TOC & Recently Viewed

Recently Viewed Topics

Quick Setup

The SecurityCenter Quick Setup Guide walks through the following configurations:

After configuring, Review and confirm.

License

Click Choose File to upload the license file you received from Tenable™. The file should follow the format:

<CompanyName>_SC<IP Count>-<#>-<#>.key

After uploading and clicking the Activate button, the page confirms successful upload and activation of a valid license.

Nessus, PVS, and LCE Licenses

Consider adding additional license activation codes:

  • SecurityCenter Activation Code — required before registering any Nessus scanners that will be used by the SecurityCenter. The SecurityCenter Activation Code allows SecurityCenter to download plugins and update Nessus scanner plugins.

    In the Nessus section, type the SecurityCenter Activation Code and click Register.

  • PVS Activation Code — required before using and managing attached PVS scanners.

    In the PVS section, type the PVS Activation Code and click Register.

  • LCE Activation Code — required before downloading LCE Event vulnerability plugins to SecurityCenter. The LCE Activation Code allows SecurityCenter to download event plugins, but it does not manage plugin updates for LCE servers.

    In the LCE section, type the LCE Activation Code and click Register.

Click Next to continue.

A plus (+) sign with a grey background indicates that no license is applied for the product. A red box with an X indicates an invalid activation code. Click on the plus (+) or X to add or reset a license activation code.

A green box with a checkmark indicates a valid license is applied and that SC initiated a plugin download in the background. The download may take several minutes and must complete before initiating any Nessus scans. After the download completes, the Last Updated date and time are updated on the Plugins screen.

Nessus Scanner

Once the license and Activation Code(s) have been entered, the next stage of installation is to configure the first Nessus scanner. Tenable.io™ and Nessus Manager scanners that are to be used for Nessus Agent scan imports may enable or add the feature after the initial configuration is complete.

This screen asks for the information to connect to the Nessus scanner and the options are detailed in the following table:

Option

Description

Name

Descriptive name for the Nessus scanner.

Description

Scanner description, location, or purpose.

Host

Hostname or IP address of the scanner.

Port

TCP port that the Nessus scanner listens on for communications from SecurityCenter. The default port is 8834.

Enabled

A scanner may be Enabled or Disabled within SecurityCenter to allow or prevent access to the scanner.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the Nessus server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the Nessus scanner.

Username

Username generated during the Nessus install for daemon to client communications. This must be an administrator user in order to send plugin updates to the Nessus scanner. If the scanner will be updated by a different method, such as through another SecurityCenter, a standard Nessus user account may be used to perform scans. This option is only available if the Authentication Type is set to Password.

Password

The login password must be entered in this option. This option is only available if the Authentication Type is set to Password.

Certificate

This option is available if the Authentication Type is SSL Certificate. Click the Browse button, choose a SSL Certificate file to upload, and upload to the SecurityCenter.

PVS

When a PVS license is installed, the option to configure the initial PVS scanner is enabled.

This screen asks for the information to connect to the PVS scanner and the options are detailed in the following table:

Option

Description

Name

Descriptive name for the PVS scanner.

Description

Scanner description, location, or purpose.

Host

Hostname or IP address of the scanner.

Port

TCP port that the PVS scanner listens on for communications from SecurityCenter. The default is port 8835.

Enabled

A scanner may be marked as Enabled or Disabled within SecurityCenter to allow or prevent access to the scanner.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the PVS server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the PVS scanner.

Username

Username generated during the PVS install for daemon to client communications. This must be an administrator user in order to send plugin updates to the PVS scanner. This option is only available if the Authentication Type is set to Password.

Password

The login password must be entered in this option. This option is only available if the Authentication Type is set to Password.

Certificate

This option is available if the Authentication Type is SSL Certificate. Click the Browse button, choose a SSL Certificate file to upload, and upload to the SecurityCenter.

LCE

When a Log Correlation Engine license is installed, the option to configure the initial LCE server is enabled.

This screen asks for the information to connect to the PVS scanner and the options are detailed in the following table.

Option

Description

Name

Name used to describe the Log Correlation Engine.

Description

Descriptive text for the Log Correlation Engine.

Host

IP address of the Log Correlation Engine.

Check Authentication

This button checks the status of the authentication between SecurityCenter and the LCE server.

Import Vulnerabilities

When enabled, allows Event vulnerability data to be retrieved from the configured LCE server.

Port

Type the port that the LCE reporter is listening on the LCE host.

Username

Type the reporter username used to authenticate to the LCE to retrieve vulnerability information.

Password

Type the reporter password used to authenticate to the LCE to retrieve vulnerability information.

Repository

Caution: When creating repositories, note that IPv4 and IPv6 addresses must be stored separately. Additional repositories may be created once the initial configuration is complete.

A repository is essentially a database of vulnerability data defined by one or more ranges of IP addresses. When the repository is created, a selection for IPv4 or IPv6 addresses must be made. Only IP addresses of the designated type may be imported to the designated repository. The Organization created in steps that follow can take advantage of one or more repositories. During installation, a single local repository is created with the ability to modify its configuration and add others post-install.

Caution: When creating SecurityCenter repositories, LCE event source IP ranges must be included along with the vulnerability IP ranges or the event data will not be accessible from the SecurityCenter UI.

Local repositories are based on the IP addresses specified in the IP Ranges option on this page during the initial setup. Remote repositories use addressing information pulled over the network from a remote SecurityCenter. Remote repositories are useful in multi-SecurityCenter configurations where security installations are separate but reports are shared. Offline repositories also contain addressing information from another SecurityCenter. However, the information is imported to the new installation via a configuration file and not via a direct network connection. This facilitates situations where the remote SecurityCenter is isolated from other networks via an air gap.

The following table describes the options available during the repository setup:

Repository Options

Option

Description

General

Name

The repository name.

Description

Descriptive text for the repository.

Data

Type

Determines if the repository being created is for IPv4 or IPv6 addresses.

IP Ranges

Allowed ranges for importing vulnerability data. Addresses may be a single IP address, IP range, CIDR block, or any comma-delimited combination (20 K character limit).

Advanced Settings

Generate Trend Data

Note: If trending is not selected, any query that uses comparisons between repository snapshots (e.g., trending line charts) will not be available.

This option allows for a periodic snapshot of the .nessus data for vulnerability trending purposes. This option is useful in cases where tracking data changes is important. In situations where repository datasets do not change frequently – negating the need for trending – disable this option to minimize disk space usage.

Days Trending

Sets the number of days for the trending data to track.

Enable Full Text Search

Determines if the trending data presented is indexed for a full text search.

Organization

An Organization is a set of distinct users and groups and the resources they have available to them. There are two areas to configure initially for the organization, the General and Scanning options.

  • General — provide the organization name, description, and contact/location information.
  • Scanning — provide the ranges that the organization will have access to. Type IP addresses as a range or using CIDR notation.

You can configure one organization during initial setup. If you want to use multiple organizations, continue configuring after initial setup. For detailed information about organizations, see Organizations and Groups.

LDAP

Configuring LDAP allows you to use external LDAP servers for SecurityCenter user account authentication or as LDAP query assets. Type all required LDAP server settings and click Next. Click Skip if you do not want to configure LDAP during initial configuration.

You can configure one LDAP server connection during initial setup. If you want to use multiple LDAP servers, or if you want to configure additional options, continue configuring after initial setup.

For more information about LDAP configuration options and to configure multiple LDAP severs, see LDAP Servers.

User

You must create one Security Manager and one Administrator during initial setup. For more information about the Security Manager, Administrator, and other user roles, see User Roles.

  • Security Manager — a user to manage the organization you just created. After you finish initial setup, the Security Manager can create other users accounts within the organization.
  • Administrator — a user to manage the SecurityCenter. After you finish initial setup, the Administrator can create other organizations and user accounts.

If you already configured an LDAP server, you have the option to create an LDAP user account. For more information about TNS or LDAP user account options, see User Accounts.

After creating the Security Manager user and setting the Administrator password, click Next to finish initial setup. The Admin Dashboard page appears, where you can review login configuration data.

Review

The review page displays your currently selected configurations. If you want to make further changes, click on the links in the left navigation bar.

When you are finished, click Confirm.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.