Tenable Appliance 4.5 User Guide LastUpdated: May09, 2017 Table of Contents Tenable Appliance 4.5 User Guide 1 Welcome to Tenable Appliance 6 System Requirements and Installation 8 Tenable VM Appliance Installation 9 VM Image Prerequisites 10 Security Considerations 12 Obtaining the Tenable VMware Virtual Machine Image 13 Obtaining the Hyper-V Virtual Machine Image 15 VM Upgrade Compatability 17 Tenable Hardware Appliance Installation 19 Prerequisites 20 Unpacking the Box 21 Rack Mount Instructions 22 Hardware Specifications 23 Hardware Features 24 Network Connections and Initialization 25 Configuration and Operations 27 Set Admin Password 30 Configuration/Operations Tab 32 Appliance Tab 34 Troubleshooting 36 Appliance Interface 39 Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelationEngineare registeredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Console Menu 40 Appliance Tab 41 Administration Tab 43 Updates 44 System 46 Restart/Shut Down 47 Configure Clock Settings 48 Configure SNMP Agent Strings 50 System Log Forwarding 51 Web Interface 52 Appliance Management Interface Users 54 Recovery Code Link 55 Configure Response Headers 57 Configure Website SSL Certificate 58 Generate Certificate Signing Request 59 Logout Redirection URL 60 Restrict Console Operations 61 Reinstall Appliance (Hardware Appliance Only) 62 Backup Appliance 63 Standalone Application Import 67 Restore from File 68 Networking Tab 69 Configure Networking 71 Configure Hostname 72 Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelationEngineare registeredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Interfaces 73 VLANs (Configure/Export) 75 Add VLAN 76 Parent Interface 78 Bulk Import/Configuration 80 Applications Tab 82 Enabling Applications 84 The SecurityCenter Application 85 Enable SecurityCenter 87 Current Disk Capacity 89 Manage SecurityCenter 90 Plugin Management 91 Web Server Listening Configuration 93 Web Server Security 94 Web Server Authentication 95 Certificate Authority Management 96 SSH User Access 97 The Nessus Application 98 Enable the Nessus Application 100 Manage Nessus 101 Additional Nessus Actions 102 Edit Nessus Users 103 Certificate Management 104 Web Server Authentication 105 Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelationEngineare registeredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Nessus Rules (nesusd.rules) 106 The LCE Application 107 LCE Clients 108 The PVS Application 110 Manage PVS 112 PVS Monitoring Configuration 113 Certificate Management 114 Web Server Authentication 115 Using Nessus, SecurityCenter, and PVS 116 Logs Tab 117 Support Tab 119 Additional Resources 122 Virtual Image Migration 123 Hardware Migration 127 Expand Virtual Disk - VMware 137 Expand Virtual Disk - Hyper-V 138 Related Third-Party and Open-Source Licenses 140 Notice and Permissions 141 Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelationEngineare registeredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Welcome to Tenable Appliance Thisdocumentdescribestheinstallation andoperation oftheTenable Appliance. TheTenableAppli- anceisabrowser-managedapplication thathostsvariousTenableenterpriseapplicationsincluding Nessus, SecurityCenter (SC), andthePassiveVulnerabilityScanner (PVS). A link isprovidedfor theLog Correlation Engine(LCE) application, which willbeavailablein afuturerelease. TheTenableApplianceisavailableaseither aVirtualMachinedownloador asaphysicalHardware Appliance. Thefunctionalityisnearlyidenticalfor both, buttherearesomedifferencesin theinstall- ation. Applicationsareavailablefor installation on an as-neededbasison theApplianceandmaybe enabledor disabledconvenientlyunder oneplatform. Pleaseemailanycommentsandsuggestionsto [email protected]. Abbreviations Thefollowing abbreviationsareusedthroughoutthisdocumentation: l LCE -Log Correlation Engine l PVS -PassiveVulnerabilityScanner l SC -SecurityCenter l VM -VirtualMachine l SSL -SecureSocketsLayer Tenable Appliance Platform TheTenableApplianceVM isavailablefor Microsoft’sHyperV® platform, VMware® Server, VMware® Player™, VMware® ESX®, VMware® Workstation™, andVMwareFusion® (http://vmware.com/) and maybedownloadedfromtheTenableSupportPortallocatedathttps://support.tenable.com/. The TenableApplianceisalso availableasSeries100, 200, or 300hardwaremodels, which can beobtained bycontacting [email protected]. Skill Requirements ItisrecommendedthattheTenableAppliancebeconfiguredbypersonnelfamiliar with theNessusvul- nerabilityscanner, TenableEnterpriseSolutions(SC, LCE, andPVS), andtheorganization’ssecurity Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelation -6- EngineareregisteredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. policiesandprocedures. Iftraining isrequiredfor Nessusor TenableEnterpriseSolutions, pleasevisit: http://tenable.com/training/. Tip: Some generalknowledge of the VirtualMachine (VM) platform beingusedandnetworkcon- figurationis required. Note: Hardware Appliance willnotbe soldafter3/31/2017.However,service willcontinue tobe providedthroughthe durationof yourcontract. Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelation -7- EngineareregisteredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. System Requirements and Installation TheTenableAppliancecan beinstalledusing avirtualmachineor hardware. Beforeinstalling, make surethatalloftheprerequisiteshavebeen met. Click on thecorresponding linksbelow for theTen- ableHardwareApplianceor TenableVirtualApplianceinstallation requirementsandprocedures. Hardware Appliance Virtual Appliance Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelation -8- EngineareregisteredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Tenable VM Appliance Installation Thissection describestheinstallation stepsfor theTenableVM Appliance. VM Image Prerequisites Security Considerations Obtaining the Tenable VMware Virtual Machine Image Obtaining the Tenable Hyper-V Virtual Machine Image VM Upgrade Compatibility Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelation -9- EngineareregisteredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. VM Image Prerequisites Beforebeginning installation, pleasebesureto haveahostsystemwith thefollowing resourcesavail- able: A systemwith theabilityto run aVM imageandatleast8GBofassignedmemory. l Tip: The neededassignedmemory fora VM image willvary dependingonthe Tenable applic- ations enabled.Please refertothe installationdocumentationforthe individualapplications for memory recommendations andadjustthe VM memory settingas appropriate. Atleast200GBoffreedisk spaceto accommodatethebaseVM imagefor thestandardappliance l or 50GBfor thelightappliance. Ifyou chooseto increasetheVM disk size, ensuretheextraspace isavailableon theVM hostsystem. l Tip: The defaultdisksize cannotbe decreased.Additionally,the neededassigneddiskspace for a VM image willvary dependingonthe Tenable applications enabled.Refertothe installationdoc- umentationforindividualapplications fordiskspace recommendations andadjustthe VM disk space available toHardDisk2 of the Appliance VM image as appropriate.More informationon expandingthe diskspace is available here. A systemwith theabilityto run aVM imagewith atleast4CPUsassigned. l Tip: VM ESX hotplugsupporthas beenadded,allowingusers toallocate additionalresources like CPUs andmemory tothe Appliance VM withouthavingtoreboot. AtleastoneIP addressfor theAppliance. Bydefault, theVM Appliancewillobtain an IP address l fromaDHCP server, ifoneisavailable. Otherwise, afixedaddress, netmask, andoptionalgate- waymaybeassignedduring theinstallation process. IfthereisaDHCP server available, buta staticIP addressisto beassigned, thismaybesetduring theconfiguration process. Using mul- tipleaddressesallowsfor multi-homing theApplianceon differentnetwork segmentsto cut down on thenetwork load. Tip: As withany security managementdevice,a static IPaddress (assignedmanually orvia DHCP) is recommendedforuse onthe Appliance networkinterfaces. Along with theIP address, thefollowing valuesmustbeconfiguredfor theTenableVM Applianceto be network accessible: Thenetwork subnetmask for theAppliance. l TheIP addressoftheDefaultGatewayfor theAppliance(ifapplicable). l Copyright©2017.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurity,Nessus,SecurityCenterContinuousView,PassiveVulnerabilityScanner,andLogCorrelation -10- EngineareregisteredtrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners.