Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Personalizing Your Tenable.io Scans

Tenable.io™ Scan and Policy Templates allow you to set up scans with minimal configuration. There are templates for many tasks, such as Host Discovery, detecting the latest headline-grabbing malware, managing mobile devices and more. However, your network is constantly evolving. Eventually the predefined templates will not satisfy the needs of your network. With Tenable.io, you can optimize the management of your network’s cyber risk by designing and launching customized vulnerability scans that are tailored to your organization.

Tenable.io Scan Templates

Each template enables a specific set of plugins, and each plugin performs a different security check. By choosing the “Advanced Network Scan” template, you can select your own plugins. Similar plugins are broken up into Plugin Families. These Plugin Families may include plugins that run local checks, which require authentication credentials and test for vulnerabilities specific to the host manufacturer or OS distribution, or remote checks that do not gain access to the host before running the test.

Tenable.io Scan Template Plugins

Creating a customized Advanced Network Scan policy is a good way to ensure that you receive the necessary information regarding your network’s cyber risk and exposure in a timely fashion.  

Enumerating All the Windows User IDs

In the “Windows” section of “Assessment” tab, you have the option to Enumerate Domain Users and Local Users for a given range of User IDs (UIDs). The default range for both Local and Domain Users is between 1,000 and 1,200. When a new user is created, a new UID is assigned starting at 1,000, and automatically increases by one for each addition. UIDs are never reused. So, this range would cover the first 200 UIDs that were assigned to new users.  

Tenable.io Windows ID

However, if you are part of a large organization in which more than 200 people have had user-level access to the network, then you may want to consider changing the “End UID” to 20,000 (or greater), thus ensuring all accounts are identified. Also, the default range does not account for UID 500, where the default local administrator account is enumerated.

Tenable.io Windows ID Changed

Compliance Analysis

Tenable.io offers three different types of compliance checks. Standards-based auditing evaluates the configuration of your machines against standards set by third-party organizations, like the Center for Internet Security (CIS) or the Department of Defense’s Defense Information Systems Agency (DISA). Content auditing searches through file contents to look for sensitive information, like plaintext credit card numbers. Finally, network infrastructure auditing checks that configuration of routers, switches, firewalls and other devices are in line with internal policies.

When a compliance audit is conducted, an audit file is used to configure the check. There is a wide variety of compliance audit files available in Tenable.io. Audit files are available on Tenable.io directly through the Customer Support Portal, or you can write a custom audit file.

VMWare Compliance in Tenable.io

For example, the CIS VMware ESXi 5.5 v1.2.0 Level 1 audit file lets you set the NTP server address, designate privileged users and more. Under “DCUI Access Users” in the settings of compliance audit, you can list trusted users that are able to override the lockdown mode initiated by the scanner. The “DCUI Access Users” list is useful if there is more than one privileged account to ensure that the override lockdown mode is not bestowed upon just one user. The field labeled “SSH session timeout” allows you to restrict the scanner to a designated number of minutes after which an idle SSH session will terminate. Setting a shorter SSH session timeout limit can increase scan efficiency, otherwise scanners can waste a lot of time in an idle session. Note that this compliance check requires credentials to complete the audit. However, not every compliance audit requires credentials.

Preparing for the Future

By choosing appropriate scan settings, you can streamline the scans on your network to be as comprehensive or lightweight as needed. With the proliferation of IoT, the average size of networks is growing quicker than ever before. By 2020, there will be an estimated 70+ billion internet-connected “things” across the world. To prepare, you’ll need to understand all of the nooks and crannies of your network. Then, you can plan your scans accordingly.

Tenable.io is an easy-to-use platform with preconfigured templates that allow you to hit the ground running. However, to comprehensively manage your network’s elastic attack surface, you must optimize the tools for the particular needs of your network.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training