Overview of all medium to critical risks for Win20xx

Get an overview of all medium to critical risks for Windows 2008 / 2012: Windows 2008: sourcetype=”tenable:sc:vuln” cpe:/o:microsoft:windows_server_2008  | table ip, netbiosName, dnsName, severity.name, pluginName, solution, description | join ip type=inner max=0 | sort by severity.name | chart count by severity.name Windows 2012: sourcetype=”tenable:sc:vuln” cpe:/o:microsoft:windows_server_2012  | table ip, netbiosName, dnsName, severity.name, pluginName, solution, description | […]

Continue Reading →

SSL certificates about to expire

The query below will give an overview of all certificates about to expire (within 60 days)  sourcetype=”tenable:sc:vuln” synopsis=”The SSL certificate associated with the remote service will expire soon.” | dedup ip | lookup dnslookup clientip as ip | chart count by ip,clienthost

Continue Reading →

Current Vulnerability Summary by Severity (tenable)

Having Tenable Security Center connected via the splunk plugin, this search gives an overview of all vulnerabilties, summarized by severity. sourcetype=”tenable:sc:vuln” severity.name=* | chart count over severity.name by ip Add the following to your dashboard source to add consistent colors to the pie chart: <option name=”charting.fieldColors”>{“Critical”:0x800000,”High”:0xFF0000,”Medium”:0xFFA500,”Low”:0x008000,”Info”:0x0000FF}</option>  

Continue Reading →