidate components by named collections. For example, instead of having twenty discrete dashboard components on the initial login display, it is helpful to create multiple dashboards grouped by function, each with a subset of the components. One dashboard could contain five components that are related to active scanning, a second one could contain seven more related to passive scanning, and so on. This collection of components allows for a more focused security analysis with the ability to drill into the desired data quickly and without confusion. The dashboard view can be changed by selecting the preferred dashboard from the Switch Dashboard drop-down box.

Adding Dashboards

To create a new dashboard, click Options > Add Dashboard on the right side of the Dashboard page.

A new window displays the list of available dashboard template categories, along with options to create a custom dashboard or import a dashboard.

The categories may be selected by clicking on the box, which displays a list of available dashboards. Once chosen, a selection of template names and descriptions are listed and a choice of sub-categories is available to further narrow the list. When viewing the details of a template many options, including the name, description, schedule, and systems to focus the dashboard on, may be customized before adding it to your dashboard collection. Selecting the Add button at the bottom of a dashboard template will add that template will add the dashboard.

If Import Dashboard is selected, a dialog window will be displayed. This window provides options to name the dashboard and browse to the dashboard file to be imported from the local computer. After the selections are completed, clicking the Submit button will create the new dashboard.

If Advanced is selected, a window opens to provide the name, description, and layout of the new dashboard. After submitting that information, the dashboard is created. Selecting the new dashboard from the Switch Dashboard menu will display a blank dashboard and allow for editing of the dashboard to add components. The components may be selected from the templates already provided or by creating a custom component.

See Working with Components for information about how to create, edit, and delete custom dashboard components.

Add Component

Click on Add Component to display the list of available dashboard component template categories. The categories may be selected by clicking on the box, which displays a list of available components. Once chosen, a selection of template names and descriptions are listed and a choice of sub-categories may be available to further narrow the list. Selection of an individual template will open the properties of the component to provide details. The Name, Description, [update] Schedule, and focus of the data may be modified. Clicking the Add button at the bottom will add the component to the currently selected dashboard.

The Actions section allows for creating custom charts and graphs to add as a component of the dashboard.

See Working with Components for information about how to create, edit, and delete custom dashboard components.

The table below contains a detailed description of the available dashboard options.

Options

Option Description

Add Dashboard

This option allows you to add a new dashboard to SecurityCenter. New dashboards may be created from templates or created by adding individually created components to the page.

Manage Dashboards

This option displays a list of available dashboards. This list helps to easily view pertinent information about their permissions, availability status, and last modification time. The list may be narrowed using the filters option. Clicking the gear icon on the right of the dashboard information will enable a menu to access the view, edit, share, export, copy, and delete functions. From the Options drop-down menu the ability to import dashboards is available or the ability to change back to the dashboard view is provided.

Export Dashboard (Available from the Manage Dashboards page)

Dashboards can be exported as XML files for use on other SecurityCenter systems. This is particularly useful where complex component definitions have been created and must be used in other locations. This function provides three options for component objects:

  • Remove All References – all object references will be removed, altering the definitions of the components. Importing users will not need to make any changes for components to be useable.
  • Keep All References – object references will be kept intact. Importing users must be in the same organization and have access to all relevant objects for the components to be useable.
  • Replace With Placeholders – object references will be removed and replaced with their respective names. Importing users will see the name of the reference object, but will need to replace it with an applicable object within their organization before the component is useable.
Note: Due to changes in the dashboard XML file formats over SecurityCenter versions, exported dashboards are not always compatible for import between SecurityCenter versions.
Add Component This option allows you to add individual components to the selected dashboard. Components may be added using available templates or creating a custom component.
Edit Dashboard This option allows the user to edit an existing dashboard based on the options available in the dashboard configuration. These include the name, description, and layout of the dashboard.
Share Dashboard

Use this function to share a Dashboard with any Group in your current Organization. Revoking a previously shared Dashboard may also be performed using this option.

Additional steps must be taken to view a shared Dashboard.

Send to Report This options allows you to create a report from the Dashboard. Clicking this option will display a new screen providing the option to name the report, provide a description, and determine the frequency (on demand, now, once, daily, weekly, or monthly) for running the report. Click Submit to create the report. A green report confirmation window will display at the bottom of the screen with a link to view the report. The newly created report can also be viewed by clicking on the Report option in the main menu.

Set as Default

This option sets the Dashboard currently being used as the default dashboard for future visits to the page.

Delete Dashboard Delete the selected dashboard.

Working with Custom Components

Custom components can be created from the Add Component option. The components to be created are various types of charts; Table, Bar, Pie, Line, Area, and Matrix. After selecting the desired component, options for data source and display must be entered to complete the process. The tables below show available options for each component type:

Table Chart Option Description

General

Name

Chart name

Description

Chart description

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

 

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Type

Vulnerability, Mobile, Event, Ticket, Alert, or User

Source

For vulnerability data type, sources include Cumulative or Mitigated depending on the desired data source. For event type, the source defaults to Active.

Note: The Source option is not available because only active event data is permitted for event-based components.

Tool

Determines the analysis tool to use for creating the chart.

Filters

Additional filters to use on the data source.

Display

Results Displayed

The number of displayed results (Table Chart maximum: 999). If the Viewport Size setting is smaller than this setting, the results display is limited to the Viewport Size setting with a scrollbar to display the additional results.

Viewport Size

The number of records (maximum: 50) to display along with a scrollbar to handle additional records. For example, if Results Displayed is set to 100 and Viewport Size is 15, fifteen records are displayed with a scrollbar to view the additional 85 records.

Sort Column

(Except Event Data Type) Column that the results are sorted by.

Sort Direction

(Except Event Data Type) Descending (default) or Ascending

Display Columns

Desired columns to be shown in the component output.

 

Bar Chart Option Description

General

Name

Chart name

Description

Chart description

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Type

Vulnerability, Mobile, Event, Alert, or Ticket

Source

For vulnerability data type sources, include Cumulative or Mitigated depending on the desired data source. For event type, the source defaults to Active.

Note: The Source option is not available because only active event data is permitted for event-based components.

Tool

Determines the analysis tool to use for creating the chart.

Filters

Additional filters to use on the data source.

Display

Results Displayed

The number of displayed results (Bar Chart maximum: 100).

Sort Column

(Vulnerability/Ticket Data Type only) Column that the results are sorted by.

Sort Direction

(Vulnerability/Ticket Data Type only) Descending (default) or Ascending

Display Column

Desired column shown in the component output.

 

Pie Chart Option Description

General

Name

Pie chart name

Description

Pie chart description

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Type

Vulnerability, Mobile, Event, or Ticket

Source

For vulnerability data type sources If Data Type of Vulnerability is chosen, sources include: Cumulative or Mitigated depending on the desired data source. For event type, the source defaults to Active.

Note: The Source option is not available because only active event data is permitted for event-based components.

Tool

Determines the analysis tool to use for creating the chart.

Filters

Vulnerability, Event, or Ticket filters used to narrow down the series source.

Display

Results Displayed

The number of displayed results (default: 10).

Sort Column

Column that the results are sorted by.

Sort Direction

Descending (default) or Ascending

Display Columns

Desired columns shown in the component output.

 

Line/Area Chart Option Description

General

Name

Chart name

Description

Chart description

Schedule

Frequency with which the component polls the data source to obtain updates. Available frequency options include: minutely (15 minutes, 20 minutes, 30 minutes), hourly (1 hours, 2 hours, 4 hours, 6 hours, 12 hours), daily (default) with a time of day, weekly repeating every 1-20 weeks and selection of the day(s) of week, monthly repeating every 1-20 months (by day or date), and never.

Caution: Excessively frequent updates may cause the application to become less responsive due to the added processing load imposed on the host OS.

Data

Date Type

The date type can be relative to the current time when the chart is loaded or an absolute time frame that is the same on each page visit.

Date Range

Available options include:

  • Last Minutes – 15, 20, 30
  • Last Hours – 1, 2, 4, 6, 12, 24 (default), 48, 72
  • Last Days – 5, 7, 25, 50
  • Last Months – 3, 6, 12

Add/Edit Series

Name

Series name

Data

Data Type

Note: For line/area charts, vulnerability data analysis often requires that the underlying repository be a trending repository. If the selected repository is not a trending repository, no historical analysis will be available.

Vulnerability or Event

Query

Predefined query used to further narrow down the data source options. If a query does not exist or is not desired, it may be left unselected. The query may be used as is or as a template on which to base the Filters option.

Filters

Filters used to narrow down the series source.

Display

Series Data

Data to display in the chart (Total, Info, Low, Medium, High, Critical).

Matrix Options

Chart Option Description

General

Name

Matrix component name

Description

Matrix component description

Cells

Size

Creating a Matrix chart starts with defining the size. The matrix default is 4 columns by 4 rows, but may be any size from 1 column by 1 row to 10 columns by 10 rows. Clicking the Generate Cells link creates the initial blank matrix which may be populated and further defined with settings described below.

Column

(max 10)

Columns are normally used to define a group of vulnerability, mobile, event, ticket, user, or alert data. For example, five columns could be used in a matrix component, one each for critical, high, medium, low, and informational vulnerabilities. Hovering the cursor over the right-hand side of the top cell of a column displays a drop-down box.

The header drop-down box contains three options: Edit Header, Delete Cells, and Copy.

Clicking on the Edit Header option sets the column name and update frequency. The update frequency determines how often the underlying data set is refreshed. Refreshing the data more often is useful for seeing a more current view of the data; however, it can have a detrimental effect on system performance. Matrix columns are updated as clusters and not individually. For example if column A and C have an update frequency of Daily and column B has an update frequency of Every 12 Hours, columns A and C will be updated together and column B will be updated by itself. What this means is that if there is a missing query in column A, column C will not update. However, if there is a missing query in column B, columns A and C will update.

Clicking on Delete Cells will delete the column of cells. There will not be a confirmation window.

Clicking on Copy will copy the current column, which may then be edited as needed. Once 10 columns exist, the Copy option will no longer be available.

Row

(max 10)

Rows are another grouping element, used to define the operations being performed against each column element for that row. For example, if each column determines the vulnerability type (critical, high, medium, low, and informational), a row could be created labeled Ratio. Each cell in that row could be used to calculate the ratio of the particular vulnerability type count against the total vulnerability count.

Hovering the cursor over the right-hand side of the cell in a row entry displays a drop-down box. The box contains options to Edit Header, Delete Cells, and Copy.

Clicking on Edit Header will allow the header name for the row to be changed.

Clicking on Delete Cells will delete the row of cells. There will not be a confirmation window.

Clicking on Copy will copy the current row, which may then be edited as needed. Once 10 rows exist, the Copy option will no longer be available.

Editing Cells

Cells contain the actual data operations. Cells are defined by query and condition options. Clicking on a cell allows modifying the cell definition. The options are described below:

Query Options

Option Description

Data

Type

Available types include: Query Value, Static Text, Icon, Bar, and Ratio

Data Type

Available data types include vulnerability, mobile, event, ticket, alert, and user. The query value rules displayed in the condition section are dynamically defined by the data type used. For example, if a data type of Event is chosen, query value rules include Event Count, IP Count, or Port Count.

Filters

Filter the data based on specific parameters

Rules

Type

Available types include: Query Value, Static Text, Icon, Bar, and Ratio

Rule

Note: Bar and Ratio charts use ratios rather than counts in the lists below.

Vulnerability: IP Count, Port Count, Score Count, and Vulnerability Count

Mobile: Vulnerability Count, Device Count, and Score Count

Event: IP Count, Port Count, Score Count, and Event Count

Ticket: Ticket Count

Alert: Alert Count

User: User Count

 

Display Options

The display options determine the background and foreground colors along with any custom text if applicable.

Rules

There are two basic types of rules in a matrix cell definition: the default (or fallback) rule and rule(s) that are added. By default, a single editable rule is added to each cell definition. This rule cannot be deleted and describes what will be displayed in the cell if no other conditions have been defined or triggered. A default condition looks similar to the following:

This rule can be edited to display any of the available display options. Added rules may look similar to the following:

When hovered over, a rule will display an edit and a delete icon. If the rule is edited, to save the changes click the checkmark icon or click the x icon to cancel the changes.

Rules are reviewed from top to bottom and will trigger the display rule on the first rule match. Once a rule triggers, none of the subsequent rules are reviewed. If none of the added rules match, the default rule is automatically performed.

Creating a Simple Matrix Component

The matrix component has a great deal of power and functionality. The section below contains steps used to create the matrix display shown below:

This display shows percentages of hosts with exploitable vulnerabilities over the last 7 days and the exploit frameworks that can be used to exploit them.

Modify and use the steps below based on your dashboard needs.

  1. When the Dashboard to be used is selected, from the Options drop-down menu select Add Component. Choose the Matrix component type.

  2. Type the desired name and description. The name is displayed as the component title, while the description is displayed as a tooltip when hovering the cursor over the component.
  3. In the Cells area, click the size of the matrix to be created. For this example it will be 5 columns and 3 rows. Once set, click the Generate Cells link.
  4. Click the the gear icon drop-down menu when hovering over each of the headers for the columns and rows and give them an appropriate name. For each column edit the schedule as desired.

  5. Hover over the cell below Exploit % and next to Critical. This will open a window to add a Matrix Component for the cell.

    The rules set in the above screen capture indicate that we are looking for Vulnerability data by a ratio from the Cumulative database. The numerator filters are looking for vulnerabilities that have an exploit available with a Critical severity and were discovered within the last 7 days. The Denominator filters are for vulnerabilities that have a Critical severity and were discovered within the last 7 days. The rules are looking for percentages of the vulnerabilities that match and will designate the ratio value with the corresponding color based on the percentages found.

    The other cells will be constructed with many of the same rules. The differences will be adding a Numerator filter to include the Exploit Framework we are looking for and a Denominator filter will be added for the Exploit Available option.

  6. Once completed, the matrix definitions will look similar to the screen capture below:

  7. Click the Submit button to submit all changes.
  8. The matrix element will display and refresh as configured.

For more information about configuring matrix components and downloadable samples that you may find useful, please visit the Tenable SecurityCenter Dashboards blog at: http://www.tenable.com/sc-dashboards.

Copy Component Options

In addition to adding and editing components, components can be copied to the current or different Dashboard. Click on the gear icon in the top right corner of the component and choose Copy to bring up a copy component window over the existing component, similar to below:

The Copy option gives the user the ability to change the name of the component and the option of choosing the destination Dashboard from the drop-down menu where the component will be copied.

Navigating the Dashboard Components

SecurityCenter users are presented with several options when interacting with dashboard components. Hovering over a component will display a gear icon drop-down menu and when applicable an arrow, both in the top right of the component. The gear icon contains options to Edit, Refresh, Copy, and Delete the component. The arrow allows users to browse the component dataset behind the broader numbers presented in the dashboard component. Clicking the browser’s back button will return you to the Dashboard view.

Note: Various dashboards do not provide the browse option because their underlying data snapshot source does not support browse capability.

Dashboard components may be reordered by clicking and holding the title bar then dragging it to the new desired position on the page.

The Refresh option refreshes the component data based on the most recent underlying data. A circular icon in motion will display as the component is being updated.

The Delete option deletes the component from the dashboard. When selected a window will open asking for confirmation of the deletion of the component. The action cannot be undone.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.