Configuration Settings
The configuration menu includes the following settings:
Data expiration determines how long Tenable Security Center retains closed tickets, scan results, and report results.
Option |
Description |
---|---|
User Generated Object Lifetime | |
Closed Tickets |
The number of days you want Tenable Security Center to retain closed tickets. The default value of this option is 365 days. |
Scan Results |
The number of days you want Tenable Security Center to retain scan results. The default value of this option is 365 days. |
Report Results |
The number of days you want Tenable Security Center to retain report results. The default value of this option is 365 days. |
Tip: You can configure vulnerability data expiration for individual IPv4, IPv6, agent
The Tenable Security Center external schedule settings determine the update schedule for the common tasks of pulling Tenable Nessus Network Monitor data, IDS signature updates, and IDS correlation updates.
Option |
Description |
---|---|
Tenable Nessus Network Monitor | |
Pull Interval |
This option configures the interval that Tenable Security Center uses to pull results from the attached Tenable Nessus Network Monitor instances. The default setting is 1 hour. The timing is based from the start of the Tenable Security Center service on the host system. |
Tenable Log Correlation Engine | |
IDS Signatures |
Specifies the frequency to update Tenable Security Center IDS signatures via third-party sources. The schedule appears along with the specified time zone. |
IDS Correlation Databases |
Specifies the frequency to push vulnerability information to the Log Correlation Engine for correlation. The schedule appears along with the specified time zone. |
You can also configure each of the update schedule times to occur by time in a particular time zone using the Time Zone link next to each hour selection.
The Mail option designates SMTP settings for all email-related Tenable Security Center functions. Available options include SMTP host, port, authentication method, encryption, and return address. In addition, you can use the Test SMTP Settings in the upper left corner of the page to validate the settings.
Note: Type the Username in a format supported by your SMTP server (for example, [email protected] or domain\username).
Note: The Return Address defaults to noreply@localhost. Use a valid return email address for this option. If this option is empty or the email server requires emails from valid accounts, the email server cannot send the email.
The Miscellaneous Configuration section offers options to configure settings for web proxy, syslog, notifications, and enable or disable some report types.
Note: These settings are not available in Tenable Enclave Security.
From this configuration page, you can configure a web proxy by entering the host URL (proxy hostname or IP address), port, authentication type, username, and password. The hostname used must resolve properly from the Tenable Security Center host.
Syslog
Note: These settings are not available in Tenable Enclave Security.
In the Syslog section, you can configure options to allow Tenable Security Center to send administrative log events to the local syslog service. For more information about the types of Tenable Security Center logs, see the knowledge base article.
Option |
Description |
---|---|
Enable Forwarding | Enables log forwarding options. |
Facility | Type the facility you want to receive the log messages. |
Severity | Specifies which syslog message levels you want to forward: Informational, Warning, or Critical. |
Scanning
The IP Randomization option specifies how you want Tenable Security Center to send active scan target lists to Tenable Nessus and Tenable Vulnerability Management scanners.
You enable or disable IP randomization for all configured active scans; you cannot configure IP randomization on a per-scan basis.
-
When enabled, Tenable Security Center randomizes the targets in the active scan before sending the target list to the scanners to reduce strain on network devices during large active scans.
Scan Randomization 1,000 or fewer targets Tenable Security Center randomizes all the IP addresses in the target list.
1,001 or more targets Tenable Security Center randomizes all the IP addresses in the target list by:
- Ordering the IP addresses numerically and splitting them into 100 groups.
- Randomly selecting a group and choosing the lowest IP address from that group.
- Selecting groups and IP addresses until all IP addresses in all groups are randomized in the target list.
If the active scan includes a Tenable Vulnerability Management scanner, Tenable Security Center breaks the target list into smaller lists (256 IP addresses each) before sending to Tenable Vulnerability Management.
Note: Some randomized target lists (such as small target lists) may still contain sequences of increasing IP addresses. This is a possible outcome of randomization, not an indication that randomization failed.
-
When disabled, Tenable Security Center organizes the target list by increasing IP address. Then, scanners scan targets, starting with the lowest IP address and finishing with the highest IP address.
Tip: The Max simultaneous hosts per scan scan policy option specifies how many IP addresses Tenable Security Center sends to each scanner at a time. For more information, see Scan Policy Options.
Notifications
In the Notifications section, you can configure options for Tenable Security Center notifications. For more information, see Notifications.
Option |
Description |
---|---|
Tenable Security Center Location |
Defines the Tenable Security Center web address used when alerts and tickets generate notifications. |
Bell Notifications |
Enables notifications to appear in the menu in the top navigation bar. |
Note: These settings are not available in Tenable Enclave Security.
If your organization requires specialized reporting formats, such as DISA or CyberScope, you can enable Report Generation options based on your organization's needs.
-
Defense Information Systems Agency (DISA) reporting standards include the Assessment Summary Results (ASR), Assessment Results Format (ARF), and Consolidated Assessment Results Format (CARF) styles.
-
CyberScope reports utilize Lightweight Asset Summary Results Schema (LASR) style reports, which are used by some segments of governments and industry.
To allow users to choose these reports during report creation, you must enable the corresponding toggles. For more information about reports in Tenable Security Center, see Reports.
Option |
Description |
---|---|
Enable DISA ARF | Enable the DISA ARF report format, which meets the standards of the Defense Information Systems Agency Assessment Results Format. |
Enable DISA Consolidated ARF | Enable the DISA consolidated ARF report format, which meets the standards of the Defense Information Systems Agency Consolidated Assessment Results Format. |
Enable DISA ASR | Enable the DISA ASR report format, which meets the standards of the Defense Information Systems Agency Assessment Summary Results. |
Enable CyberScope | Enable the CyberScope report format, which meets CyberScope reporting standards to support FISMA compliance. |
You can enable the Recast and Accept Risk Rule Comments option to display accept risk rule comments and recast risk rule comments in reports and vulnerability analysis views.
For more information about recast risk rules and accept risk rules, see Recast Risk Rules and Accept Risk Rules.
For more information about vulnerability analysis views, see View Vulnerability Instance Details and View Vulnerabilities by Plugin.
If you have configured an external Postgres database, this section displays the connection information for the database.
Privacy
The Enable Usage Statistics option specifies whether Tenable collects anonymous telemetry data about your Tenable Security Center deployment.
When enabled, Tenable collects usage statistics that cannot be attributed to a specific user or customer. Tenable does not collect personal data or personally identifying information (PII).
Usage statistics include, but are not limited to, data about your visited pages, your used reports and dashboards, your Tenable Security Center license, and your configured features. Tenable uses the data to improve your user experience in future Tenable Security Center releases. You can disable this option at any time to stop sharing usage statistics with Tenable.
After you enable or disable this option, all Tenable Security Center users must refresh their browser window for the changes to take effect.
Note: These settings are not available in Tenable Enclave Security.
The License Configuration section allows you to configure licensing and activation code settings for Tenable Security Center and all attached Tenable products.
For information about the Tenable Security Center license count, see License Requirements. To add or update a license, see Apply a New License or Update an Existing License.
The Plugins/Feed Configuration page displays the Plugin Detail Locale for Tenable Security Center and the feed and plugin update (scanner update) schedules.
For more information, see Edit Plugin and Feed Settings and Schedules.
Update |
Description |
---|---|
Tenable Security Center Feed |
Retrieves the latest Tenable Security Center feed from Tenable. This feed includes data for general use, including templates (for example, dashboards, ARCs, reports, policies, assets, and audit files), template-required objects, some general plugin information, and updated VPR values. |
Active Plugins |
Retrieves the latest active plugins feed (for Tenable Nessus and Tenable Vulnerability Management scanners) from Tenable. Tenable Security Center pushes the feed to Tenable Nessus and Tenable Vulnerability Management scanners. |
Passive Plugins |
Retrieves the latest passive plugins feed from Tenable. Tenable Security Center pushes the feed to Tenable Nessus Network Monitor instances. |
Event Plugins |
Retrieves the latest event plugins feed from Tenable. Tenable Security Center uses the feed locally with Log Correlation Engine data but does not push the feed to Log Correlation Engine; Log Correlation Engine retrieves the feed directly from Tenable. |
For information about Tenable Security Center-Tenable plugins server communications encryption, see Encryption Strength.
Plugin Detail Locale
The local language plugin feature allows you to display portions of plugin data in local languages. When available, translated text displays on all pages where plugin details appear.
Select Default to display plugin data in English.
Note: Tenable Security Center cannot translate text within custom files. Upload a translated Active Plugins.xml file to display the file content in a local language.
For more information, see Configure Plugin Text Translation.
Tenable Security Center automatically updates Tenable Security Center feeds, active plugins, passive plugins, and event plugins. If you upload a custom feed or plugin file, the system merges the custom file data with the data contained in the associated automatically updating feed or plugin.
You can upload tar.gz files with a maximum size of 1500 MB.
For more information, see Edit Plugin and Feed Settings and Schedules.
Security Center Software Updates
The Security Center Software Updates section includes options for applying updates and patches for Tenable Security Center.
In the Authorization Token box, enter your authorization token. You can generate an authorization token on the Tenable Downloads API page.
If you enable the Automatically Update Through the Security Center Feed option, then Tenable Security Center automatically applies any available Tenable Security Center patches during scheduled feed updates.
Note: Some patches cannot be applied through the feed, and must be installed manually.
Available Software Updates
New updates and patches for Tenable Security Center appear in the Available Software Updates section of the Plugins/Feed Configuration page.
The Install Now tab displays available software updates for download. You can install them immediately by selecting the check box and clicking Install Now. If you enable the Automatically Update Through the Security Center Feed option in the Security Center Software Updates section, then Tenable Security Center will automatically apply these updates and patches during scheduled feed updates.
The Install Manually tab includes software updates that must be installed manually. You can download the files for these updates and patches from the Tenable Downloads page.
If you install a software update but the installation fails, the update will appear in the Available Software Updates section with a warning icon. Click the software update in the table to view details about the error.
Installed Software Updates
When you install a software update, it moves from the Available Software Updates section to the Installed Software Updates section. If a software update requires a restart to finish installing, the status for the update in the Installed Software Updates section will be Needs Restart. After you complete a software update, the status for the update will be Installed.
Use the SAML section to configure SAML 2.0-based SAML authentication (for example, Okta, OneLogin, Shibboleth 2.0, etc.) for Tenable Security Center users. For more information, see SAML Authentication.
Use the Security section to define the Tenable Security Center user interface login parameters and options for account logins. You can also configure banners, headers, and classification headers and footers.
Option |
Description |
---|---|
Authentication Settings | |
Session Timeout |
The web session timeout in minutes (default: 60). |
Maximum Login Attempts |
The maximum number of user login attempts Tenable Security Center allows before locking out the account (default: 20). To disable this feature, set the value to 0. |
Minimum Password Length |
This setting defines the minimum number of characters for passwords of accounts created using the local TNS authentication access (default: 3). |
Password Complexity |
When enabled, user passwords must be at least 4 characters long and contain at least one of each of the following:
Note: After you enable Password Complexity, Tenable Security Center prompts all users to reset their passwords the next time they log in to Tenable Security Center. Note: If you enable Password Complexity and set the Minimum Password Length to a value greater than 4, Tenable Security Center enforces the longer password requirement. |
Startup Banner Text |
Type the text banner that appears before to the login interface. |
User Text | Adds custom text to the bottom of the user profile menu. You can use the text to identify a company, group, or other organizational information (maximum 128 characters). |
Classification Type |
Adds a header and footer banner to Tenable Security Center to indicate the classification of the data accessible via the software. Current options are None, Custom, Unclassified, Confidential, Secret, Top Secret, and Top Secret – No Foreign. If you select Custom, the following options appear:
Note: Custom banners in reports are supported only for Arial Regular font. Note: If you set Classification Type to an option other than None, users can only see the plain report styles. The Tenable report styles do not support the classification banners. |
Allow API Keys | When enabled, allows users to generate API keys as an authentication method for Tenable Security Center API requests. For more information, see Enable API Key Authentication. |
Allow Session Management | This setting is disabled by default. When enabled, the Session Limit option appears. This feature displays the option that allows administrators to set a session limit for all users. |
Disable Inactive Users |
When enabled, Tenable Security Center disables user accounts after a set period of inactivity. You cannot use a disabled user account to log in to Tenable Security Center, but other users can use and manage objects owned by the disabled user account. |
Days Users Remain Enabled | When you enable Disable Inactive Users, specify the number of inactive days you want to allow before automatically disabling a user account. |
Session Limit |
Specifies the maximum number of sessions a user can have open at once. If you log in and the session limit has already been reached, Tenable Security Center notifies you that the oldest session with that username will be logged out automatically. You can cancel the login or proceed with the login and end the oldest session. Note: This behavior is different for Common Access Cards (CAC) logins. Tenable Security Center does not check active sessions for CAC authentication. |
Login Notifications | Sends notifications for each time a user logs in. |
WebSeal |
Allows you to enable or disable WebSEAL. WebSEAL supports multiple authentication methods, provides Security Access Authorization service, and single sign-on capabilities. Caution: Before the user that enabled WebSEAL logs out of Tenable Security Center, Tenable Security Center strongly recommends confirming, in a separate session, that at least one user (preferably an administrator user) is able to log in successfully via WebSEAL. Otherwise, if there is an issue, no one will be able to access Tenable Security Center to turn off WebSEAL. Caution: Any user created while WebSEAL is enabled will not have a password. An administrator must update the user account to establish a password. Any user that existed before enabling WebSEAL must revert to their old password. |
PHP Serialization | |
Operational Status |
Summarizes your current setting. |
PHP Serialization Mode |
Specifies whether you want to allow or prevent PHP serialization in Tenable Security Center.
|
Scanners |
|
Picture in Picture |
When enabled, allows administrators to view and manage Tenable Nessus scanner configurations from the Tenable Security Center user interface. For more information, see Enable Picture in Picture. Note: You cannot use Picture in Picture with a Tenable Nessus scanner if you enabled Use Proxy for the scanner or if the scanner's Authentication Type is SSL Certificate. For more information, see Tenable Nessus Scanner Settings. |
FIPS 140-2 Configuration |
|
Operational Status |
Summarizes whether FIPS 140-2 mode is currently enabled or disabled. |
FIPS 140-2 Mode |
Specifies whether you want to enable or disable FIPS mode for communication. Switching from one mode to the other requires a restart. For more information, see Start, Stop, or Restart Tenable Security Center. |
If you have a Tenable Vulnerability Management license to use Tenable Lumin with Tenable Security Center, you can configure your Tenable Security Center data to synchronize to Tenable Vulnerability Management for Tenable Lumin analysis.
For more information, see Tenable Lumin Synchronization.