Compliance in Tenable Vulnerability Management Scans
Note: If a scan is based on a user-defined
Tenable Vulnerability Management can perform vulnerability scans of network services as well as log in to servers to discover any missing patches.
However, a lack of vulnerabilities does not mean the servers are configured correctly or are “compliant” with a particular standard.
You can use Tenable Vulnerability Management to perform vulnerability scans and compliance audits to obtain all of this data at one time. If you know how a server is configured, how it is patched, and what vulnerabilities are present, you can determine measures to mitigate risk.
At a higher level, if this information is aggregated for an entire network or asset class, security and risk can be analyzed globally. This allows auditors and network managers to spot trends in non-compliant systems and adjust controls to fix these on a larger scale.
When configuring a scan or policy, you can include one or more compliance checks, also known as audits. Each compliance check requires specific credentials.
Some compliance checks are preconfigured by Tenable, but you can also create and upload custom audits.
For more information on compliance checks and creating custom audits, see the Compliance Checks Reference.
Note: The maximum number of audit files you can include in a single Policy Compliance Auditing scan is limited by the total runtime and memory that the audit files require. Exceeding this limit may lead to incomplete or failed scan results. To limit the possible impact, Tenable recommends that audit selection in your scan policies be targeted and specific for the scan's scope and compliance requirements.
Compliance Check | Required Credentials |
---|---|
Adtran AOS | SSH |
Alcatel TiMOS | SSH |
Amazon AWS | Amazon AWS |
Arista EOS | SSH |
Aruba0S | SSH |
Blue Coat ProxySG | SSH |
Brocade FabricOS | SSH |
Check Point GAiA | SSH |
Cisco ACI | SSH |
Cisco Firepower | SSH |
Cisco IOS | SSH |
Cisco Viptela | SSH |
Citrix Application Delivery | SSH |
Database | Database |
Extreme ExtremeXOS | SSH |
F5 | F5 |
FireEye | SSH |
Fortigate FortiOS | SSH |
Generic SSH | SSH |
Google Cloud Platform | SSH |
HP ProCurve | SSH |
Huawei VRP | SSH |
IBM DB2 DB | Database |
IBM iSeries | IBM iSeries |
Juniper Junos | SSH |
Microsoft Azure | Microsoft Azure |
Mobile Device Manager | AirWatch or Mobileiron |
MongoDB | MongoDB |
Microsoft SQL Sever DB | Database |
MySQL DB | Database |
NetApp API | NetApp API |
NetApp Data ONTAP | SSH |
OpenShift | OpenShift Container Platform |
OpenStack | OpenStack |
Oracle DB | Database |
NetApp Data ONTAP | SSH |
Palo Alto Networks PAN-OS | PAN-OS |
Rackspace | Rackspace |
RHEV | RHEV |
Salesforce.com | Salesforce SOAP API |
SonicWALL SonicOS | SSH |
Splunk | Splunk API |
Sybase DB | Database |
Unix | SSH |
Unix File Contents | SSH |
VMware vCenter/vSphere | VMware ESX SOAP API or VMware vCenter SOAP API |
WatchGuard | SSH |
Windows | Windows |
Windows File Contents | Windows |
Zoom | Zoom |
ZTE ROSNG | SSH |