Want to view the Tenable Current Vulnerabilities? But you have tenable.io? Then this is for you: index=* sourcetype=”tenable:io:vuln” severity!=informational | chart count over severity by ip
Overview of all medium to critical risks for Win20xx
Get an overview of all medium to critical risks for Windows 2008 / 2012: Windows 2008: sourcetype=”tenable:sc:vuln” cpe:/o:microsoft:windows_server_2008 | table ip, netbiosName, dnsName, severity.name, pluginName, solution, description | join ip type=inner max=0 [ search index=main sourcetype=”tenable:sc:vuln” baseScore>3 | table ip, netbiosName, dnsName, severity.name, pluginName, solution, description ] | sort by severity.name | chart count by […]
Overview SMB Shares with unprivileged access (tenable)
This search will give an overview of all SMB shares with unprivilged access. sourcetype=”tenable:sc:vuln” pluginID=42411 | table ip dnsName pluginText | rename “pluginText” as “Shares enabled” | rename “dnsName” as “DNS Name” | rename “ip” as “IP address”
SSL certificates about to expire
The query below will give an overview of all certificates about to expire (within 60 days) sourcetype=”tenable:sc:vuln” synopsis=”The SSL certificate associated with the remote service will expire soon.” | dedup ip | lookup dnslookup clientip as ip | chart count by ip,clienthost
SSL Certificates expired
The query below will give an overview of all hosts running expired certificates: sourcetype=”tenable:sc:vuln” synopsis=”The remote server’s SSL certificate has already expired.” | dedup ip | chart count by ip
Top 10 most vulnerable systems (Tenable)
Get an overview of the 10 most vulnerable systems in your network sourcetype=”tenable:sc:vuln” baseScore > 3 | dedup cve ip | stats count by ip, riskFactor | sort 10-count | lookup dnslookup clientip as ip | chart sum(count) by clienthost
Top exploitable vulnerabilities (tenable)
To see the top of exploitable vulnarabilities from the Tenable Security Center: sourcetype=”tenable:sc:vuln” exploitAvailable=”yes” | chart count over pluginName by riskFactor
Overall CVSS score (tenable)
Tenable uses the CVSS scoring method for detected vulnerabilities. To have an overall CVSS, use the following query: sourcetype=”tenable:sc:vuln” ip=* |stats mean(baseScore) as base | eval base = round(base,2)
Current Vulnerability Summary by Severity (tenable)
Having Tenable Security Center connected via the splunk plugin, this search gives an overview of all vulnerabilties, summarized by severity. sourcetype=”tenable:sc:vuln” severity.name=* | chart count over severity.name by ip Add the following to your dashboard source to add consistent colors to the pie chart: <option name=”charting.fieldColors”>{“Critical”:0x800000,”High”:0xFF0000,”Medium”:0xFFA500,”Low”:0x008000,”Info”:0x0000FF}</option>
