Active Scan Objects
Complete Tenable Security Center scan configurations rely on the following scan objects. For information about active scans, see Active Scans.
Scan Object |
Description |
---|---|
assets |
Assets are lists of devices (for example, laptops, servers, tablets, or phones) within a Tenable Security Center organization. You can share assets with one or more users based on local security policy requirements. You can add an asset to group devices that share common attributes. Then, you can use the asset during scan configuration to target the devices in the asset. For more information, see Assets. |
credentials |
Credentials are reusable objects that facilitate a login to a scan target. You can configure various types of credentials with different authentication methods for use within scan policies. You can also share credentials between users for scanning purposes. Tenable Security Center supports an unlimited number of SSH, Windows, and database credentials, and four SNMP credential sets per scan configuration. For more information, see Credentials. |
audit files |
During a configuration audit, auditors verify that your server and device configurations meet an established standard and that you maintain them with an appropriate procedure. Tenable Security Center can perform configuration audits on key assets by using local Tenable Nessus checks that can log directly on to a Unix or Windows server without an agent. Tenable Security Center supports several audit standards. Some of these come from best practice centers like the PCI Security Standards Council and the Center for Internet Security (CIS). Some of these are based on Tenable’s interpretation of audit requirements to comply with specific industry standards such as PCI DSS or legislation such as Sarbanes-Oxley. In addition to base audits, you can create customized audits for the particular requirements of any organization. You can upload customized audits into Tenable Security Center and make them available to anyone performing configuration audits within an organization. You can upload and use NIST SCAP files in the same manner as an audit file. Navigate to NIST’s SCAP website (http://scap.nist.gov) and under the SCAP Content section, download the desired SCAP security checklist zip file. You can then upload the file to Tenable Security Center and select it for use in Tenable Nessus scan jobs. Once you configure audit scan policies in Tenable Security Center, you can use them as needed. Tenable Security Center can also perform audits intended for specific assets. A Tenable Security Center user can use audit policies and asset lists to determine the compliance posture of any specified asset. For more information, see Audit Files. |
scan zones |
Scan zones represent areas of your network that you want to target in an active scan, associating an IP address or range of IP addresses with one or more scanners in your deployment. Scan zones define the IP address ranges associated with the scanner along with organizational access. For more information, see Scan Zones. |
scan policies |
Scan policies contain options related to performing an active scan. For example:
For more information, see Scan Policies. |