Tenable Blog

This entry concerns more information and analysis of output from the "Never Before Seen" TASL script for the Log Correlation Engine (LCE). We've had the script running at several customer locations and have had interesting data to discuss which helps show the script's usefulness. This blog entry discusses analyzing the results from IntruShield IPS events as well as overall "never before seen" event trending.

Tenable Network Security has released version 3.0 of the Passive Vulnerability Scanner (PVS). This version supports realtime vulnerability alerting, enables monitoring of corporate networks for data leakage and completes the re-branding from "NeVO".

Tenable recently increased the flexibility of performing configuration assessments of Windows  access control lists (ACLs) with the Nessus compliance checks.

Previously, an ACL policy could only be built with exact understanding if it were "inherited" or "not inherited". For large numbers of checks, it might not make any difference if an ACL were inherited from someplace else or not, just that the actual ACL was correct.

A useful event to know about on any network is when something new happens on a given server for the first time. This is a very simple concept and extremely useful.

Regardless if your event logs are from UNIX systems, router access control violations, wireless access DHCP logs, intrusion detection systems or so on, after a certain period of time, the same events tend to repeat themselves. This is because most of our networks run controlled and automated processes.

Tenable recently added a credentialed Windows check (Nessus ID #23910) to find systems that have been infected by certain viruses. The check considers the contents of the file: