3d tool examples
DESCRIPTION
3D Tool Examples. Dave Breslin (@ Tenable Discussions Forum). Tenable Documentation. 3D Tool 2.0 User Guide 3D Tool 2.0 Quick Start Guide. Topology. Topology derived from Nessus traceroute data Consider creating a user in SecurityCenter just for use with the 3D Tool - PowerPoint PPT PresentationTRANSCRIPT
3D Tool Examples
Dave Breslin (@ Tenable Discussions Forum)
Tenable Documentation3D Tool 2.0 User Guide3D Tool 2.0 Quick Start Guide
TopologyTopology derived from Nessus traceroute dataConsider creating a user in SecurityCenter just for use
with the 3D ToolFilter a SecurityCenter traceroute query by address to
control the areas of your network to render
Nessus Traceroute Plugin 10287
SC Host Query
IP Topology Configuration
(Create a login first, see 3D Tool 2.0 Quick Start Guide->Step 4)
Topology Rendering for Host
Network Topology Rendering
(Use another SecurityCenter 10287 query not filtered on a single host)
Internet Facing ServicesUse 3D Tool “Modifiers” to highlight Internet facing
servicesHosts will have raised bars representing counts for
Internet facing servicesIts important to understand where host services are
exposed to the Internet when prioritizing vulnerabilitiesUse PVS plugin 14, “Accepts External Connections”Use existing network topology demonstrated in previous
slide
PVS Plugin 14
SC Plugin 14 Query
Modifier (PVS Plugin 14)
(3D Tool 2.0 User Guide -> Modifiers -> Count List)
Ensure to use “Total Vulns” from the Internet Facing Services SecurityCenter Query
Internet Browsing ServicesUse a “Count List” Modifier like the previous Internet
Facing Services exampleHosts will have raised bars representing counts for
services they connect to on the InternetIts important to understand where hosts reach out to the
Internet when prioritizing “client” vulnerabilitiesClient vulnerabilities are detected by PVS and Nessus
when using credentialed scansUse PVS plugin 16, “Outbound external connection”
PVS Plugin 16
Port 21 FTP ConnectionsUse a “Connections List” ModifierShow connection line for hosts that connect to port 21Dark shaded side of a connection line will highlight a host
that makes a connection to port 21White shaded side of a connection line will highlight a
host that provides a service on port 21Its important to understand on a network where services
are provided and usedUse PVS plugin 3, “Internal client trusted connection”
PVS Plugin 3
SC Query FTP Connections
Modifier (PVS Plugin 3)
(3D Tool 2.0 User Guide -> Modifiers -> Connections List)
Nessus Versus PVS VulnsUse two “Count List” ModifiersHosts will have bars on top of them representing Nessus
vulnerability countsHosts will have bars below them representing PVS
vulnerability countsIts important to look for potential gaps in coverageNessus gaps might be caused by unscanned service ports,
infrequent host scanning or lack of credentialed scanningPVS gaps might be caused by configuration errors,
network visibility issues or poor operations management
SC Vuln Queries
Consider filtering out info and low severity rated vulnerabilities
Modifiers (Vulnerability Counts)
(3D Tool 2.0 User Guide -> Modifiers -> Count List)
Ensure to use “Total Vulns” from both queries
