This report template identifies the details on systems vulnerable to the newly identified HeartBleed vulnerability. Using all the tools available to SecurityCenter users, Tenable has several methods of identifying vulnerable systems.
↧
HeartBleed Report
↧
Social Network Activity Executive Report
This report presents information about social networking activity on the network.
↧
↧
FortiGate Scan Report
This report leverages the Tenable FortiGate Best Practices Audit and other plugins to provide security settings and other useful information on FortiGate device configuration to an administrator.
Requirements:
- root/admin SSH credentials for FortiGate FortiOS device.
- Plugin ID #70272 (Fortigate FortiOS compliance checks)
- Audit File for Fortigate (TNS_Fortigate_Best_Practices.audit)
- FortiOS Dynamic Asset
Security settings included in this audit:
↧
System Configuration Report
This report presents configuration information for all hosts on the network that have been scanned by Nessus.
↧
Admin Discovery Report
This report displays details on Administrator accounts that have been found in your environment via LCE and active Nessus scanning.
Provided are details on:
- Administrative accounts that have been identified within the environment.
- Accounts that are listed as being 'admin', 'administrator', or 'root' are displayed, along with any other accounts provisioned on the system.
This can be easily configured to your own environment if required by altering the filter for vulnerability text.
↧
↧
Internet Explorer Zero Day Report
The latest zero-day Internet Explorer vulnerability leaves organizations open to new attacks using remote execution exploits. How vulnerable is your organization? With this report, SecurityCenter customers can better analyze risk and create remediation strategies.
↧
Cloud Storage Executive Report
This report presents interactions with cloud file storage services, such as Dropbox, OneDrive, and iCloud, detected over the last 7 days.
↧
Nessus Scan Report (Top 5)
For customers who use Nessus for vulnerability scanning and then move to SecurityCenter, vulnerability reporting may be somewhat challenging. This report mimics the look and feel of a typical Nessus scanner vulnerability report. This report is similar to a previously released report titled 'Nessus Scan Report'. This report limits the results to the Top 5 Vulnerabilities, for each severity level, across the scanned hosts.
↧
Web Activity Report
This report presents web activity detected in the last 72 hours, with some 7-day trending. This report can be used to monitor web accesses and look for suspicious or potentially unauthorized activity.
↧
↧
SCAP Audit Summary Report
SecurityCenter users are able to embrace the NIST security automation agenda through more efficient use of devices with SCAP audit file support, and advanced reporting using the dashboards and reports native to SecurityCenter.
↧
CVE Iterator Report
This report displays CVE vulnerability information. The first section of the report provides graphical CVE summary results in 5 year blocks by severity. It is followed by a CVE Trend over the last 90 days, a mitigated CVE total bar chart, and a pie chart of existing CVE severity vulnerabilities for the last 5 years.
Chapter two displays a table of all CVE Vulnerabilities by CVE ID, the severity, and number of hosts/totals that contain the vulnerability.
Three charts are presented:
↧
Passive OS Detection Report
This report presents passive detections of operating systems, using PVS plugin 1. Charts present the number of hosts with detected operating systems within major groups, as well as a 7-day trends of detections. A table presents all the operating systems detected on the network, with host counts.
↧
OpenSSL ChangeCipherSpec Report
As new threats emerge in networks, SecurityCenter customers are able to properly identify risk. This report identifies systems vulnerable to the new OpenSSL ChangeCipherSpec vulnerability.
↧
↧
FireEye Status Report
This Report and all associated components require the following:
- Nessus audit file, and successful post scan audit file results. [TNS_BestPractice_FireEye.audit]
- FireEye Dynamic Asset. [FireEye Appliances]
This report leverages the Tenable FireEye Best Practices Audit, and Dynamic Asset to provide security settings and other useful information on FireEye device configuration to an administrator.
Requirements are:
↧
OWASP Top 10 Report
Web application security is a key concern for SecurityCenter users. The software security community created the Open Web Application Security Project (OWASP) to help educate developers and security professionals. This report provides SecurityCenter users the ability to monitor web application security by identifying the top 10 most critical web application security flaws as described in OWASP's Top Ten awareness document.
↧
Qualitative Risk Analysis with CVSS Scores
Information Security professionals continuously perform various types of risk assessments within their environment. SecurityCenter users have a secret weapon in the battle to properly assess risk, and that weapon is SecurityCenter's native ability to fully use the CVSS scoring system.
↧
Unknown Processes
This report displays unknown processes, gray area processes, and known installed software across a series of components.
↧
↧
Incident Response Report
This report displays incident response details on Systems that have been found in your environment to have active intrusion events. Intrusion events are events that are triggered by plugin 800125 - Long Term Intrusion Activity, or 800017 - Intrusion Statistics..
↧
MAS TRM Guidelines Report
The Monetary Authority of Singapore (MAS) published new Technology Risk Management (TRM) Guidelines in June 2013. The MAS TRM Guidelines report provides a high-level overview of information relevant to specific sections in the TRM Guidelines. The applicable sections of the TRM Guidelines are noted for each component in the report.
↧
Event Analysis Report
This report contains information that provides an overview of collected events. This provides the analyst with many different methods to quickly locate actionable context in your data. Its counterpart is the Event Analysis Dashboard.
↧