1 / 23

Vulnerability Types

Vulnerability Types. And How to Use Them. Vulnerabilities and SecurityCenter. Networks have vulnerabilities! SecurityCenter can display network vulnerability information gathered from multiple sources Nessus scans Passive Vulnerability Scanner (PVS) detections

maxime
Télécharger la présentation

Vulnerability Types

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vulnerability Types And How to Use Them

  2. Vulnerabilities and SecurityCenter • Networks have vulnerabilities! • SecurityCenter can display network vulnerability information gathered from multiple sources • Nessus scans • Passive Vulnerability Scanner (PVS) detections • Log Correlation Engine (LCE) detections • Compliance checks

  3. Active Vulnerabilities • Nessus actively scans the network for vulnerabilities • Nessus uses plugins to gather this vulnerability information • Plugin type “Active Vulnerabilities” • Plugin IDs from 10001 to 799999

  4. Active Vulnerabilities Creating an Active Vulnerabilities table…

  5. Active Vulnerabilities – Example • Using in a report or dashboard component This component uses additional filters to discover vulnerability to a specific exploit framework…

  6. Active Vulnerabilities – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID

  7. Active Vulnerabilities • In general, SecurityCenter shows all vulns that have not been mitigated (Cumulative) • For Active Vulnerabilitesonly, SecurityCenter can display those vulns that have been found to be mitigated (Mitigated)

  8. Active Vulnerabilities – Examples • Using the Mitigated source Number of patched vulnerabilities that took 30 days to patch (“Patch Rate”) Number of patches that occurred within the past 30 days (“Patch Date”)

  9. Passive Vulnerabilities • The Passive Vulnerability Scanner (PVS) passively detects vulnerabilities based on the traffic seen on the network • PVS uses plugins to gather this vulnerability information • Plugins type “Passive Vulnerabilities” • Plugin IDs from 1 to 10000

  10. Passive Vulnerabilities Creating a Passive Vulnerabilities table…

  11. Passive Vulnerabilities – Example • Using in a report or dashboard component This component uses additional filters to discover critical vulnerabilities within the last 7 days…

  12. Passive Vulnerabilities – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID

  13. Event Vulnerabilities • The Log Correlation Engine (LCE) detects vulnerabilities based on log events gathered from devices and applications on the network • LCE uses plugins to gather this vulnerability information • Plugin type “Event Vulnerabilities” • Plugin IDs from 800000 to 899999

  14. Event Vulnerabilities Creating an Event Vulnerabilities table…

  15. Event Vulnerabilities – Example • Using in a report or dashboard component This component uses additional filters to discover malware… Note that the Plugin Name text will match anywhere in a plugin’s name and is not case sensitive

  16. Event Vulnerabilities – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID

  17. Compliance Checks • Nessus can be used to run audit scans on the network to measure compliance • Failed compliance checks may indicate vulnerabilities • High severity = Failed check • Informational = Passed check • Medium severity = Check must be performed manually, or an advisory • SecurityCenter uses plugins to gather this compliance information • Plugin type “Compliance” • Plugin IDs from 1000001 and up

  18. Compliance Checks Creating a Compliance Checks table…

  19. Compliance Checks – Example • Using in a report or dashboard component This component uses additional filters to discover specific audit references…

  20. Compliance Checks – Example • Using in an asset Vulnerability types cannot be directly used in assets; instead, use the appropriate range for the plugin ID

  21. Plugins Screen Plugin type

  22. Vulnerabilities and SecurityCenter • Networks have vulnerabilities! • SecurityCenter can display network vulnerability information gathered from multiple sources • All = Vulnerabilities from all sources • Active Vulnerabilities = From Nessus scans • Passive Vulnerabilities = From PVS detections • Event Vulnerabilities = From LCE detections • Compliance = Compliance checks

  23. For Questions Contact Tenable Customer Support Portal

More Related