Tenable for Google Cloud Platform

Similar documents
PVS Subscription Registration Process

Nessus Manager Registration Process

Tenable for McAfee epolicy Orchestrator

How to Add, Deactivate, or Edit a Contact

Tenable for McAfee epolicy Orchestrator

Tenable.io for Thycotic

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

How-to Guide: Tenable for McAfee epolicy Orchestrator. Last Updated: April 03, 2018

Tenable for Palo Alto Networks

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

How to Register for Training

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

How to Transition from Nessus to SecurityCenter Reports

How-to Guide: Tenable Core Web Application Scanner for Microsoft Azure. Last Updated: May 16, 2018

Services. This document. describes how comments and. it is in. Tenable.io and. Tenable.io

Tenable for ServiceNow. Last Updated: March 19, 2018

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Transforming Security from Defense in Depth to Comprehensive Security Assurance

LCE Web Query Client 4.8 User Manual. Last Revised: January 11, 2017

July 18, (Revision 3)

Speed Up Incident Response with Actionable Forensic Analytics

Protecting Critical Infrastructure. SCADA Network Security Monitoring

SYMANTEC DATA CENTER SECURITY

ForeScout Extended Module for Qualys VM

Comodo Certificate Manager

Tenable.io User Guide. Last Revised: November 03, 2017

Community Edition Getting Started Guide. July 25, 2018

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker

Infoblox as Part of the Ecosystem

Drive digital transformation with an enterprise-grade Managed Private Cloud

Datacenter Management and The Private Cloud. Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education

Tenable Nessus Customer Loyalty Program to Purchase PVS Subscription

Vulnerability Management

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Comodo Dome Shield - Admin Guide

Course AZ-100T01-A: Manage Subscriptions and Resources

Google Identity Services for work

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

ForeScout Amazon Web Services (AWS) Plugin

ForeScout Extended Module for Tenable Vulnerability Management

Enhanced Threat Detection, Investigation, and Response

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

ForeScout Extended Module for ServiceNow

Best Practices in Securing a Multicloud World

Device Discovery for Vulnerability Assessment: Automating the Handoff

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Tenable SCAP Standards Declarations. June 4, 2015 (Revision 11)

How to Secure Your Cloud with...a Cloud?

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

ForeScout CounterACT. Configuration Guide. Version 1.1

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Transform to Your Cloud

ForeScout Extended Module for ServiceNow

ForeScout Extended Module for VMware AirWatch MDM

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

Cisco Cloud Application Centric Infrastructure

McAfee Cloud Workload Security Product Guide

Centrify Identity Services for AWS

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

How-to Guide: Tenable Applications for Splunk. Last Revised: August 21, 2018

Endpoint Security. powered by HEAT Software. Patch and Remediation Best Practice Guide. Version 8.5 Update 2

ForeScout Extended Module for Carbon Black

Datacenter Security: Protection Beyond OS LifeCycle

Microsoft Security Management

SecOps : Security Operations. Saurav Sinha Head of Presales India

CloudHealth. AWS and Azure On-Boarding

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Please give me your feedback

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

Log Correlation Engine 4.4 Statistics Daemon Guide. February 26, 2015 (Revision 1)

ALERT LOGIC LOG MANAGER & LOG REVIEW

SIEMLESS THREAT DETECTION FOR AWS

SecurityCenter 5.1 Upgrade Guide. November 12, 2015 (Revision 2)

Managed Security Services - Endpoint Managed Security on Cloud

BT Compute. BT Private Compute. Dedicated cloud infrastructure hosting your IT. BT Compute

Nessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

Overview. HPE Complete SafeBreach

Sentinet for Microsoft Azure SENTINET

Securing Your Amazon Web Services Virtual Networks

Hybrid Cloud 1. ebookiness created by the HPE Europe Division of Ingram Micro

Comodo IT and Security Manager Software Version 5.4

SecurityCenter 4.8.x Upgrade Guide. December 16, 2014 (Revision 1)

ForeScout App for IBM QRadar

Risk Intelligence. Quick Start Guide - Data Breach Risk

LCE Splunk Client 4.6 User Manual. Last Revised: March 27, 2018

Securing the Cloud Today: How do we get there?

White Paper. How to Write an MSSP RFP

Transcription:

How-To Guide Tenable for Google Cloud Platform Introduction This document describes how to deploy Tenable SecurityCenter Continuous View (Security Center CV ) for integration with Google Cloud Platform. Please email any comments and suggestions to support@tenable.com. Organizations have been faced with the challenges of maintaining the security of traditional, on-premises datacenters for years. As many organizations begin to transition key infrastructure to cloud services, such as Google Cloud Platform, the challenges for IT departments continually increase. Knowing what systems and applications are running in your environment, and who and what devices are trying to gain access, only becomes more complex in a hybrid environment. Moving infrastructure and workload to Google Cloud Platform enables business agility, lowers costs and increases innovation, but it also introduces a new layer of security complexity. To reduce the attack surface and prevent compromise in a hybrid environment, organizations must be able to confidently answer these key questions: Are logs being collected for all of my assets, including those from cloud environments like Google Cloud Platform? Have there been any brute force login attempts or unauthorized web application scans? How many virtual machines are running in the cloud environment and when are new hosts created? So, how do organizations ensure complete visibility into their entire IT infrastructure to be able to answer those questions? Tenable secures both on-premises environments and Google Cloud Platform through the use of SecurityCenter Continuous View. SecurityCenter CV integrates with Google Cloud Platform to enable organizations to continuously monitor their cloud environment to help eliminate blind spots. As a result, organizations can employ a single technology for monitoring hybrid environments, thereby eliminating the need to purchase, deploy and manage multiple tools. The Log Correlation Engine (LCE ), a component of SecurityCenter CV, integrates with the Google Cloud Platform Publish and Subscription service to provide the following benefits: Complete view of on-premises and Google Cloud Platform environments in one interface (SecurityCenter CV) saves time and money purchasing, deploying and maintaining multiple solutions Discover malicious or unauthorized activity through SecurityCenter CV alerts, resulting in a quicker time to resolution and a better assurance of your security posture Achieve compliance goals more easily through new host discovery to uncover when new systems are provisioned

Integration Configuration Google Cloud Platform Configuration In order to access Google Cloud Platform, customers are required to create and activate an account at https://cloud.google.com. Once the Google Cloud Platform account is active, users can log into https://console.cloud.google.com to begin integration configuration. To enable Google Pub/Sub logging, begin by clicking on the hamburger button (three horizontal lines) in the top-left hand corner. Select Permissions from the drop-down menu. 2

Navigate to Service accounts and select Create service account. In the Create service account window, enter a name for the service account and enable the Furnish a new private key option. The JSON key type is the required setting and is enabled by default. Click Create to complete the service account setup. The service account s public/private key pair will be stored locally on the system used to create the account. It is the only copy of the key and will need to be stored securely. 3

Once the service account is set up, click the hamburger button in the top-left corner and select API Manager. Navigate to Credentials in the left-hand menu, click Create credentials, and select the Service account key option in the drop-down menu. 4

Click the Service account drop-down and select the previously created service account. JSON is the required Key type and is enabled by default. Click Create to complete the credentials setup. The JSON key will be automatically downloaded and will be used during the LCE Web Query Client policy configuration. Click the hamburger button in the top-left corner and navigate to Pub/Sub. 5

Click Create topic and enter a descriptive name for the topic. Click Create. Once created, the new topic will appear in the Topic list. Hover the mouse over the newly created topic and a + New subscription option will appear to the right of the topic. Click the + New subscription button. Enter a descriptive name for the subscription and ensure that the Delivery Type is set to Pull. This will allow the LCE Web Query Client to pull the logs from the Pub/Sub subscription. Click Create to create the new subscription. 6

Tenable recommends making note of the Subscription URI as it will be needed for the LCE Web Query Client configuration. Click the hamburger button on the top-left corner and navigate to Logging. Select Exports from the left-hand menu. From the Select service drop-down, select the service(s) you wish to be able to log with the LCE Client. If all services are to be logged, check the All sources checkbox. Once the service(s) is selected, click + Add item button. Next, click the drop-down under Publish to Pub/Sub topic and select the previously created topic. Click Save to complete the configuration within Google Cloud Platform. 7

Tenable Log Correlation Engine Configuration The Tenable Log Correlation Engine (LCE) version 4.8+ and LCE Web Query Client version 4.6+ are both required for integration with Google Cloud Platform. The software downloads and installation instructions for both are available on the Tenable Support Portal. Once the LCE and LCE Web Query Client have been installed and initial configurations have been performed, log in to the LCE web console and navigate to Clients. The LCE Web Query Client should appear in the client list if it was configured correctly during the initial setup. If the LCE Web Query Client does not appear in the client list as shown in the screenshot below, please refer to the LCE 4.8 User Guide for troubleshooting tips. 8

Navigate to Policies and click Add policy. Click the OS drop-down and select the OS of the system the LCE Web Query Client is installed on. Next, click the Client drop-down and select LCE Web Query. Click Start Editing. 9

To allow the LCE Web Query Client to interact with Google Cloud Platform, the default_rhel_web.lcp policy requires modification. Begin by clicking the + to the right of Group to add a new group endpoint. Enter a name for the Add a new endpoint group and configure the Optional parameters. Refer to Table 1: Add a New Endpoint Group below for a description of each field. 10

Table 1: Add a New Endpoint Group Options Endpoint Group Option Description Name Usage limit Usage limit type Enter a descriptive name for the Google Cloud Platform endpoint. The limit of calls or bytes the LCE Web Client can make to Google Cloud Platform. Bytes can be set to an integer followed by K (Kilobyte), M (Megabyte) or G (Gigabyte). Set to unlimited for no limit restriction. Groups can be limited by either bytes or calls. Usage limit reset period Frequency that the usage limit will reset to zero. Usage limit start day Defines the starting day when the time parameter is set to monthly. Click the + Add Google Cloud endpoint option to add the endpoint. Once the endpoint is added, enter an Endpoint name and select the Active checkbox. Specify the Query interval (in seconds) that the LCE Web Query Client communicates with Google Cloud Platform. Enter the JSON service account key and Subscription information generated during the Google Cloud Platform configuration. Click Save. 11

Once the policy file has been modified, click + Save as in the upper right-hand corner and enter a descriptive name. Click OK. Once the policy is saved, navigate to Clients and click the LCE Web Query Client. Click the Policy drop-down and select the previously created Google Cloud policy. Click Update. 12

The LCE Web Query Client will now begin monitoring Google Cloud Platform logs. To verify the logs are being imported into SecurityCenter, log into your SecurityCenter instance, navigate to Analysis, and click Events from the drop-down. Click the Type Summary drop-down and select Normalized Event Summary. 13

Click >> to the left of Normalized Event Summary to expand the Filters section and click Select Filters. Check the boxes next to the Timeframe, Syslog Text, LCEs, Normalized Event and Type filters and click Apply to add each filter. 14

Click the Syslog Text filter, type google in the text box and click OK. Click the Type filter, select unnormalized from the list and click OK. Click Apply All to display the Google Cloud Platform syslog events. About Tenable Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats and reduces exposure and loss. With more than one million users and more than 21,000 customers worldwide, organizations trust Tenable for proven security innovation. Tenable customers range from Fortune Global 500 companies, to the global public sector, to mid-sized enterprises in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com. 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback