TOC & Recently Viewed

Recently Viewed Topics

Nessus Network Monitor

Nessus Network Monitor (NNM) is a patented network discovery and vulnerability analysis software solution, that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. NNM monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. Where an active scanner takes a snapshot of the network in time, NNM behaves like a security motion detector on the network.

SecurityCenter communicates with NNM 4.0 or higher utilizing the XMLRPC protocol on port 8835 by default.

SecurityCenter will ask NNM for the latest (if any) vulnerability report once every hour by default. The pull interval may be changed under the System Configuration page under the Update tab.

By default, SecurityCenter will check every 24 hours to see if any new passive vulnerability plugins have been downloaded from Tenable and will push them out to each NNM scanner. SecurityCenter must have a valid PVS Activation Code to retrieve plugin updates from Tenable and send plugin updates to the attached NNM scanners.

The screen capture below shows a listing of NNM scanners:

To configure one or more NNM servers, click Resources > Passive Vulnerability Scanners. This will produce a list of all configured NNM devices by name, their host, version, status, uptime, and the last time of the last retrieved report. Selecting the Update Status button from the Options drop-down menu will initiate a connection from SecurityCenter to obtain and refresh the status of the NNM scanners.

To add a scanner, click the Add button. Items with an asterisk (*) next to them indicate information that is required that does not have a default setting. A screen capture of the Add Scanner dialog is shown below:

The table below provides details about the available options for adding a NNM scanner:

Option

Description

Name

Descriptive name for the NNM scanner.

Description

Scanner description, location, or purpose.

Host

Hostname or IP address of the scanner.

Port

TCP port that the NNM scanner listens on for communications from SecurityCenter. The default is port 8835.

State

A scanner may be marked as “Enabled” or “Disabled” within SecurityCenter to allow or prevent access to the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the NNM scanner.

Username

Username generated during the NNM install for daemon to client communications. This must be an administrator user in order to send plugin updates to the NNM scanner. This option is only available if the Authentication Type is set to Password.

Password

The login password must be entered in this option. This option is only available if the Authentication Type is set to Password.

Certificate

This option is available if the Authentication Type is SSL Certificate. Click the Browse button, choose a SSL Certificate file to upload, and upload to the SecurityCenter.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the NNM server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the scanner.

Repositories

The repositories which this NNM scanner will save its data to. If NNM will be reporting IPv4 and IPv6 data, at least two repositories (one for IPv4 and one for IPv6 data) must be selected.

SecurityCenter will add all data collected by a NNM to the repository(s) that are configured for it. Therefore it is important for the NNM to restrict the data it is collecting to only the desired IP range(s). For example, if the attached NNM collects information on 1100 hosts and the SecurityCenter is licensed for only 1000 hosts, SecurityCenter will import all of the collected data and indicate that the host count has exceeded the licensed amount of hosts.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.