Do you know which Vulnerabilities your Scanner is missing?

Is your Vulnerability Management Tool able to detect all vulnerabilities in your network? I got the inspiration for this post after reading this entry from Alexander Leonov. He investigates the blind spots on the Vulnerability Scanners databases, and how we may assume that any new and old vulnerability ever published will be identified by our shiny tool for which we pay a substantial license. As he explains that’s not actually true, and uses as reference the excellent CISA Known Exploited Vulnerabilities catalog. [Read More]
tenable  api 

Get Known Exploited Vulnerabilities in your network with Tenable API

Today, let’s see a practical application of the Tenable.sc API analysis endpoint. We’ll use the list of known exploited vulnerabilities provided by CISA and compare the CVEs to the results of our scans. This will give us a list of active unpatched CVEs in our network that should be prioritized, as they are being used in real world attacks. Known Exploited Vulnerabilities(KEV) CISA kindly provides a CSV file with all the vulnerabilities in their catalog of known exploited vulnerabilities; we can download it here [Read More]
tenable  api 

Playing with Tenable.sc Analysis endpoint

Today we are going to play with the analysis API endpoint of Tenable.sc using filters directly, no pre-saved queries. That gives us the same flexibility as working on the GUI. The tricky part is getting the structure of the requests right; I’ll give a detailed explanation of how to do it in PowerShell so you don’t have to suffer yourself 🙂 As usual, I’m going to use PowerShell for the whole process. [Read More]
tenable  api 

Automate offline Tenable plugin updates

Today we are going to work on something related to vulnerability management, but more for a tool manager role related job, which is to keep everything up to date and properly configured so analysts can do their job. If you have a Vulnerability Management infrastructure with Tenable.sc that is air gapped, you will need to update plugins offline. Air gapped networks When you are connected to internet from your Tenable.sc server, everything is easy and smooth, but if you don’t have that option because you are in a network where internet connectivity is not allowed, then you need to work on automating the process, otherwise it’s a pain to manually download the plugins and then go to the GUI in Tenable. [Read More]

Playing with the Tenable.sc API and PowerShell

Here I start a new series of posts where I’ll show how to work with the Tenable.sc API using PowerShell as the scripting language. There is an amazing Python library, pyTenable, which I recommend if you can use Python in your environment, but if you for whatever reason cannot use Python - I might know somebody with that problem 😉 - or you just want to learn an alternative, this is the place! [Read More]