TOC & Recently Viewed

Recently Viewed Topics

Configuration Settings

Path: System > Configuration

The configuration menu includes the following settings:

Data Expiration Settings

Data expiration determines how long SecurityCenter retains acquired data.

Use the table below to determine default and minimum values for these settings:

Option

Description

Active

SecurityCenter will automatically remove any vulnerability data that was discovered via active scanning after the designated number of days. The default value of this option is 365.

Passive

By default, SecurityCenter will automatically remove any passive vulnerability data that is older than seven days.

Event

SecurityCenter will automatically remove any event vulnerability data that was discovered via LCE log scanning after the designated number of days. The default value of this option is 365.

Compliance

SecurityCenter will automatically remove any compliance data after the designated number of days. The default value of this option is 365.

Mitigated

Automatically remove any mitigated vulnerability data after the designated number of days. The default value of this option is 365.

Closed Tickets

Automatically remove any closed tickets after the designated number of days. The default value of this option is 365.

Scan Results

Automatically remove any scan results after the designated number of days. The default value of this option is 365.

Report Results

Automatically remove any report results after the designated number of days. The default value of this option is 365.

External Schedules Settings

The SecurityCenter external schedule settings are used to determine the update schedule for the common tasks of pulling passive scanner data, IDS signature updates, and IDS correlation updates.

The following settings are available:

Option

Description

Pull Interval

This option configures the interval that SecurityCenter will use to pull results from the attached NNM servers. The default setting is 1 hour. The timing is based from the start of the SecurityCenter service on the host system.

IDS Signatures

Frequency to update SecurityCenter IDS signatures via third-party sources. The schedule is shown along with the time zone being used.

IDS Correlation Databases

Frequency to push vulnerability information to the LCE for correlation. The schedule is shown along with the time zone being used.

Each of the update schedule times may also be configured to occur by time in a particular time zone, which can be selected via the Time Zone link next to each hour selection.

Mail Settings

The Mail option designates SMTP settings for all email related functions of SecurityCenter. Available options include SMTP host, port, authentication method, encryption, and return address. In addition, a Test SMTP Settings link is displayed in the top left of the page to confirm the validity of the settings.

Note: The Return Address defaults to “noreply@localhost”. Use a valid return email address for this option. If this option is empty or the email server requires emails from valid accounts, the email will not be sent by the email server.

Miscellaneous Settings

The Miscellaneous Configuration area offers options to configure settings for web proxy, syslog, notifications, and enable or disable a variety of reporting types that are encountered and needed only in specific situations.

Web Proxy

From this configuration page, a web proxy can be configured by entering the host URL (proxy hostname or IP address), port, authentication type, username, and password. The host name used must resolve properly from the SecurityCenter host.

Syslog

The Syslog section allows for the configuration and sending of SecurityCenter log events to the local syslog service. When Enable Forwarding is enabled, the forwarding options are made available for selection. The Facility text entry box provides the ability to enter the desired facility that will receive the log messages. The Severities section determines which level(s) of syslog messages will be sent: Informational, Warning, and/or Critical by selection boxes.

Notifications

The Notifications option defines the SecurityCenter web address used when notifications are generated for alerts and tickets.

Report Generation

Among the reporting standards for the Defense Information Systems Agency (DISA) are the Asset Report Format (ASR) and the Assessment Results Format (ARF) styles. Additionally, there is CyberScope reporting utilizing Lightweight Asset Summary Results Schema (LASR) style reports used by some segments of governments and industry. These formats are typically used only by select groups and organizations for specific needs that do not apply to many organizations. Enable the slider to display the style as a Report Type during report configuration.

Privacy

If you enable the Enable Usage Statistics option, Tenable™ collects anonymous usage statistics about your SecurityCenter deployment. Tenable™ does not collect personal or identifying information. Collected statistics (e.g., data about your visited pages, your used reports and dashboards, and your configured features) will be used to improve your user experience in future SecurityCenter releases. You can disable this option at any time to stop sharing usage statistics with Tenable™.

After you enable or disable this option, all SecurityCenter users must refresh their browser window for the changes to take effect.

License Settings

The License options allow the admin user to configure the licensing and Activation Code settings for SecurityCenter and the attached Tenable™ products. The screen capture below shows a sample default SecurityCenter License configuration page:

This page will rarely need to be modified by the administrator. It contains two sections, the SecurityCenter license and the Additional Licenses section. This page will only be changed manually when a new or upgraded Activation Code for Nessus, NNM, or LCE has been purchased by the organization.

Tip:Offline repositories are not counted against the IP license count. Also, the following plugins are not counted against the license IP count when scanned using the Ping Host port scanner. Using other port scanners will cause the detected IPs to be counted against the license:

Nessus IDs: 10180, 10287, 19506, 12053, 11933, 11936

NNM IDs: 00003, 00012

LCE IDs: 800,000-800,099

To add a new license, use the Choose File button next to the License File option to locate the license key file (sent by Tenable via email) and then click Submit. Once a valid license is applied, a green option is displayed indicating a valid license and several informational options will be shown. The options indicate the name of the licensee, the type of license, the hostname of the SecurityCenter server, the license expiration date, IP count in use, and the maximum number of IPs allowed by the license.

For SecurityCenter installations, a valid Nessus Activation Code must also be entered to register any Nessus scanners used by SecurityCenter. A valid LCE Activation Code must be entered to download the LCE Event vulnerability plugins to SecurityCenter. A valid PVS Activation Code is required to use and manage attached NNM scanners. The Activation Codes are hyphen delimited alpha-numeric strings that enable SecurityCenter to download plugins and update Nessus scanner plugins. The LCE Activation Code allows SecurityCenter to download event plugins, but does not manage plugin updates for LCE servers. After uploading a valid license key and entering a valid Activation Code(s), click Next to continue.

A + sign with a grey background indicates that there has not been a license applied for the product. A green box with a checkmark in it indicates a valid code is entered. A red box with an X indicates an invalid code. Clicking on the symbol will reveal an area to either add or reset the Activation Code. Once a new code has been entered into the box and registered, it will indicate as valid or invalid.

A plugin download is initiated in the background. This plugin download can take several minutes and must complete before any Nessus scans are initiated. Once the plugin update has occurred, the Last Updated date and time are updated on the Plugins screen.

Plugins/Feed Settings

The Plugins/Feed Configuration page displays the following information:

  • the Plugin Detail Locale for SecurityCenter.
  • the feed and plugin update schedules.

Plugins are scripts used by the Nessus, NNM, and LCE servers to interpret vulnerability data. For ease of operation, Nessus and NNM plugins are managed centrally by SecurityCenter and pushed out to their respective scanners. LCE servers download their own event plugins and SecurityCenter downloads event plugins for its local reference. SecurityCenter does not currently push event plugins to LCE servers.

Custom Plugins

You can upload a custom plugin as a custom CA certificate file. All custom plugins must have unique Plugin ID numbers and have family associations based on existing SecurityCenter families.

Note:

Custom plugin uploads must now be a complete feed. In order to upload custom plugins the provided tar.gz file must include the relevant NASLs and a custom_feed_info.inc file comprised of the following two lines:

PLUGIN_SET = "201202131526";

PLUGIN_FEED = "Custom";

The administrator must manage this file and update the PLUGIN_SET option for each upload. The PLUGIN_SET format is “YYYYMMDDHHMM”.

For example, running the following command against the custom_feed_info.inc file and custom plugins in a directory will create a new tar and gziped uploadable archive file called custom_nasl_archive.tar.gz that contains both custom plugins:

# tar -cvzf custom_nasl_archive.tar.gz custom_feed_info.inc *.nasl

It is recommended that the custom_nasl_archive.tar.gz file be updated for each addition and update of custom NASLs.

For more information, see Upload a Custom CA Certificate.

Feed Schedules

SecurityCenter automatically updates SecurityCenter feeds, active plugins, passive plugins, and event plugins. If you upload a custom feed or plugin file, the system merges the custom file data with the data contained in the associated automatically updating feed or plugin.

You can upload tar.gz files or .xml files with a maximum size of 1500MB. SecurityCenter supports .xml files only when the file contains translated content for use with the local language plugin feature.

Custom File Details

All custom plugins must have unique Plugin ID numbers and have family associations based on existing SecurityCenter families.

Custom plugin uploads must be a complete feed. In order to upload custom plugins the provided tar.gz file must include the relevant NASLs and a “custom_feed_info.inc” file comprised of the following two lines:

PLUGIN_SET = "201202131526";

PLUGIN_FEED = "Custom";

The administrator must manage this file and update the PLUGIN_SET option for each upload. The PLUGIN_SET format is “YYYYMMDDHHMM”.

For example, running the following command against the custom_feed_info.inc file and custom plugins in a directory will create a new tar and gziped uploadable archive file called custom_nasl_archive.tar.gz that contains both custom plugins:

# tar -cvzf custom_nasl_archive.tar.gz custom_feed_info.inc *.nasl

It is recommended that the custom_nasl_archive.tar.gz file be updated for each addition and update of custom NASLs

To manage feed schedules:

  1. In the top navigation bar, click System > Configuration.

  2. Click the Plugins/Feed button.
  3. Expand the Schedules section to show the settings for the SecurityCenter Feed, Active Plugins, Passive Plugins, or Event Plugins schedule.
  4. If you want to perform an on-demand plugin update, click Update. You cannot update feeds with invalid activation codes.
  5. If you want to customize the timing for automatic updates, click the Schedule link to display the Frequency, Time, Timezone, and Repeat Every options.
  6. If you want to upload a custom feed or plugin file, click Choose File.
  7. Click Submit.

Plugin Detail Locale

The local language plugin feature allows you to display portions of plugin data in local languages. When available, translated text displays on all pages where plugin details are displayed.

Select Default to display plugin data in English.

SecurityCenter cannot translate text within custom files. You must upload a translated Active Plugins .xml file in order to display the file content in a local language.

To manage plugin text translation:

  1. In the top navigation bar, click System > Configuration.
  2. Click the Plugins/Feed button.
  3. If you want plugin text to display in a local language, select a language from the Locale List box.
  4. Click Apply.
  5. Perform an on-demand Active Plugins update to obtain available translations.

Security Settings

The Security section defines the SecurityCenter web interface login parameters and options for account logins. Banners, headers, and classification headers and footers can also be configured from this screen.

Use the table below to determine correct values for your environment:

Option

Description

Session Timeout

The web session timeout in minutes (default: 60 minutes).

Maximum Login Attempts

The maximum number of user login attempts allowed by SecurityCenter before the account is locked out (default: 20). Setting this value to zero disables this feature.

Minimum Password Length

This setting defines the minimum number of characters for passwords of accounts created using the local TNS authentication access (default:3).

Password Complexity Provides the option to set the minimum password length (4 characters) and requires the use of an upper case letter, lower case letter, numerical character, and special character.

Startup Banner Text

Type the text banner that is displayed prior to the login interface.

Header Text

Adds custom text to the top of the SecurityCenter screen. The text may be used to identify the company, group, or other organizational information. The option is limited to 128 characters.

Classification Type

Adds a header and footer banner to SecurityCenter to indicate the classification of the data accessible via the software. Current options are None, Unclassified, Confidential, Secret, Top Secret, and Top Secret – No Foreign.

Sample header:

Sample footer:

Note: When set to an option other than None, the available report style for users will only show the plain report style types. The Tenable report styles do not support the classification banners.

Allow Session Management This setting is disabled by default. When enabled (as displayed in the screen shot above), the Session Limit option will appear. This feature displays the option that will allow the administrator to set a session limit for all users.
Disable Inactive Users This setting disables accounts after a set period of inactivity. Type the number of days to keep the account active before disabling in the Days Users Remain Enabled option that appears when this option is switched on.
Session Limit Any number entered here will be saved as the maximum number of sessions a user can have open at one time. If a user logs in, and the session limit for that user has already been reached, he/she will be prompted with a warning notifying him/her that the oldest session with that username will be logged out automatically. The user may click cancel and opt not to Sign In, or he/she may click Sign In, at which point the oldest session for that user will be bumped.

Note: This behavior is different for CAC logins - the previously described behavior is bypassed as was the old login behavior.

Login Notifications Sends notifications for each time a user logs in.
FIPS Configuration Allows the user to enable or disable FIPS mode for communication. Transitioning from one mode to the other will require a restart.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.