How to Transition from Nessus to SecurityCenter Reports

Transcription

1 HOW-TO GUIDE How to Transition from Nessus to SecurityCenter Reports Using SecurityCenter for continuous network monitoring and vulnerability assessment will give you a greatly expanded set of features to measure, analyze, and visualize your enterprise-wide security objectives. SecurityCenter can provide a whole new level of insight to help identify gaps where policies fail to meet business objectives, and provide granular detail for investigating and remediating risk. For longtime Nessus users, moving to SecurityCenter will involve a slight learning curve. Until you become familiar with the new dashboards and reports, we ve created the Nessus Scan Report to ease your transition. This report is modeled on the standard Nessus reporting template so you can easily access vulnerability details in a familiar format and avoid disruptions to your security analysis and response processes. Adding the Nessus Scan Report in SecurityCenter The Nessus Scan Report is available through the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. To access the report template in SecurityCenter, click on Reporting in the top menu. This will take you to the Reports page. Click Add.

2 When the Add Report screen appears, select the Threat Detection & Vulnerability Assessments category. Enter Nessus Scan in the search box to narrow the results, and then select Nessus Scan Report in the list provided. 2

3 When the Add Report Template screen appears, you will want to set a Focus. Without a focus, SecurityCenter will generate the report for all repositories, resulting in thousands of pages of data. The Focus section will help you narrow your report to only the Asset, IP address(es)/dns name(s), or Repository you are interested in seeing. For this example, we will select Asset. For more information on using assets, see our How to Use Assets with Dashboards and How to Add Assets to SecurityCenter how-to guides. Select your asset from the drop-down menu (we selected LAN 113). You can also click on and modify the title to keep track of which asset data is being presented in this particular report. 3

4 Once these changes are made, click Add at the bottom of the page. When you return to the report list, you will see that Nessus Scan Report LAN 113 has been created. Manually Adding an Asset to the Nessus Scan Report If the Nessus Scan Report template was installed without a focus defined or if you need to make other changes, you may need to edit the report. To edit, click on the name of the report or on Edit PDF Report in the drop-down menu from the gear icon at the end of the row. 4

5 In the Edit PDF Report screen, you will see three areas where you can modify the report. The first is General, where you can select cover page, header, footer, and Table of Contents options. 5

6 The Definition section will allow you to define which elements to include in the report. For the Nessus Scan Report, we will focus on the iterator and table elements listed in Chapter 2. The first report element we will discuss is the iterator grouping element. The grouping element dynamically applies a base filter to the elements within the iterator in this case, two paragraphs and two tables. 6

7 An iterator will loop through the query results and dynamically create these defined elements based on IP address, port, or vulnerability. To set how the iterator generates output, you can click on the pencil icon that appears when you mouse over the iterator. That will launch the Edit Iterator screen, where you will find the Iterator Type setting. 7

8 For this report, IP Summary is pre-selected to create the data in the Vulnerability by Host chapter that Nessus users expect to see. Within the Iterator, there are two table elements that can also be modified. By mousing over the table element, you can click on the pencil icon to edit. 8

9 The first table is a Results Summary. This will use the Severity Summary tool to provide a count of vulnerabilities by severity. Edit Table screen where you can modify the Results Summary report fields 9

10 The second table in the Nessus Scan Report iterator uses the Vulnerability Detail List tool. This table will provide all known information about each individual vulnerability for each IP address (as determined by the iterator). Edit Table screen where you can modify the Results Details fields 10

11 The third option on the left hand side of the Edit PDF Report screen is Distribution. The Distribution section allows you to determine how the report will be distributed after the PDF is generated. For more information on distribution, please see the SecurityCenter User Guide. Launching your Nessus Scan Report Once you ve created and edited your Nessus Scan Report, you are ready to generate the report. Click on the arrow on the right side of the screen to launch the report. 11

12 You will receive a confirmation if the launch is successful. If you click on Report Results at the top of the screen, you will see that Nessus Scan Report LAN 113 is running. Once the status shows Completed, you can view, publish, or the results by clicking on the gear icon at the end of the row or download the results by clicking on the bullseye icon. 12

13 Viewing your Nessus Scan Report Key Comparisons There are a few minor formatting differences between native Nessus scan reports and SecurityCenter s Nessus Scan Report. These are outlined below. Title page and Table of Contents With SecurityCenter, you ll get the exact same set of information, but with the addition of: A confidentiality statement A repository identifier User ID of the individual who launched the scan An About this Report overview section Nessus title page and Table of Contents SecurityCenter title page and Table of Contents 13

14 Vulnerabilities by Host In Nessus, reporting on vulnerabilities by host will provide the following key information: Scan Information with start and stop times. Host Information with IP address, DNS name, and NetBIOS name, if available to the scanner. A Results Summary with a color-coded list of vulnerabilities by severity. Nessus vulnerability report With the Nessus Scan Report in SecurityCenter, you will get the same information with the following differences: Only the date and time of the Last Scan is displayed not scan start and stop times. Host IP address, DNS name, and NetBIOS name will be displayed at the top of the report, if available. The Results Summary is displayed vertically. The Total number of vulnerabilities will now appear above the Last Scan information and not in this section. This report will include added Repository information. 14

15 SecurityCenter Vulnerabilities by Host report Vulnerability Details SecurityCenter s Nessus Scan Report will include the same drill-down into vulnerability details that was available in the Nessus version. In addition to providing more detail, SecurityCenter does not use color-coded headers by severity in this section (red, orange, yellow, green, or blue). Instead, severity will be simply labeled through text. 15

16 Nessus vulnerability details SecurityCenter vulnerability details 16

17 For More Information If you are transitioning from Nessus to SecurityCenter and are interested in further information about the Nessus Scan Report, you can read more in our SecurityCenter Report Templates resources page or contact Tenable Support. About Tenable Network Security Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable's customers range from Fortune Global 500 companies, to the Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail, and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com. 17