Configuration Settings

The configuration menu includes the following settings:

Data Expiration Settings

Data expiration determines how long Tenable.sc retains acquired data.

Option

Description

Active

The number of days you want Tenable.sc to retain active or agent scan vulnerability data stored in IP repositories. The default value of this option is 365 days.

Passive

The number of days you want Tenable.sc to retain NNM and Industrial Security vulnerability data stored in IP repositories. The default value of this option is 7 days.

Event

The number of days you want Tenable.sc to retain LCE event data stored in IP repositories. The default value of this option is 365 days.

Compliance

The number of days you want Tenable.sc to retain audit compliance data stored in IP repositories. The default value of this option is 365 days.

Mitigated

The number of days you want Tenable.sc to retain mitigated vulnerability data. The default value of this option is 365 days.

Agent

The number of days you want Tenable.sc to retain agent scan vulnerability data stored in agent repositories. The default value of this option is 365 days.

Closed Tickets

The number of days you want Tenable.sc to retain closed tickets. The default value of this option is 365 days.

Scan Results

The number of days you want Tenable.sc to retain scan results. The default value of this option is 365 days.

Report Results

The number of days you want Tenable.sc to retain report results. The default value of this option is 365 days.

External Schedules Settings

The Tenable.sc external schedule settings are used to determine the update schedule for the common tasks of pulling NNM and Industrial Security data, IDS signature updates, and IDS correlation updates.

Option

Description

Pull Interval

This option configures the interval that Tenable.sc will use to pull results from the attached NNM and Industrial Security instances. The default setting is 1 hour. The timing is based from the start of the Tenable.sc service on the host system.

IDS Signatures

Frequency to update Tenable.sc IDS signatures via third-party sources. The schedule is shown along with the time zone being used.

IDS Correlation Databases

Frequency to push vulnerability information to the LCE for correlation. The schedule is shown along with the time zone being used.

Each of the update schedule times may also be configured to occur by time in a particular time zone, which can be selected via the Time Zone link next to each hour selection.

Lumin Settings

If you have a Tenable.io license to use Lumin with Tenable.sc, you can configure your Tenable.sc data to synchronize to Tenable.io for Lumin analysis.

For more information, see Lumin Synchronization.

Mail Settings

The Mail option designates SMTP settings for all email related functions of Tenable.sc. Available options include SMTP host, port, authentication method, encryption, and return address. In addition, a Test SMTP Settings link is displayed in the top left of the page to confirm the validity of the settings.

Note: The Return Address defaults to [email protected]. Use a valid return email address for this option. If this option is empty or the email server requires emails from valid accounts, the email will not be sent by the email server.

Note: Type the Username in a format supported by your SMTP server (for example, [email protected] or domain\username).

Miscellaneous Settings

The Miscellaneous Configuration section offers options to configure settings for web proxy, syslog, notifications, and enable or disable a variety of reporting types that are encountered and needed only in specific situations.

Web Proxy

From this configuration page, a web proxy can be configured by entering the host URL (proxy hostname or IP address), port, authentication type, username, and password. The host name used must resolve properly from the Tenable.sc host.

Syslog

The Syslog section allows for the configuration and sending of Tenable.sc log events to the local syslog service. When Enable Forwarding is enabled, the forwarding options are made available for selection. The Facility option provides the ability to enter the desired facility that will receive the log messages. The Severity option determines which level(s) of syslog messages will be sent: Informational, Warning, and/or Critical.

Scanning

The IP Randomization option specifies how you want Tenable.sc to send active scan target lists to Nessus and Tenable.io scanners.

You enable or disable IP randomization for all configured active scans; you cannot configure IP randomization on a per-scan basis.

  • When enabled, Tenable.sc randomizes the targets in the active scan before sending the target list to the scanners to reduce strain on network devices during large active scans.

    Scan Randomization
    1,000 or fewer targets

    Tenable.sc randomizes all the IP addresses in the target list.

    1,001 or more targets

    Tenable.sc randomizes all the IP addresses in the target list by:

    1. Ordering the IP addresses numerically and splitting them into 100 chunks.
    2. Randomly selecting a chunk and choosing the lowest IP address from that chunk.
    3. Selecting chunks and IP addresses until all IP addresses in all chunks are randomized in the target list.

    If the active scan includes a Tenable.io scanner, Tenable.sc breaks the target list into smaller lists (256 IP addresses each) before sending to Tenable.io.

    Note: Some randomized target lists (e.g., very small target lists) may still contain sequences of increasing IP addresses. This is a possible outcome of randomization, not an indication that randomization failed.

  • When disabled, Tenable.sc organizes the target list by increasing IP address. Then, scanners scan targets, starting with the lowest IP address and finishing with the highest IP address.

Notifications

The Notifications section defines the Tenable.sc web address used when notifications are generated for alerts and tickets.

Report Generation

Among the reporting standards for the Defense Information Systems Agency (DISA) are the Asset Report Format (ASR) and the Assessment Results Format (ARF) styles. Additionally, there is CyberScope reporting utilizing Lightweight Asset Summary Results Schema (LASR) style reports used by some segments of governments and industry. These formats are typically used only by select groups and organizations for specific needs that do not apply to many organizations.

You must enable the Enable DISA ARF, Enable DISA ASR, and Enable Cyberscope toggles to allow users to choose these report types during report creation. For more information, see Reports.

Privacy

The Enable Usage Statistics option specifies whether Tenable collects anonymous telemetry data about your Tenable.sc deployment.

When enabled, Tenable collects usage statistics that cannot be attributed to a specific user or customer. Tenable does not collect personal data or personally identifying information (PII).

Usage statistics include, but are not limited to, data about your visited pages, your used reports and dashboards, your Tenable.sc license, and your configured features. Tenable uses the data to improve your user experience in future Tenable.sc releases. You can disable this option at any time to stop sharing usage statistics with Tenable.

After you enable or disable this option, all Tenable.sc users must refresh their browser window for the changes to take effect.

License Settings

The License Configuration section allows you to configure licensing and activation code settings for Tenable.sc and all attached Tenable products.

For information about the Tenable.sc license count, see License Requirements. To add or update a license, see Add a License or Update a License.

Plugins/Feed Settings

The Plugins/Feed Configuration page displays the Plugin Detail Locale for Tenable.sc and the feed and plugin update (scanner update) schedules.

For more information, see Edit Plugin and Feed Settings and Schedules.

Update

Description

Tenable.sc Feed

Retrieves the latest Tenable.sc feed from Tenable. This feed includes data for general use, including templates (e.g., dashboards, ARCs, reports, policies, assets, and audit files), template-required objects, some general plugin information, and updated VPR values.

Active Plugins

Retrieves the latest active plugins feed (for Nessus and Tenable.io scanners) from Tenable. Tenable.sc pushes the feed to Nessus and Tenable.io scanners.

Passive Plugins

Retrieves the latest passive plugins feed from Tenable. Tenable.sc pushes the feed to NNM instances and Industrial Security instances.

Event Plugins

Retrieves the latest event plugins feed from Tenable. Tenable.sc uses the feed locally with LCE data but does not push the feed to LCE; LCE retrieves the feed directly from Tenable.

For information about Tenable.sc-Tenable plugins server communications encryption, see Encryption Strength.

Plugin Detail Locale

The local language plugin feature allows you to display portions of plugin data in local languages. When available, translated text displays on all pages where plugin details are displayed.

Select Default to display plugin data in English.

Tenable.sc cannot translate text within custom files. You must upload a translated Active Plugins.xml file in order to display the file content in a local language.

For more information, see Configure Plugin Text Translation.

Schedules

Tenable.sc automatically updates Tenable.sc feeds, active plugins, passive plugins, and event plugins. If you upload a custom feed or plugin file, the system merges the custom file data with the data contained in the associated automatically updating feed or plugin.

You can upload tar.gz files with a maximum size of 1500 MB.

For more information, see Edit Plugin and Feed Settings and Schedules.

SAML Settings

Use the SAML section to configure SAML 2.0 or Shibboleth 1.3-based SAML authentication for Tenable.sc users. For more information, see SAML Authentication.

Security Settings

Use the Security section to define the Tenable.sc web interface login parameters and options for account logins. You can also configure banners, headers, and classification headers and footers.

Option

Description

Authentication Settings

Session Timeout

The web session timeout in minutes (default: 60).

Maximum Login Attempts

The maximum number of user login attempts allowed by Tenable.sc before the account is locked out (default: 20). Setting this value to 0 disables this feature.

Minimum Password Length

This setting defines the minimum number of characters for passwords of accounts created using the local TNS authentication access (default: 3).

Password Complexity

Provides the option to enforce a minimum password length (4 characters) and the use of an upper case letter, lower case letter, numerical character, and special character.

Startup Banner Text

Type the text banner that is displayed prior to the login interface.

Header Text

Adds custom text to the top of the Tenable.sc user interface pages. The text may be used to identify the company, group, or other organizational information. The option is limited to 128 characters.

Classification Type

Adds a header and footer banner to Tenable.sc to indicate the classification of the data accessible via the software. Current options are None, Unclassified, Confidential, Secret, Top Secret, and Top Secret – No Foreign.

Sample header:

Sample footer:

Note: When set to an option other than None, the available report style for users will only show the plain report style types. The Tenable report styles do not support the classification banners.

Allow API Keys When enabled, allows users to generate API keys as an authentication method for Tenable.sc API requests. For more information, see Enable API Key Authentication.
Allow Session Management This setting is disabled by default. When enabled, the Session Limit option will appear. This feature displays the option that will allow the administrator user to set a session limit for all users.
Disable Inactive Users

When enabled, Tenable.sc disables user accounts after a set period of inactivity. A disabled user cannot log in to Tenable.sc, but other users can use and manage objects owned by the disabled user.

Days Users Remain Enabled When Disable Inactive Users is enabled, specifies the number of inactive days you want to allow before automatically disabling a user account.
Session Limit

Any number entered here will be saved as the maximum number of sessions a user can have open at one time.

If you log in and the session limit has already been reached, you will be prompted with a warning that the oldest session with that username will be logged out automatically. You can cancel the login, or proceed with the login and end the oldest session.

Note: This behavior is different for CAC logins. The previously described behavior is bypassed as was the old login behavior.

Login Notifications Sends notifications for each time a user logs in.
WebSeal

Allows you to enable or disable WebSEAL. WebSEAL supports multiple authentication methods, provides Security Access Authorization service, and single sign on capabilities.

Caution: It is strongly advised that the user confirm, in a separate session, that at least one user (preferably an administrator user) is able to log-in successfully via WebSEAL before the user that enabled WebSEAL logs out. Otherwise, if there is an issue, no one will be able to access Tenable.sc to turn WebSEAL off.

Caution: Any user created while WebSEAL was enabled will not have a password and an admin must update the user account to establish a password. Any user that existed before the enabling of WebSEAL must revert to their old password.

PHP Serialization
Operational Status Summarizes your current setting.
PHP Serialization Mode

Specifies whether you want to allow or prevent PHP serialization in Tenable.sc.

  • PHP Serialization ONTenable.sc performs PHP serialization and Tenable.sc features operate as expected.
  • PHP Serialization OFFTenable.sc does not perform PHP serialization and prevents users from importing or exporting the following objects.
    • Assets
    • Scan policies
    • Assurance Report Cards
    • Reports
    • Audit files
    • Dashboards