Section outline

  • Step-by-step instructions for enabling and configuring the LevelBlue Vulnerability Scanner powered by Tenable

    Each section contains a time stamp corresponding to the video above. 

    • Students must
      Mark as done

      Configure and Enable Tenable

      [00:00 - 00:53]

      These steps allow you to create credentials and log in to Tenable cloud account. Following these steps will also connect your USM Anywhere sensor to the tenable cloud. 

      1. Navigate to Data Sources and open the Available BlueApps tab.
      2. Search for Tenable, and then select LevelBlue Vulnerability Scanner Powered by Tenable.
      3. Click Configure API.
      4. Enter the email address that will receive the Tenable cloud login credentials.
        1. Note: This email will not be the email you use to log into the Tenable cloud. The username and password for the Tenable cloud will be auto-generated.
      5. Select the region where the tenable data will be stored.
      6. Click Save.
        1. This will send the credentials to the email address specified.
        2. This will connect your sensor to your new Tenable Cloud account.
      7. Once the configuration is complete, you will receive an email confirmation
        1. Note: If you do not you can choose Actions tab and run the Resend Confirmation Email action. The history tab will show if the resend was successful.
      8. Open the email and use the credentials supplied to log into the Tenable Cloud
    • Students must
      Mark as done

      View Cloud Scanners

      [00:54 - 01:16]

      These steps show how to view the pre-deployed cloud scanners that can be used to scan public facing assets. 

      1. Log into the Tenable Cloud
      2. Under Your Tenable Products you can open Vulnerability Management
        1. Note: The Tenable Cloud has the capability to perform other security scans. These are displayed under Enhance Your Security Program. The license provided by LevelBlue doesn’t not include these products.
      3. Open Vulnerability Management
      4. Click on Tools > Manage Sensors
        1. Note: This does not refer to USM Anywhere sensors. It refers to Nessus vulnerability scanners.
      5. Under Cloud Scanners you can see a list of available cloud scanner. These can be used to scan public facing assets. You will have to allow the cloud scanner IPs connect to your public asset over SSH or WinRM. 
    • Students must
      Mark as done

      Deploy a Local Scanner

      [01:16 - 02:00] 

      These steps are the quickest method for deploying a local scanner. 

      1. Click on Linked Scanners > Add Nessus Scanners.
      2. Copy the installer script for your operating system.
        1. Note: The API key to link scanner you’re going to deploy to your cloud account is embedded in the script. An alternative method is to deploy the scanner and link it manually afterwards.
      3. Ensure your chose machine meets the system requirements.
      4. Run the copied command in your chosen operating system.
      5. At the end of the command you may see instructions for logging onto the local scanners web interface. This isn’t required, however if you would like to create a user to login you may do so. 
      6. Return to the Tenable Cloud and verify that the new, local scanner is visible
    • Students must
      Mark as done

      Download Latest Vulnerability Plugins

      [02:00 - 02:20] 

      These steps show how to download the latest vulnerability plugins for the Nessus scanner. Typically these are downloaded on a schedule.

      1. Click on Linked Scanners.
      2. Click on your new scanner, typically called scanner-name.
      3. Click More > Update Plugins.
        1. This typically takes a few minutes.
      4. You can see the current Plugin set, and when it was last updated under Plugins.
        1. Note: You may change the scanner name to something more useful by clicking on the pencil icon beside the name. 
    • Students must
      Mark as done

      Choosing the Scanner in USM Anywhere

      [02:20 - 02:38]

      These steps show how to choose a default scan type and scanner in USM Anywhere. 

      1. Returning to USM Anywhere open the LevelBlue Vulnerability Scanner Powered by Tenable Advanced BlueApp.
      2. Select the Scanner Settings tab.
      3. Choose the Scan Type from the drop-down.
      4. In the video the Basic Network Scan is chosen. This performs a full system scan that is suitable for any host. Use this to scan an asset or assets with all of Nessus's plugins enabled.
      5. Choose the local scanner you’ve deployed from the Scanner drop-down.
    • Students must
      Mark as done

      Launching an Authenticated Vulnerability Scan from USM Anywhere

      [02:38 - 04:00]

      These steps show how to assign credentials and launch a scan.

      1. In order to log into a local asset a scan it the local scanner you deployed needs to be able to access the SSH (22) and WinRM (5985) ports on your assets. 
      2. For Unix based Operating systems the Secure Shell (SSH) service needs to be configured and running. 
      3. For Windows Operating systems the Windows Remote Management (WinRM) service needs to be configured and running. 
      4. Create and assign credentials to the asset or asset group you want to scan.
      5. Open the asset or asset group you want to scan.
      6. Select Actions > Authenticated Scan to start the scan.
      7. You can view the progress of the scan in the Scan History tab.
      8. Once complete you can view the detected vulnerabilities.