...

Tenable SecurityCenter is an enterprise vulnerability management tool that UCI has purchased to expand our vulnerability management initiative campus-wide. SecurityCenter is being offered as a self-service tool that systems administrators, management and business owners can use to track the vulnerability status of their systems as well as track the mitigation progress.

...

Please be sure to list any IP/Networks you or your group are responsible for so they can be added to the system for vulnerability scanning.

Training Video

UCI Tenable SecurityCenter Training Video

Basic Usage

Accessing The Web Console

...

If you wish to take a deeper look at a certain item on a dashboard you can do so by simply clicking on the "Browse Component Data" arrow in the upper right of the table in the dashboard. This will take you to the "Vulnerability Analysis" screen with filter's filters pre-selected as they display on the dashboard screen. 

...

Creating Queries

Once you have used filter's filters to narrow down your search criteria you can save these settings into a query so that it can be used for future searches. From the screen that you have all the filters set on navigate to "Options" in the upper right hand corner and choose "Save Query" from the drop down menu. You will be prompted to enter a name for your query and once saved this query can be located in the menu bar from "Analysis" -> "Queries".

...

As part of an OIT Security Team initiative in late 2015 we are running weekly vulnerability scans of the campus systems that are open through our campus border firewall, meaning they are accessible from the world. Since these particular systems have high visibility they could potentially be at a higher risk for exploitation. As such we have made it easy for users of SecurityCenter to narrow down their vulnerability search criteria to just these systems in order to quickly address any vulnerabilities on these systems. This is a query that we have already created for you. To load this query simply navigate to the "Vulnerability Analysis" screen and expand out the "Filters" section. Choose "Load Query" from the bottom of the filter's filters and select "Systems Open at Campus Border (World Reachable)" from the list. This will display only the systems that belong to your group that are world reachable. 

...

If you are unable to remediate a vulnerability but there are other measures in place to lower the risk, you can choose to click the "Recast Risk" button from the vulnerability detailed screen. This will pop out a new screen where you can change the vulnerability to a new severity level and add a comment regarding why you are changing the severity level. You can then choose to apply this to one or multiple hosts with that vulnerability. Once you recast this risk it will be re-classified on reports and placed in a repository of recast risks with the name of the user who submitted itcan submit a request in ServiceNow to recast the risk or email your request to security-vmp@uci.edu. 

Recast Risk Example: A high vulnerability is found on a system regarding FTP, however to get into that system you have to use VPN and multi-factor authentication and the system only allows users with appropriate access into the system. There are several layers of protection here that would make it very difficult to exploit. Therefore you might can submit a request in ServiceNow to recast the risk from a "high" to a "medium".  

Basic Reporting

...