FireMon Asset Manager
Page tree

Versions Compared

Old Version 19

changes.mady.by.user user-05670

Saved on

compared with

New Version 20

changes.mady.by.user Dong Pak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Tenable.sc and Tenable.io integrations tell you which hosts on your enterprise network are either undefended by Tenable or unknown to LumetaAsset Manager. By comparing LumetaAsset Manager's comprehensive index of all your network devices against that subset of network devices managed by Tenable, you can generate a list of network hosts that are not managed in by Tenable and then push that information to an asset group on Tenable. What's pulled from Tenable to Lumeta Asset Manager is only what you request, and not an exhaustive collection of all the device details and attributes that Tenable manages. This enables Lumeta Asset Manager to scan the network device attributes of value to you, and not all the rest.

How Does It Work?

  1. Lumeta Asset Manager queries Tenable and retrieves its inventory of devices under management. This data feed is stored on LumetaAsset Manager's database in the tenable_managed_hosts tabletheir respective tables
     
  2. Lumeta Asset Manager correlates this inventory against its own authoritative index of IP address space.

  3. Lumeta Asset Manager data is also pushed to Tenable and stored in an asset group. 

  4. Lumeta Asset Manager highlights the commonalities and differences into views:
    1. LumetaAsset Manager-only IPs: IP addresses Lumeta Asset Manager knows about, but are unmanaged by Tenable
    2. Tenable-only IPs: IP addresses Tenable knows about, but are unknown to Lumeta Asset Manager (e.g., if Lumeta Asset Manager does not have access to a network or an off-network device, but Tenable is still aware of the client agent)
    3. Tenable- & LumetaAsset Manager-Managed IPs: IP addresses both Lumeta Asset Manager and Tenable know about.

    In reviewing the data on the Lumeta Asset Manager dashboard, users can view Device Details. If the user selects Endpoint Context/Action, it will redirect to the Tenable UI where the user can take action to restart, remove, sync, or isolate an endpoint.

This information is available in Lumeta Asset Manager via the Tenable.sc Management Dashboard dashboard and Tenable.io Dashboard

...

Configure the Tenable feed as follows:

  1. On LumetaAsset Manager's main menu, browse to Settings > Integrations > Other Solutions > Tenable.sc or Tenable.io.

  2. Enable the threat feed by toggling the slider to On.

  3. Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily, input 12 to poll twice a day, and so on. The minimum polling interval is 1 hour. 

  4. Input the IP address of your Tenable server.

  5. Input your customer Username.

    Tenable.scTenable.io

    Image Modified

    Image Modified




  6. Click Submit
    The feed of data from Tenable SecurityCenter to Lumeta Asset Manager is configured. If you see the messages "Configuration saved" and "Product configured properly," then all is well. 

In the Tenable SecurityCenter

To confirm that LumetaAsset Manager-discovered data has been pushed to Tenable SecurityCenter . . .

  1. Log in to the Tenable server using the same credentials you used to configure the integration in LumetaAsset Manager


  2. On the SecurityCenter main menu, click Assets.
     

  3. This is the Lumeta Asset Manager Asset List within Tenable SecurityCenter.


  4. To manually edit the static list of IPs that came from LumetaAsset Manager, click the Lumeta Asset Manager Asset List group. 



Disabling Session Management in Tenable SecurityCenter

...

  1. Log into the Tenable SecurityCenter as a user who has system settings access.
  2. Navigate to Systems, Configuration, and then to Security.
      The Authentication Settings will be listed.
  3. Scroll down to Allow Session Management
  4. Clear the Allow Session Management option, and click Submit.

...