FireMon Asset Manager
Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The Tenable integration tells you which hosts on your enterprise network are either undefended by Tenable or unknown to Spectre. By comparing Spectre's comprehensive index of all your network devices against that subset of network devices managed by Tenable, you can generate a list of network hosts that are not managed in the Tenable SecurityCenter and then push that information to an asset group on the Tenable SecurityCenter server. Spectre helps identify the gaps in coverage, so your team can close them.

How Does It Work?

  1. Lumeta Spectre queries the Tenable SecurityCenter and retrieves its inventory of devices under management. This data feed is stored on Spectre's database in the tenable_managed_hosts table. 
     
  2. Lumeta Spectre correlates this inventory against its own authoritative index of IP address space.

  3. Spectre data is also pushed to the Tenable SecurityCenter and stored in an asset group. 

  4. Lumeta Spectre highlights the commonalities and differences into views:
    1. Spectre-only IPs: IP addresses Lumeta Spectre knows about, but are unmanaged by Tenable
    2. Tenable-only IPs: IP addresses Tenable knows about, but are unknown to Lumeta (e.g., if Lumeta does not have access to a network or an off-network device, but Tenable is still aware of the client agent)
    3. Tenable- & Spectre-Managed IPs: IP addresses both Lumeta and Tenable know about.

    In reviewing the data on the Spectre dashboard, users can view Device Details. If the user selects Endpoint Context/Action, it will redirect to the Tenable UI where the user can take action to restart, remove, sync, or isolate an endpoint.

This information is available in Lumeta Spectre via the Tenable SecurityCenter Management dashboard.

Configuring the Tenable Feed

Configure the Tenable feed as follows:

  1. On Spectre's main menu, browse to Settings > Integrations > Other Solutions > Tenable.

  2. Enable the threat feed by toggling the slider to On.

  3. Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily, input 12 to poll twice a day, and so on. The minimum polling interval is 1 hour. 

  4. Input the IP address of your Tenable server.

  5. Input your customer Username.


  6. Click Submit
    The feed of data from Tenable SecurityCenter to Spectre is configured. If you see the messages "Configuration saved" and "Product configured properly," then all is well. 

In the Tenable SecurityCenter

To confirm that Spectre-discovered data has been pushed to Tenable SecurityCenter . . .

  1. Log in to the Tenable server using the same credentials you used to configure the integration in Spectre. 


  2. On the SecurityCenter main menu, click Assets

  3. This is the Spectre Asset List within Tenable SecurityCenter.

  4. To manually edit the static list of IPs that came from Spectre, click the Spectre Asset List group. 



  • No labels