Quick Setup

The Tenable Security Center Quick Setup Guide walks through the following configurations:

After configuring, Review and confirm.

License

Note: These settings are not available in Tenable Enclave Security.

Upload your Tenable Security Center license and apply additional product licenses.

Tenable Security Center License

  1. Click Choose File to upload the Tenable Security Center license file you received from Tenable.

    The file should follow the format:

    <CompanyName>_SC<IP Count>-<#>-<#>.key

  2. Click Activate.

    The page confirms successful upload and activation of a valid license.

Activation Codes

Consider adding additional license activation codes:

  • Tenable Security Center license activation code — required before adding any Tenable Nessus scanners. The Tenable Security Center license activation code allows Tenable Security Center to download plugins and update Tenable Nessus scanner plugins.

    In the Tenable Nessus section, type the Tenable Security Center activation code and click Register.

  • Tenable Nessus Network Monitor license activation code — required before using and managing attached Tenable Nessus Network Monitor scanners.

    In the Tenable Nessus Network Monitor section, type the Tenable Nessus Network Monitor activation code and click Register.

  • Log Correlation Engine Activation Code — required before downloading Log Correlation Engine Event vulnerability plugins to Tenable Security Center. The Log Correlation Engine Activation Code allows Tenable Security Center to download event plugins, but it does not manage plugin updates for Log Correlation Engine servers.

    In the Log Correlation Engine section, type the Tenable Log Correlation Engine activation code and click Register.

Click Next to continue.

A plus (+) sign indicates that no license is applied for the product. A box with an X indicates an invalid activation code. Click on the plus (+) or X to add or reset a license activation code.

A box with a checkmark indicates a valid license is applied and that Tenable Security Center initiated a plugin download in the background.

The download may take several minutes and must complete before initiating any Tenable Nessus scans. After the download completes, the Last Updated date and time update on the Plugins page.

Tenable Nessus Scanner

Configure your first Tenable Nessus scanner. For information about the options you can configure, see Tenable Nessus Scanners. There are some limitations on the scanner options you can configure during Quick Start:

  • Agent Capable: If you use a Tenable Vulnerability Management or Tenable Nessus Manager scanner for Tenable Nessus Agent scan imports, do not configure that scanner during the Quick Start.

  • Zones: If you want to grant scan zones access to this scanner, you must configure the Zones option after the Quick Start.

Tenable Nessus Network Monitor

Note: These settings are not available in Tenable Enclave Security.

If you added an Tenable Nessus Network Monitor license activation code, you can configure your first Tenable Nessus Network Monitor scanner. For information about the options you can configure, see Tenable Nessus Network Monitor Instances. There are some limitations on the scanner options you can configure during Quick Start:

  • Repositories: If you want to select repositories to store the scanner's data, you must configure the Repositories option after the Quick Start.

Log Correlation Engine

Note: Tenable Enclave Security does not support Tenable Log Correlation Engine.

If you added an Log Correlation Engine Activation Code, you can configure your first Tenable Log Correlation Engine scanner. For information about the options you can configure, see Tenable Log Correlation Engines. There are some limitations on the scanner options you can configure during Quick Start:

  • Organizations: If you want to select organizations that can access the scanner's data, you must configure the Organizations option after the Quick Start.

  • Repositories: If you want to select repositories to store the scanner's data, you must configure the Repositories option after the Quick Start.

Repository

You can configure your first local IPv4 or IPv6 repository.

Caution: When creating repositories, note that IPv4 and IPv6 addresses must be stored separately. Additional repositories may be created once the initial configuration is complete.

A repository is essentially a database of vulnerability data defined by one or more ranges of IP addresses. When the repository is created, a selection for IPv4 or IPv6 addresses must be made. Only IP addresses of the designated type may be imported to the designated repository. The organization created in steps that follow can take advantage of one or more repositories. During installation, a single local repository is created with the ability to modify its configuration and add others post-install.

Caution: When creating Tenable Security Center repositories, Tenable Log Correlation Engine event source IP address ranges must be included along with the vulnerability IP address ranges or the event data is not accessible from the Tenable Security Center UI.

Local repositories are based on the IP addresses specified in the IP Ranges option on this page during the initial setup. Remote repositories use addressing information pulled over the network from a remote Tenable Security Center. Remote repositories are useful in multi-Tenable Security Center configurations where security installations are separate but reports are shared. Offline repositories also contain addressing information from another Tenable Security Center. However, the information is imported to the new installation via a configuration file and not via a direct network connection. For information about how this works in air-gapped environments, see Considerations for Air-Gapped Environments.

For information about the options you can configure, see Local Repositories. There are some limitations on the repositories and repository options you can configure during Quick Start:

  • You cannot configure a local mobile repository during Quick Start.

  • You cannot configure a local agent repository during Quick Start.

  • You cannot configure an external repository during Quick Start.

  • Organizations: If you want to select organizations that can access the repository's data, you must configure the Organizations option after the Quick Start.

  • Log Correlation Engine Correlation: If you want to select Log Correlation Engine servers where you want Tenable Security Center to retrieve data, you must configure the Log Correlation Engine Correlation option after the Quick Start.

Organization

Note: These settings are not available in Tenable Enclave Security.

An organization is a set of distinct users and groups and the resources they have available to them. For information about the options you can configure, see Organizations.

You can configure one organization during initial setup. If you want to use multiple organizations, you must configure other organizations after the Quick Start.

LDAP

Note: These settings are not available in Tenable Enclave Security.

Configuring LDAP allows you to use external LDAP servers for the Tenable Security Center user account authentication or as LDAP query assets. Type all required LDAP server settings and click Next. Click Skip if you do not want to configure LDAP during initial configuration.

You can configure one LDAP server connection during initial setup. If you want to use multiple LDAP servers, or if you want to configure additional options, you must continue configuring LDAP after the Quick Start.

For information about the options you can configure, see LDAP Authentication.

User

Note: These settings are not available in Tenable Enclave Security.

You must create one administrator and one security manager during initial setup. For more information, see User Roles.

  • Security manager — a user to manage the organization you just created. After you finish initial setup, the security manager can create other user accounts within the organization.

  • Administrator — a user to manage Tenable Security Center. After you finish initial setup, the administrator can create other organizations and user accounts.

If you already configured an LDAP server, you have the option to create an LDAP user account. For more information about user account options, see User Accounts.

After creating the security manager user and setting the administrator password, click Next to finish initial setup. The Admin Dashboard page appears, where you can review login configuration data.

Additional Settings

The Enable Usage Statistics option specifies whether Tenable collects anonymous telemetry data about your Tenable Security Center deployment.

When enabled, Tenable collects usage statistics that cannot be attributed to a specific user or customer. Tenable does not collect personal data or personally identifying information (PII).

Usage statistics include, but are not limited to, data about your visited pages, your used reports and dashboards, your Tenable Security Center license, and your configured features. Tenable uses the data to improve your user experience in future Tenable Security Center releases. You can disable this option at any time to stop sharing usage statistics with Tenable.

For more information about enabling or disabling this option after initial setup, see Configuration Settings.

Review

The review page displays your currently selected configurations. If you want to make further changes, click the links in the left navigation bar.

When you are finished, click Confirm.