Get Started With Tenable Security Center

Use the following getting started sequence to configure and mature your Tenable Security Center deployment.

1. Prepare

2. Install

3. Configure Scans

4. Refine

5. Expand

Prepare

Before you begin, learn about Tenable Security Center and establish a deployment plan and analysis workflow to guide your configurations.

• Access Tenable Support and training resources for Tenable Security Center, including:

  • the Tenable University training courses

  • the Tenable Scan Strategy guide

• Design a deployment plan by identifying your organization's objectives and analyzing your network topology. Consider Tenable-recommended best practices for your environment. For more information about environment requirements, see Requirements. For information about scan types, see Scanning Overview.

• Design an analysis workflow. Identify key stakeholders in your management and operational groups, considering the data you intend to share with each stakeholder.

For more information about planning a large enterprise deployment of Tenable Security Center, see the Tenable Security Center Large Enterprise Deployment Guide.

For more information about the basic architecture of a Tenable Security Center deployment, see Tenable Security Center Architecture.

Install

Install Tenable Security Center and perform initial configuration.

1. Depending on your environment, install in your environment or deploy or install with Tenable Core.

   For complete information about Tenable Core + Tenable Security Center, see the Tenable Core User Guide.

2. Perform quick setup, as described in Quick Setup. You can:

   • Upload licenses

   • Configure one Tenable Nessus scanner

   • Configure one Tenable Network Monitor scanner (requires a Tenable Network Monitor activation license)

   • Configure one Tenable Log Correlation Engine server (requires an Tenable Log Correlation Engine® activation license)

   • Create one repository

   • Create one organization

   • Configure one LDAP server

   • Create one administrator user account and one security manager account

   • Configure usage statistic collection

   Tenable recommends following the quick setup wizard, but you can configure these features later. For example, do not configure LDAP until you have easy access to all necessary LDAP parameters.

3. Configure SMTP settings, as described in Mail Settings.

4. Configure scan zones, as described in Add a Scan Zone.

5. Configure additional repositories, if necessary, as described in Repositories.

6. Configure additional scanners, if necessary, as described in Tenable Nessus Scanners, Tenable Network Monitor Instances, and Tenable Log Correlation Engines.

7. Configure security settings (e.g., password complexity requirements and custom banners), as described in Security Settings.

Configure Scans

Configure and run basic scans to begin evaluating the effectiveness of your deployment plan and analysis workflow.

1. Configure credentials, as described in Credentials.

2. Create static assets, as described in Add a Custom Asset. For more information about asset types, see Assets.

3. Configure a Host Discovery policy and a Basic Network Scan policy from Tenable-provided scan policy templates, as described in Add a Scan Policy.

4. Configure and run scans for those policies, as described in Add an Active Scan and Add an Agent Scan.

5. Confirm that the scans can access all areas of your network with no credential issues.

6. Configure Tenable Network Monitor scanners, as described in Tenable Network Monitor Instances.

7. When the scans complete, create template-based dashboards and reports, as described in Dashboards and Reports.

8. Search for vulnerabilities by CVE ID, as described in Search.

Tenable recommends frequently reviewing your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.

Refine

Configure other features, if necessary, and refine your existing configurations.

• Configure audit files, as described in Audit Files.

• Create additional scan policies, as described in Add a Scan Policy.

• Configure scan freeze windows, as described in Add a Freeze Window.

• Configure groups, as described in Add a Group.

• Create a custom user role, as described in Create a User Role.

• Create additional user accounts and share objects with users, as described in User Accounts.

• Create dynamic assets and combination assets, as described in Add a Custom Asset. For more information about asset types, see Assets.

• Review the plugin update schedule, as described in Edit Plugin and Feed Settings and Schedules. Consider editing the schedules to suit your needs. For example, you may want to schedule plugin and feed updates to run a few hours before your scheduled scans.

• Add queries and use filters, as described in Add or Save a Query and Apply a Filter.

• Create custom dashboards and reports, as described in Dashboards and Reports.

• Create Assurance Report Cards (ARCs), as described in Assurance Report Cards.

• Configure alerts, ticketing, accept risk rules, and recast risk rules, as described in Workflow Actions.

• View vulnerability data and use the built-in analysis tools, as described in Vulnerability Analysis.

Expand

Review and mature your deployment plan and analysis workflow.

• Conduct weekly meetings to review your organization's responses to identified vulnerabilities.

• Conduct weekly management meetings to oversee your teams executing the analysis workflow.

• Review scan automation settings and consider revising.

• Review your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.

• Optimize and operationalize your custom dashboards to meet the needs of individual user account holders.

• Optimize and operationalize your custom reports to prepare them for distribution.

• Consider configuring API integrations, as described in the Tenable Security Center API Guide and the Tenable Security Center API Best Practices Guide.

• Consider synchronizing Tenable Security Center with Tenable Lumin to take advantage of Cyber Exposure features, as described in Tenable One Synchronization.

Expand into Tenable One

Integrate Tenable Security Center with Tenable One and leverage the following features:

• Access the Exposure View page, where you can gain critical business context by getting business-aligned cyber exposure score for critical business services, processes and functions, and track delivery against SLAs. Track overall risk to understand the risk contribution of assets to your overall Cyber Exposure Score, including by asset class, vendor, or by tags.

  • View and manage cyber exposure cards.

  • View CES and CES trend data for the Global and Computing Resources exposure cards.

  • View Remediation Service Level Agreement (SLA) data.

  • View Tag Performance data.

• Access the Exposure Signals page, where you can generate exposure signals that use queries to search for asset violations. Simply put, if an asset is impacted by a weakness related to the query, then the asset is considered a violation. Using this, you can gain visibility into your most critical risk scenarios.

  • Find top active threats in your environment with up-to-date feeds from Tenable Research.

  • View, generate, and interact with the data from queries and their impacted asset violations.

  • Create custom exposure signals to view business-specific risks and weaknesses

• Access the Inventory page, where you can enhance asset intelligence by accessing deeper asset insights, including related attack paths, tags, exposure cards, users, relationships, and more. Improve risk scoring by gaining a more complete view of asset exposure, with an asset exposure score that assesses total asset risk and asset criticality.

  • View and interact with the data on the Assets tab:

    • Review your AD assets to understand the strategic nature of the interface. This should help set your expectations on what features to use within Tenable Exposure Management, and when.

    • Familiarize yourself with the Global Asset Search and its objects and properties. Bookmark custom queries for later use.

    • Find devices, user accounts, software, cloud assets, SaaS applications, networks, and their weaknesses.

    • Drill down into the Asset Details page to view asset properties and all associated context views.

  • View and interact with the data on the Weaknesses tab:

    • View key context on vulnerability and misconfiguration weaknesses to make the most impactful remediation decisions.

  • View and interact with the data on the Software tab:

    • Gain full visibility of the software deployed across your business and better understand the associated risks.

    • Identify what software may be out of date, and which pieces of software may soon be End of Life (EoL).

  • View and interact with the data on the Findings tab:

    • View instances of weaknesses (vulnerabilities or misconfigurations) appearing on an asset, identified uniquely by plugin ID, port, and protocol.

    • Review insights into those findings, including descriptions, assets affected, criticality, and more to identify potential security risks, visibility on under-utilized resources, and support compliance efforts.

• Access the Attack Path page, where you can optimize risk prioritization by exposing risky attack paths that traverse the attack surface, including web apps, IT, OT, IoT, identities, ASM, and prevent material impact. Streamline mitigation by identifying choke points to disrupt attack paths with mitigation guidance, and gain deep expertise with AI insights (Not supported in FedRAMP environments).

  • View the Dashboard tab for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open attack techniques and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

    • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about paths leading to your “Crown Jewels”, or assets with an ACR of 7 or above.

    You can adjust these if needed to ensure you’re viewing the most critical attack path data.

  • On the Top Attack Techniques tab, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create attack techniques, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

  • On the Top Attack Paths tab, generate attack path queries to view your assets as part of potential attack paths:

    • Generate an Attack Path with a Built-in Query

    • Generate an Attack Path Query with the Attack Path Query Builder

    • Generate an Asset Query with the Asset Query Builder

    Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.

  • Interact with the MITRE ATT&CK Heatmap tab.

• View and interact with the data in the Tags page:

  • Create and manage tags to highlight or combine different asset classes.

  • View the Tag Details page to gain further insight into the tags associated with your assets.