Académique Documents
Professionnel Documents
Culture Documents
Guide
Manual Setup 15
SecurityCenter Configuration 23
Dashboard 26
Add Server 27
Edit Server 29
Delete Server 31
System 32
Restart 35
Shutdown 36
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
System Log 38
Filters 39
Networking 40
Add Bond 41
Add Team 43
Add Bridge 44
Add VLAN 45
Storage 46
Accounts 49
Create User 50
Edit User 51
Change Password 52
Services 53
Targets 54
System Services 55
Sockets 56
Timers 57
Create Timer 58
Paths 59
Diagnostic Reports 60
Generate Report 61
SecurityCenter 62
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Terminal 65
Backup/Restore 66
Backup 67
Restore 70
Update Management 72
Software Updates 75
Server Certificate 78
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Welcome to Tenable Core for SecurityCenter
Tenable Core is Tenable's newest platform for Tenable products. Tenable Core combines the applic-
ation-hosting functionality provided through Tenable Appliance and adds a base operating system,
which streamlines and simplifies deployment by creating an individual build for each Tenable on-
premises application. Tenable Core is a deployment architecture that uses a secure, stable platform to
shorten the time to first scan.
To quickly get started with Tenable Core + Security Center, click Get Started.
Features
l Built upon CentOS 7 and hardened by targeting the CIS standards for RedHat 7 with SELinux
Enabled.
l Consists of Tenable Core and SecurityCenter. These are independent of one other.
See the following list for additional information about CIS standards adopted:
l CIS Benchmarks: Tenable has implemented the following parts of the CIS Level 1 Benchmark on
the Tenable Core:
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
l Ensure GDM login banner is configured - banner message enabled
CIS Level 1 - 2.x
l CIS 2.2.* (disabled packages)
l x11
l avahi-server
l CUPS
l nfs
l Rpc
CIS level 1 - 3.x
l CIS 3.1.* (packet redirects)
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
l 3.2.5 Ensure broadcast ICMP requests are ignored
CIS Level 1 - 4.x
l CIS 4.2.* (rsyslog)
Note: 4.2.1.4 requires knowing the address of the central log host, thus not easily
done in the kickstart.
CIS Level 1 - 5.x
l CIS 5.1.* (cron permissions)
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
l 5.1.4 Ensure permissions on /etc/cron.daily are configured
l 5.3.2 Lockout for failed password attempts - password-auth 'auth [default=die] pam_
faillock.so authfail audit deny=5 unlock_time=900'
l 5.3.2 Lockout for failed password attempts - password-auth 'auth [success=1 default-
t=bad] pam_unix.so'
l 5.3.2 Lockout for failed password attempts - password-auth 'auth required pam_fail-
lock.so preauth audit silent deny=5 unlock_time=900'
l 5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_fail-
lock.so authsucc audit deny=5 unlock_time=900'
l 5.3.2 Lockout for failed password attempts - system-auth 'auth [default=die] pam_
faillock.so authfail audit deny=5 unlock_time=900'
l 5.3.2 Lockout for failed password attempts - system-auth 'auth [success=1 default-
t=bad] pam_unix.so'
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
l 5.3.2 Lockout for failed password attempts - system-auth 'auth required pam_fail-
lock.so preauth audit silent deny=5 unlock_time=900'
l 5.3.2 Lockout for failed password attempts - system-auth 'auth sufficient pam_fail-
lock.so authsucc audit deny=5 unlock_time=900'
l 5.6 Ensure access to the su command is restricted - wheel group contains root
CIS Level 1 - 6.x
l CIS 6.1.* (misc conf permissions)
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Get Started with Tenable Core for SecurityCenter
These processes will help you set up and get started with SecurityCenter in Tenable Core.
Manual Setup
SecurityCenter Configuration
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
SecurityCenter System Requirements
When SecurityCenter runs on Tenable Core, specific system specifications are added and must be main-
tained for version of SecurityCenter provided on Tenable Core. For more guidance or for requirements
needed to upgrade to another version, refer to SecurityCenter Hardware Requirements in the
SecurityCenter User Guide.
Disk
Version Hosts Managed CPU Cores Memory
Space
Tenable Core + Secur- 2,500 active IPs 4 2GHz cores 8 GB RAM 180
ityCenter 5.x days:
250
GB
Disk
Version Hosts Managed CPU Cores Memory
Space
Tenable Core + Secur- 2,500 active IPs 4 2GHz cores 8 GB RAM 180
ityCenter 5.x days:
450
GB
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Installation and Updates
You can download and install Tenable Core or update an existing version of Tenable Core.
Note: If you have internet access, updates occur automatically based on default or custom con-
figurations. You can also schedule manual updates. For more information on automatic and scheduled
updates, see Update Management.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Install Tenable Core for SecurityCenter
To install Tenable Core for SecurityCenter, you must first download the Tenable VMware Virtual
Machine image from the Tenable Downloads page.
The image is provided as a .ova file and is available for VMware Server, VMware Player, VMware ESX,
VMware Workstation, and VMware Fusion (http://vmware.com/) with the operating system and applic-
ations in a 64-bit version.
Note: You can install the .ova file without an internet connection.
Note: The suggested system requirements for hardware are 225 GB disk, 8 GB memory, and four 2 GHz
CPU cores. This may need to be increased based on system usage. For more information, see Secur-
ityCenter System Requirements in the SecurityCenter User Guide.
1. Navigate to the Tenable Core + SecurityCenter section of the Tenable Downloads page.
3. Once the download is complete, import the .ova into your environment.
5. Turn on the VMware image per the setup steps for your environment.
The boot process appears in the VM console dialogue box.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Update Tenable Core Offline
You can install updates to Tenable Core without an internet connection by obtaining the Tenable Core
Offline Update ISO file from the Internet and copying it to your Tenable Core machine.
1. Navigate to the Tenable Core Offline Update ISO section of the Tenable Downloads page.
Example:
Note: The target line may vary; however, the destination must be the following path:
/srv/tenablecore/offlineiso/tenable-offline-updates.iso
After the upload, updates are applied automatically at the configured time set on the Update Man-
agement page or on the next reboot. You can also manually install updates on the Software Updates
page.
Note: Once the ISO file is uploaded, no further action is needed. However, you can make subsequent
updates by replacing the existing ISO file if desired.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Manual Setup
For users that want to automate VM deployment using tools like Ansible, Puppet, Chef, etc., use the fol-
lowing scripts to complete the process manually.
Example
or
$ pkexec /usr/libexec/tenablecore/wizard/wizardadduser.sh
newadmin
suP3rsaF3p4ssw()rd
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Configure Static IP Addresses
Static IP addresses can only be configured after creating an admin user and configuring a DHCP con-
nection.
Note: An alternative connection can be made by going to the connection list and modifying it.
Device List
Enter the following to view the current device list.
Note: Make sure Wired connection 1 is selected from the list of available connections.
Add Connection
Enter the following to fetch the connection associated with that device.
Static Connection
Enter the following to configure a static connection.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
$ nmcli connection modify "$conn" connection.autoconnect yes ipv4.method
manual ipv4.addr "10.0.0.1/24" ipv4.dns "10.0.1.1, 10.0.1.2" ipv4.gateway
"10.0.0.254"
or
$ systemctl reboot
$ shutdown -r now
$ reboot
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Create a New Account
1. For the initial log in, administrative users must create an account.
l Password: admin
3. The Initial Account Setup screen will appear with a new window to create the new admin-
istrator. Enter the new user account information.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
4.
Note: The password must contain at least one capital letter, one numeric character, one non-
alphanumeric character, and must be at least 14 characters long.
5. A confirmation message will display. Click Finish Setup to complete the new account creation
and log out.
6. Click the Create Account button. A new screen with a new log in window will appear.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
7. Enter the newly created account information to log in to the system.
Caution: Select the Reuse my password for privileged tasks option at the bottom of the log in
screen to ensure access to all of the root administrative tasks. If this is not selected, some root
tasks will not work.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Increase Disk Space
Note: You can add disks by selecting disk instead of space on the current distribution in the Physical
Volumes section.
The Drives section on the right side of the screen displays the updated disk space.
1. On the Storage page, in the Volume Groups section, click the current volume.
3. Select the option to add the extra free space as a new physical volume.
1. On the Storage page, click the file system that contains the target partition /root.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
2. In the Logical Volumes section, click the file system that contains the target partition/root.
4. Move the slider to the right (increase) to reflect the new disk space size.
The file system /root file displays the increased disk space.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
SecurityCenter Configuration
After installing SecurityCenter on Tenable Core, you can navigate to the SecurityCenter interface and
configure the application.
Note: Public key infrastructure (PKI)-based client authentication for SecurityCenter is no longer con-
figured through Tenable Core. For more information, refer to Configuration Settings in the Secur-
ityCenter User Guide.
1. Click SecurityCenter.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
2. In the SECURITYCENTER INSTALLATION INFO: section, click the URL.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
System Layout for SecurityCenter
The system pages are divided into two sections, both of which can be accessed from the expanding left
panel. These are the Dashboard section, which displays a list of the systems running on the server,
and the server navigation pane, from which a user can navigate to all other server features (as listed
below).
l System
l System Log
l Networking
l Storage
l Accounts
l Services
l Diagnostic Reports
l SecurityCenter
l Terminal
l Update Management
l Backup/Restore
l Software Updates
l SSL/TLS Certificates
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Dashboard
The Dashboard displays a list of systems running on the server. The graph provides information for
CPU usage, memory usage, disk I/O, and network traffic. Click on the options above the graph to view
the corresponding data.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Add Server
Steps
1. In the far left navigation pane, click the Dashboard option. The Dashboard page displays.
2. Click the Add Server icon ( ) in the Server heading. A new window will display.
4. Click the color bar displayed to select the desired color to identify the added machine.
5. Click Add. A new window may display if the new machine requires authentication.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
6. Click Connect A new window will appear.
7. Enter the User name and Password for the new machine and click Log In. The window will close.
8. The new machine will be added to the list. If the new machine does not appear immediately,
refresh the screen.
Tip: Accounts can be synchronized using the Synchronize Account and Passwords link in the authen-
tication credentials window in step five.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Edit Server
The server name and color designation can be edited. To edit the displayed server information:
Steps
1. In the far left navigation page, click the Dashboard option. The Dashboard page displays.
2. Click the edit server icon in the Server header. Two new icons will display to the right of the lis-
ted servers.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
4. Make the desired edits and click Set.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Delete Server
Steps
1. In the left navigation pane, click the Dashboard option. The Dashboard page displays.
2. Click the check icon in the Server heading. Two new icons will display to the right of the listed
servers.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
System
The System page provides information and graphs about the system on which the machine is running.
Graphs provide information for the CPU usage, memory usage, disk I/O, and network traffic. In addi-
tion, information for hardware and operating system details are displayed.
Users can view machine SSH fingerprints, view and change the machine host name, time and time
zone, restart or shutdown the system, or change the performance profile.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Edit Machine Host Name
Steps
1. In the left navigation pane, click the System option. The System page displays.
2. Click the link next to the Host Name option in the information list that is left of the graph charts.
A new window will appear with the options to enter/edit the Pretty Host Name and Real Host
Name.
3. Enter the Pretty Host Name for the machine. The Real Host Name will update as the Pretty
Host Name is entered.
4. Click Change to update the name. The new name will be displayed next to the Hostname option.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Edit Time and Time Zone
Steps
1. In the left navigation pane, click the System option. The System page displays
2. Click the link next to the System Time option in the information list that is left of the graph
charts. A new window will appear.
3. Select the correct time zone from the Time Zone drop down list.
Tip: Type the first few letters of the desired time zone to filter the list.
4. Next, select the Set Time option for Automatic or Manual updates.
5. Click Change to confirm the updated time settings. The updated time information will be dis-
played next to the System Time option.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Restart
Steps
1. In the left navigation pane, click the System option. The System page displays.
2. Next to the Power Optionsitem, click the Restart button or select it from the drop down menu.
A new window will appear.
4. Select the delay time from the drop down menu. This is the time that the restart will start.
Choose from one of the minute increments or enter a specific time. There is also an option to
restart immediately with no delay.
5. Click the Restart button to initiate and save the updated information.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Shutdown
Steps
1. In the left navigation pane, click the System option. The System page displays.
2. Next to the Power Optionsitem, click the arrow by Restart to display the drop down menu.
Select Shut Down. A new window will appear.
4. Select the delay time from the drop down menu. This is the time that the shut down will start.
Choose from one of the minute increments or enter a specific time. There is also an option to
Shut Down immediately with no delay.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Change Performance Profile
Steps
1. In the left navigation pane, click the System option. The System page displays.
2. Click on the link next to the Performance Profile option in the information list that is left of the
graph charts. A new window will appear displaying Performance Profile options.
3. Select the desired Performance Profile. The recommended profile is labeled in the list.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
System Log
View the System Log when errors are encountered in the system. The System Log lists, categorizes,
and stores system issues that have occurred within the last seven days. Click on an individual entry
(row) to get additional information.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Filters
Several log type filters are available. The Everything option is selected by default. Select another
option using the drop down menu at the top of the page. The logs are listed with the most recent entry
displayed first. Previous days are divided into sections with the corresponding date displayed in the
header.
The logs can be filtered using the drop down menu. Click on the date to display the filter options for
the logs.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Networking
The Networking page provides real-time system sending/receiving information, interface connection
options, and logs. The Interfaces section provides options for Add Bond, Add Bridge, Add Team,
and Add VLAN. The Add Bond option provides a method for aggregating multiple network interfaces
into a single bonded interface. Configure team settings with the Add Team option. Use the Add
Bridge feature to create a single aggregate network from multiple communication networks. The Net-
working Logs section provides a daily log of activity for the system network.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Add Bond
Steps
1. In the left navigation pane, click the Networking option. The Networking page displays.
2. In the Interfaces heading, click the Add Bond button on the Interfaces section. A new window
appears.
7. Select a Primary.
8. Select the type of Link Monitoring. The recommended type is labeled in the drop down list.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
9. Enter the Monitoring Intervals with options to link up or down delay increments.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Add Team
Steps
1. In the left navigation pane, click the Networking option. The Networking page displays.
2. In the Interfaces heading, click the Add Team button on the Interfaces section. A new window
will appear.
5. Select the Runner and Link Watch from the drop down list.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Add Bridge
Steps
1. In the left navigation pane, click the Networking option. The Networking page displays.
2. In the Interfaces heading, click the Add Bridge button on the Interfaces section. A new window
will appear.
5. Click the box next to Spanning Tree Protocol (STP) to get additional STP options.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Add VLAN
Steps
1. Click the Add VLAN button on the Interfaces section. A new window will appear.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Storage
The Storage section provides real-time reading/writing graphs, File Systems information, and Stor-
age logs. The File Systems section lists each item noting the name, mount point, and size. Additional
details can be viewed by clicking on individual file systems (rows). The detailed view provides inform-
ation for capacity, logical volumes, and correlating file storage logs. The file system name can be
updated on the details page. In addition, single file systems can be deleted.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Rename File System
Steps
1. In the left navigation pane, click the Storage option. The Storage page displays.
2. In the File Systems section, click on the individual file in the file systems list. The details page
will appear.
3. Click the Rename button in the upper right section of the window. A new window will appear.
5. Click Create. The new name will immediately display on the page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Delete File System
Steps
1. In the left navigation pane, click the Storage option. The Storage page displays.
2. In the File System section, click the individual file in the files systems list. The details page will
appear.
5.
Caution: Deleting a volume group will erase all data on it.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Accounts
New and existing users are managed through the Accounts section. User accounts are displayed in
cards on the main screen. Click on the user card to display the user's information. User information
can also be edited within the user information box.
Create User
Edit User
Change Password
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Create User
Steps
1. In the left navigation pane, click on Accounts. The Accounts page displays.
2. Click the Create New User button at the top of the page. A new window will appear.
5. A card with the newly created user will appear on the Accounts page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Edit User
Click the User's card to access the user's information. The user's name, role, access and password can
be edited on this page. User sessions can be terminated using the Terminate Session button at the
top of the page. In addition, a user can be deleted by clicking the Delete button at the top of the page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Change Password
Steps
1. In the left navigation pane, click on Accounts.
4. Enter the required information in the fields - old password, new password, and confirm new
password.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Services
The Services page provides detailed information for Targets, System Services, Sockets, Timers, and
Paths. From this page, a user can stop, start, restart, or reload any installed web service by clicking the
service and selecting the desired option from the drop-down box.
Note: Restarting a service will completely stop and restart the service. Reloading a service will only
reload the service's configuration files.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Targets
The Targets section provides a list of enabled, disabled, and static targets. Click on individual target
listing to view detailed information. The detailed listing provides options to start, stop, restart, and
reload. In addition, there are numerous options for enabling, disabling, and masking. A list of Service
Logs are, also, displayed on the details page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
System Services
The System Services section provides a list of enabled, disabled, and static services. Click on an indi-
vidual system services listing to view detailed information. The detailed listing provides options to
start, stop, restart, and reload. In addition, there are numerous options for enabling, disabling, and
masking. A list of Service Logs are, also, displayed on the details page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Sockets
The Sockets section provides a list of enabled, disabled, and static sockets. Click on an individual
socket listing to view detailed information. The detailed listing provides options to start, stop, restart,
and reload. In addition, there are numerous options for enabling, disabling, an masking. A list of Ser-
vice Logs are, also, displayed on the details page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Timers
The Timers section provides a list of enabled, disabled, and static sockets. Click on an individual timer
listing to view detailed information. The detailed listing provides options to start, stop, restart, and
reload. In addition, there are numerous options for enabling, disabling, an masking. A list of Service
Logs are, also, displayed on the details page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Create Timer
Steps
1. In the left navigation pane, click the Services option. The Services page displays.
2. In the Services page heading, click the Create Timers button. A new window appears.
4. Click Save. The new timer will display in the enabled section of the list.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Paths
The Paths section provides a list of enabled, disabled, and static paths. Click on an individual path list-
ing to view detailed information. The detailed listing provides options to start, stop, restart, and
reload. In addition, there are numerous options for enabling, disabling, an masking. A list of Service
Logs are, also, displayed on the details page.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Diagnostic Reports
Diagnostic Reports are helpful when issues are encountered. The Diagnostic Report can aid in
troubleshooting problems. If your support team or Tenable support requests a diagnostic report, click
the Diagnostic Report option in the left navigation pane. The Reports page displays.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Generate Report
Steps
1. Click the Create Report button.
2. A new window with a status bar will appear as the report generates.
4. Click the Download Report button to save and print the report.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
SecurityCenter
SecurityCenter is a comprehensive vulnerability analysis solution that provides complete visibility into
the security posture of your distributed and complex IT infrastructure. SecurityCenter consolidates and
evaluates vulnerability data from across your entire IT infrastructure, illustrates vulnerability trends
over time, and assesses risk with actionable context for effective remediation prioritization.
From the SecurityCenter page in Tenable Core, you can view log data and synchronize your ports to
Tenable Core's firewall.
Tip: From this page, you can also access the SecurityCenter interface and configure your instance of
SecurityCenter. Refer to SecurityCenter Configuration in the SecurityCenter User Guide for more
information.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
2. In the Ports (all IP addresses): field, enter all applicable ports, separating them with commas.
4. Click Change.
A success message appears briefly in the dialogue box. The dialogue box then closes.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Terminal
The Terminal option provides a console for user specific command line interface.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Backup/Restore
On the Backup/Restore page, a user can manually back up data for their application, configure auto-
matic data backups, or restore the data and application to another state.
Backup
Restore
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Backup
A user can back up an application and its data by either manually taking a backup for an application or
setting up an automatic backup schedule.
Note: You must configure remote storage prior to attempting a manual or automatic backup
because backups are stored in your remote storage. If you have not completed this process, a
prompt message displays at the top of the page.
l In the AVAILABLE MODULES: section, check the box next to the application.
Take a Backup
A user can manually take a backup of an application and its data as an alternative to setting an auto-
matic backup schedule or in between scheduled backups. To take a backup, click the Take Backup
Now button.
A BACKUP IN PROGRESS dialogue box appears and then disappears when the backup is complete.
- or -
Note: Eastern Time is the default time zone, and your scheduled backup will coincide with that unless
you Edit the Time and Time Zone.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
1. In the AUTOMATIC BACKUPS: section, click Edit.
Note: If both Day of week and Day of month are selected, the system will only perform updates
on days when those two items coincide (e.g., if Wednesday is selected for Day of week and 8 is
selected for Day of month, the system will only update on Wednesday's that fall on the 8th).
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
3. Click Save.
Note: If you click the link in the "Scheduled backups can be configured Here" message, you'll be
redirected to the Services page. From here, you can disable or re-enable automatic backups.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Restore
If a user needs to revert an application and its data to another state or migrate application data
between hosts, they can do so by restoring a backup.
Note: Port 8090 must be accessible from your computer to restore a backup.
Restore a Backup
3. Click Restore.
Caution: If the backup cannot be completed for some reason (e.g., the file is not a valid backup or
the server has connectivity issues), an error message appears with details about the failure. Fol-
low the instructions in the error message and click Retry.
If the restore is successfully initiated, a dialog box appears with the Uploading the archive
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
task displayed and a percentage indicating the upload progress.
Caution: The upload fails if you log out or close the browser window during the upload. You can
minimize the browser or navigate to a new tab without disrupting the upload.
Once the upload is complete, a green check mark appears next to Uploading the archive.
Check marks appear next to each remaining task in the back-end restoration process as they are
completed.
Note: Once the Uploading the archive task is complete, you can close the browser or log out
without disrupting the restore process. However, you will not receive any indication when the
restore process is complete if you do log out or close the browser window before the success
message appears.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Update Management
You can review information about your scheduled automatic updates, navigate to the Services page to
disable or enable automatic update settings, change the automatic update schedule, or configure a
proxy server you do not have internet access.
Note: You can also make updates without internet access. Refer to Update Tenable Core Offline for
more information.
Note: Additional updates are needed for systems using Tenable.io On-prem. For more information, see
Manage Updates in the Tenable.io On-prem User Guide.
2. From the drop-down box next to the service, select the desired settings.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Change Automatic Update Schedule
1. In the AUTOMATIC UPDATES: section in the Timer Config Line, click Edit.
The EDIT TIMER CONFIGURATION dialogue box appears.
Note: Eastern Time is the default time zone, and your scheduled backup will coincide with that
unless you Edit the Time and Time Zone.
Note: If both Day of week and Day of month are selected, the system will only perform updates
on days when those two items coincide (e.g., if Wednesday is selected for Day of week and 8 is
selected for Day of month, the system will only update on Wednesday's that fall on the 8th).
3. Click Save.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
2. Click Save Proxy.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Software Updates
The Software Updates page provides information for necessary system updates. Click the Check for
Updates button to scan the system for uninstalled updates.
If updates are found, an Install all updates button will appear at the top of the page. Click the button
to install the updates.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
machine for the updates to take effect.
l kernel
l glibc
l linux-firmware
l systemd
l udev
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
SSL/TLS Security Certificates
From the SSL/TLS Security Certificates page, the user can manage their Server and Trusted Certificate
Authority certificates.
Server Certificate
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Server Certificate
When a user initially signs in to Tenable Core, a default self-signed security certificate is installed. This
default certificate is an auto-generated placeholder for the custom certificate; it is not signed by a
recognized certificate authority and, if not updated with a valid certificate, will cause security warnings
to display in the browser.
Replacing this certificate with a custom certificate allows the user to access Tenable Core securely
without receiving error messages. A user can also replace these custom certificates as needed or
remove the custom certificate entirely, which will then be replaced with a new self-signed auto-gen-
erated certificate.
l Make sure you have the custom security certificate and server key from your organization (.DER,
.PEM, or .CRT are all accepted file extensions).
l Make sure you're in the left navigation pane for the appropriate server.
Note: The left navigation pane will list system pages vertically. Click the host navigation
button in the expanding panel to navigate to the left navigation pane from another section.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
4. Select the custom certificate.
7. Click Install Server Certificates. A success message displays letting you know the upload was
successful.
8. From the Services page, restart the Cockpit web service to enable the new certificate.
Note: By default, the custom certificate will apply to all supported Tenable applications you have
installed. To override this setting, click the product tab (e.g., Nessus) and uncheck the Reuse System
Certificate box.
Note: You can replace your custom certificate or server key with a new one by uploading a new file,
which will override the existing file.
- or -
4. Click Reset in the CONFIRM RESET window. A success message displays letting you know the
reset was successful.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
Trusted Certificate Authority Certificates
Caution: You need to add a Trusted Certificate Authority certificate only when using the SSL/TLS Cer-
tificates to authenticate to Nessus, Nessus Network Monitor, or SecurityCenter or when authenticating
SecurityCenter to its Nessus scanners.
l Make sure you have the Trusted Certificate Authority certificate (.DER, .PEM, or .CRT are all accep-
ted file extensions).
l Make sure you're in the left navigation pane for the appropriate server.
Note: The left navigation pane will list system pages vertically. Click the host navigation
button in the expanding panel to navigate to the left navigation pane from another section.
2. On the System Certificate tab, navigate to the TRUSTED CERTIFICATE AUTHORITIES: section.
3. Under Add Certificate Authority:, find the Certificate: field and click Choose File.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.
4. Select the certificate.
5. Click Install Certificate Authority. A success message displays letting you know the upload was
successful.
Note: You can upload as many Trusted Certificate Authority certificates as needed. To remove a pre-
viously uploaded certificate, you must select the certificate and click the Delete button.
Copyright © 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are
registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.