TOC & Recently Viewed

Recently Viewed Topics

Passive Vulnerability Scanners

Tenable’s Passive Vulnerability Scanner (PVS) is a patented network discovery and vulnerability analysis software solution, that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. The PVS monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. Where an active scanner takes a snapshot of the network in time, the PVS behaves like a security motion detector on the network.

SecurityCenter communicates with PVS 4.0 or higher utilizing the XMLRPC protocol on port 8835 by default.

SecurityCenter will ask the PVS for the latest (if any) vulnerability report once every hour by default. The pull interval may be changed under the System Configuration page under the Update tab.

By default, SecurityCenter will check every 24 hours to see if any new passive vulnerability plugins have been downloaded from Tenable and will push them out to each PVS scanner. SecurityCenter must have a valid PVS Activation Code to retrieve plugin updates from Tenable and send plugin updates to the attached PVS scanners.

The screen capture below shows a listing of PVS scanners:

To configure one or more of Tenable’s PVS servers, click Resources > Passive Vulnerability Scanners. This will produce a list of all configured PVS devices by name, their host, version, status, uptime, and the last time of the last retrieved report. Selecting the Update Status button from the Options drop-down menu will initiate a connection from SecurityCenter to obtain and refresh the status of the PVS scanners.

To add a scanner, click the Add button. Items with an asterisk (*) next to them indicate information that is required that does not have a default setting. A screen capture of the Add Scanner dialog is shown below:

The table below provides details about the available options for adding a PVS scanner:

Option

Description

Name

Descriptive name for the PVS scanner.

Description

Scanner description, location, or purpose.

Host

Hostname or IP address of the scanner.

Port

TCP port that the PVS scanner listens on for communications from SecurityCenter. The default is port 8835.

State

A scanner may be marked as “Enabled” or “Disabled” within SecurityCenter to allow or prevent access to the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the PVS scanner.

Username

Username generated during the PVS install for daemon to client communications. This must be an administrator user in order to send plugin updates to the PVS scanner. This option is only available if the Authentication Type is set to Password.

Password

The login password must be entered in this option. This option is only available if the Authentication Type is set to Password.

Certificate

This option is available if the Authentication Type is SSL Certificate. Click the Browse button, choose a SSL Certificate file to upload, and upload to the SecurityCenter.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the PVS server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the scanner.

Repositories

The repositories which this PVS scanner will save its data to. If PVS will be reporting IPv4 and IPv6 data, at least two repositories (one for IPv4 and one for IPv6 data) must be selected.

SecurityCenter will add all data collected by a PVS to the repository(s) that are configured for it. Therefore it is important for the PVS to restrict the data it is collecting to only the desired IP range(s). For example, if the attached PVS collects information on 1100 hosts and the SecurityCenter is licensed for only 1000 hosts, SecurityCenter will import all of the collected data and indicate that the host count has exceeded the licensed amount of hosts.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.