Scribd
Upload
37 views

Tenable Lab Guide

Uploaded by

Muhammad Helmy Fakhruddin
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
37 views

Tenable Lab Guide

Uploaded by

Muhammad Helmy Fakhruddin
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 49

LAB GUIDE

v1.2

DO NOT DISTRIBUTE Page: 1 | Table of Content


TABLE OF CONTENTS

TABLE OF CONTENTS 3
VERSION CONTROL 7
HOW TO USE THIS GUIDE 8
FAQ 8
Q: Can I write an exam after this? 8
Q: Can I skip ahead? 8
Q: My scans won’t complete, will I fall behind? 8
Prerequisites 8
KEY TERMINOLOGY 9
LAB 0 - CONFIRM LAB SANDBOX LOGIN (5 MINUTES) 10
Lab 0: Task 1 - Login to your Vulnerability Management Lab Sandbox 11
Short Instructions 12
Step-by-Step Instructions 12
Step 1 - Login to your Vulnerability Management Lab Sandbox 12
LAB 1 - DATA ACQUISITION (30 MINUTES) 16
Lab 1: Task 1 - Perform a Host Discovery Scan 17
Scenario: New Site 17
Short Instructions 17
Step-by-Step Instructions 17
Step 1 - Create a scan using the Host Discovery template: 17
Step 2 - Edit and launch the host discovery scan: 17
Analysis: 19
Lab 1: Task 2 - Perform a Credentialed Vulnerability Scan 20
Short Instructions 20
Step-by-Step Instructions 20
Step 1 - Create a scan using the Basic Network Scan template: 20
Step 2 - Edit the scan: 20
DO NOT DISTRIBUTE Page: 2 | Table of Content
Step 3 - Add SSH and Windows credentials: 20
Analysis: 22
Lab 1: Task 3 - Create and Launch a Tag-Based Scan 24
Short Instructions 24
Step-by-Step Instructions 24
Step 1 - Create asset tag: 24
Analysis: 24
Step 2 - Create a tag-based scan: 25
Analysis: 25
LAB 2 - WEB APP SCANNING (30 MINUTES) 26
Lab 2: Task 1 - Configure a Web Application Scan 27
Scenario: Newly Discovered Web App 27
Short Instructions 27
Step-by-Step Instructions 27
Step 1 - Install the Selenium IDE extension: 27
Step 2 - Setup a vulnerable web app with credentials: 28
Step 3 - Create a selenium script, using the Chrome extension: 28
Step 4 - Create and run a web app scan using the selenium script 29
Analysis: 30
LAB 3 - PRIORITIZATION (30 MINUTES) 31
Lab 3: Task 1 - Vulnerability Priority Rating (VPR) Analysis 32
Scenario: Where Should We Focus? 32
Short Instructions 32
Step-by-Step Instructions 32
Step 1 - Create a Filter for VPR 9 or Higher Items: 32
Analysis: 32
Lab 3: Task 2 - Accounting for Business Context 34
Short Instructions 34
Step-by-Step Instructions 34
Step 1 - Create and filter with tags for business critical assets: 34
Analysis: 34
Step 2 - Edit and understand the value of ACR, as well as AES: 34

DO NOT DISTRIBUTE Page: 3 | Table of Content


Analysis: 35
Step 3 - Capture the CES for a specific subset of assets: 35
Analysis: 36
LAB 4 - DASHBOARDS & REPORTS (30 MINUTES) 37
Lab 4: Task 1 - Create Dashboards Using Existing Templates 38
Scenario: Communicate With Leadership 38
Short Instructions 38
Step-by-Step Instructions 38
Step 1 - Create a copy of the Vulnerability Management dashboard for business critical assets: 38
Analysis: 39
Lab 4: Task 2 - Create Custom Dashboards 40
Short Instructions 40
Step-by-Step Instructions 40
Step 1 - Create a custom dashboard for business critical assets: 40
Analysis: 40
Lab 4: Task 3 - Create Executive Report 41
Short Instructions 41
Step-by-Step Instructions 41
Step 1 - Create a report using an existing template: 41
Analysis: 41
LAB 5 - ATTACK SURFACE MANAGEMENT (30 MINUTES) 43
Lab 5: Task 1 - Setup your ASM inventory 44
Scenario: New Acquisition 44
Short Instructions 44
Step-by-Step Instructions 44
Step 1 - Allocate 300 assets to your ASM inventory and access it 44
Step 2 - Add a domain to your inventory 45
Step 3 - Improve the associated records 45
Lab 5: Task 2 - Leverage your ASM inventory 48
Short Instructions 48
Step-by-Step Instructions 48
ANALYSIS ANSWERS 54

DO NOT DISTRIBUTE Page: 4 | Table of Content


Lab 1: Task 1: Step 2 54
Lab 1: Task 2: Step 3 54
Lab 1: Task 3: Step 1 54
Lab 1: Task 3: Step 2 54
Lab 2: Task 1: Step 3 55
Lab 3: Task 1: Step 1 55
Lab 3: Task 2: Step 1 55
Lab 3: Task 2: Step 2 55
Lab 3: Task 2: Step 3 56
Lab 4: Task 1: Step 1 56
Lab 4: Task 2: Step 1 56
Lab 4: Task 3: Step 1 57

DO NOT DISTRIBUTE Page: 5 | Table of Content


HOW TO USE THIS GUIDE
The activities outlined in this Lab Exercises & Activities Guide are meant to contain all necessary information to
navigate through the workshop interface, complete the workshop activities, and troubleshoot any potential
issues with the lab environment. This guide is meant to be used in conjunction with the information and guidance
provided by your instructor. Where applicable, analysis answers are found at the end of the guide.

FAQ

Q: Can I write an exam after this?


Although anyone can attempt the various Tenable Specialist and Expert Exams without attending training, this workshop
covers targeted scenarios and is not a substitute for official training classes conducted by Tenable University instructors.
Please contact your Tenable rep for more information on available training resources.

Q: Can I skip ahead?


Labs are expected to be completed sequentially. Detailed instructions are included earlier on and subsequent labs do not
repeat the same level of detail. For example in Lab 1 it states explicitly where to navigate to create a scan. In subsequent
labs, it simply states to “create a scan”, assuming knowledge has been retained on how to create a scan. Feel free to refer
back to previous labs or ask your instructor for assistance.

Q: My scans won’t complete, will I fall behind?


The Lab Sandbox is pre-populated with scans, assets and results. Should you run into issues with running your own scans,
more analysis can be completed with existing data.

Prerequisites
● Google Chrome web browser with internet access and the ability to add extensions.
● Access to your corporate email account.
● Access to your Lab Sandbox.
○ Credentials are delivered by email prior to the session, following this format:
■ From: [email protected]
■ Subject: Tenable University Lab Access Information
○ If you did not receive an email with your Lab Sandbox credentials, notify your instructor.

DO NOT DISTRIBUTE Page: 6 | Table of Content


KEY TERMINOLOGY
● Tenable-specific terms are defined as they are used.

● Links are provided throughout from the primary Tenable documentation landing page, and more specifically from:

○ Tenable Vulnerability Management

○ Tenable Web App Scanning

○ Tenable Attack Surface Management

○ Tenable Identity Exposure

● Your instructor is available to assist with clarifying any terms used.

DO NOT DISTRIBUTE Page: 7 | Table of Content


LAB 0 - CONFIRM LAB SANDBOX LOGIN (5 MINUTES)
In this lab, you will:

● Confirm access to your Lab Sandbox instances for:

a. Vulnerability Management, which also includes access to these apps:

■ Web App Scanning.

■ Attack Surface Management.

Lab 0: Task 1 - Login to your Vulnerability Management Lab Sandbox


Credentials are delivered by email prior to the session, following this format:
● From: [email protected]
● Subject: Tenable University Lab Access Information

Sample email:
Product URL Username Password Notes
Vulnerability {FirstLetterLastName}@{classNam
https://cloud.tenable.com ****
Management e}.training

https://{First}-{LastName}-{classID}-
Use a separate browser
TenableCore core-
admin Tenable123456789! window opened in
Nessus* nessus.labs.university.tenable.com:8
incognito/private mode
000

https://{First}-{LastName}-{classID}-
Use a separate browser
TenableCore Nessus core-
admin **** window opened in
Network Monitor* nnm.labs.university.tenable.com:800
incognito/private mode
0

*not relevant for this specific lab

Along with the email containing credentials, each student is allocated 2 Nessus scanners, 2 agents and 3 targets.
Students are free to scan all systems, but three of them are designed specifically to be targets:

DO NOT DISTRIBUTE Page: 8 | Table of Content


System Naming Convention Agent Scanner Credentials IP Range*

scanadmin/Tenable123!
Amazon Linux - Target {First}-{LastName}_Linux Yes No 10.0.0.0/24
(creds will fail by design)

Windows Server 2016 – Target {First}-{LastName}_Windows Yes No scanadmin/Tenable123! 10.0.0.0/24

Ubuntu 12.04 – Target N/A No No scanadmin/Tenable123! 10.0.0.0/24

CentOS 7 {First}-{LastName}_Scanner No Yes N/A 10.0.0.0/24

Pre Authorized Scanner (AWS) {First}-{LastName}_Scanner_AWS No Yes N/A 10.0.0.0/24

*students should scan the /24 block as each assigned targets will have a randomized IP within the range

Short Instructions
Confirm access to your Vulnerability Management Lab Sandbox.

Step-by-Step Instructions

Step 1 - Login to your Vulnerability Management Lab Sandbox


1. Open the email from [email protected] with the subject line Tenable University Lab Access
Information. If you did not receive an email with your Lab Sandbox credentials, notify your instructor.
2. Only open the Vulnerability Management product URL and test your credentials.
○ The other two product credentials (Tenable Nessus and NNM) are not relevant for this specific lab,
so there’s no need to test them.
○ Inform your instructor of any issues.

Due to the email delivery mechanism, a newline character is typically appended to the
QUICK TIP
username and/or password (if double-clicking to select text within a cell). To prevent credential
DO NOT DISTRIBUTE Page: 9 | Table of Content
lockouts, ensure to remove any newline/whitespace characters before testing.

3. Confirm successful access with your instructor.

DO NOT DISTRIBUTE Page: 10 | Table of Content


Short Instructions
Confirm access to your Identity Exposure Lab Sandbox.

Step-by-Step Instructions

Step 1 - Login to your Identity Exposure Lab Sandbox


4. Open the email from [email protected] with the subject line Tenable University Lab Access
Information. If you did not receive an email with your Lab Sandbox credentials, notify your instructor.
5. Only open the Tenable Identity Exposure Web Portal product URL and test your credentials.
○ The other two product credentials (Tenable Identity Exposure RDP Address and Tenable
Identity Exposure Service Account) are not relevant for this specific lab, so there’s no need to
test them.
○ Inform your instructor of any issues.

Due to the email delivery mechanism, a newline character is typically appended to the
QUICK TIP username and/or password (if double-clicking to select text within a cell). To prevent credential
lockouts, ensure to remove any newline/whitespace characters before testing.

6. Confirm successful access with your instructor.

DO NOT DISTRIBUTE Page: 11 | Table of Content


LAB 1 - DATA ACQUISITION (30 MINUTES)
In this lab you will create various scans using Tenable Vulnerability Management:
● Create and launch a host discovery scan.

● Perform a credentialed vulnerability scan.

● Create a dynamic asset tag.

● Create and launch a tag-based scan.

● Analyze your findings.

DO NOT DISTRIBUTE Page: 12 | Table of Content


Lab 1: Task 1 - Perform a Host Discovery Scan

Scenario: New Site


Your organization has opened a new satellite office in London and you’ve been asked to provide insights into its
internal asset composition.

Short Instructions
Perform a host discovery scan (with operating system identification) of the 10.0.0.0/24 subnet.

Step-by-Step Instructions

Step 1 - Create a scan using the Host Discovery template:


1. Login to Tenable Vulnerability Management using the provided credentials.
2. From the hamburger menu , select Scans.
3. Select Create Scan.
4. Select the Host Discovery scan template.

Step 2 - Edit and launch the host discovery scan:


1. Name your scan as:
○ {Your Initials} - Discovery Scan with OS ID

Ensure to add your initials to any items you create throughout the labs. Your instructor will use
QUICK TIP this identification to provide assistance. As an example, John Smith would title this scan:
● JS - Discovery Scan with OS ID

DO NOT DISTRIBUTE Page: 13 | Table of Content


2. Under SCANNER, select the scanner following the naming convention: {First}-{LastName}_Scanner
3. Under TARGETS, observe the example expected format. Learn more on Scan Targets.
4. Enter your targets as: 10.0.0.0/24
5. Under Settings > Discovery, select SCAN TYPE and change the scan type to OS Identification.
○ Observe the various other scan types.
○ Observe the rest of the available settings under Basic, Discovery, Report and Advanced.
6. Select Save & Launch.
7. As the scan starts, hover over the scan Status and notice the scan status moving from Pending to
Complete.

8. While you wait for the scan to complete, you can:


○ Review the Scan Status documentation.
○ Under ACTIONS, select the three vertical dots on your scan row and review possible actions.
○ Select your scan. Review the quick information provided, such as the scan activity on the left.
○ Select See All Details. Review the available information.
○ Select Create Scan Template and notice all other available templates (e.g. Tactical Scans).
○ Select Quick Actions and notice ways to quickly get a scan setup.
○ Select the Resource Center , Onboarding Guides then Create a Scan. Notice how you can
start a walk-through of creating a scan.
○ Learn more on how to Get Started with Tenable Vulnerability Management, or on Customer
Onboarding next-steps and best practices.

Analysis:
1. When the scan completes, select the name of your scan (back in the Scans view) and select See All
Details. Answer the following questions:
a. How much time did the scan take to complete?

b. Which OS types were discovered?


DO NOT DISTRIBUTE Page: 14 | Table of Content
■ Review plugin ID 11936: OS Identification

c. Select one asset and find out how much time was spent scanning that specific asset (this should
be a lesser value than the entire scan duration).
■ Review plugin ID 19606: Nessus Scan Information
■ Learn about three use cases for plugin ID 19506.
d. Were there any hosts for which the OS type was not identified?
■ Learn more about OS Identification.

e. What is the level of severity for the plugins that results from this scan?

f. Were there any error messages under Warnings?


■ Learn more about Error Messages.

DO NOT DISTRIBUTE Page: 15 | Table of Content


Lab 1: Task 2 - Perform a Credentialed Vulnerability Scan

Short Instructions
Perform a credentialed network scan of the 10.0.0.0/24 subnet.

Step-by-Step Instructions

Step 1 - Create a scan using the Basic Network Scan template:


1. Create another scan but this time use the Basic Network Scan template.

Step 2 - Edit the scan:


1. Name your scan as: {Your Initials} – Credentialed Basic Network Scan
2. Select the scanner following the naming convention: {First}-{LastName}_Scanner
3. Enter your targets as: 10.0.0.0/24
4. Modify the SCAN WINDOW to 3 hours.
5. In the left pane, navigate to Report and select Override normal verbosity and Report as much
information as possible.

Step 3 - Add SSH and Windows credentials:


1. In the left pane, navigate away from Settings and instead select Credentials.
2. Select the to the right of Add Credentials.
3. Expand the Host row, select SSH.

4. Modify the following:


○ AUTHENTICATION METHOD: password
DO NOT DISTRIBUTE Page: 16 | Table of Content
○ USERNAME: scanadmin
○ PASSWORD: Tenable123!
5. Select Save.
6. Select again the to the right of Add Credentials.
7. Expand the Host row, select Windows.
8. Modify the following:
○ AUTHENTICATION METHOD: password
○ USERNAME: scanadmin
○ PASSWORD: Tenable123!
9. Hover over the to learn more about various recommendations.

To scale credential management within your organization, you can also select Save to
Managed Credentials, allowing the re-use of credentials for more than one scan, without
submitting them again:

QUICK TIP You can also follow the Create a Managed Credential guide to add them directly.

Managed credentials are available for review from Menu > Settings > Credentials. They can
also be added directly when editing scans, expanding the credential type row MANAGED
CREDENTIALS, and selecting the appropriate credentials:

10. Select Save, then Save & Launch.


11. While you wait for the scan to complete, you can:
○ Learn about credentialed scanning and privileged account use.
○ Review useful plugins to troubleshoot credential scans.
○ Learn how to troubleshoot Linux credentialed scans.
○ Learn how to troubleshoot Windows credentialed scans.
○ Bookmark four best practices for credentialed scanning.

DO NOT DISTRIBUTE Page: 17 | Table of Content


Analysis:
1. When the scan completes, open it up (like you did with the previous scan) and review if authentication
was or wasn’t successful for the various assets in scope.
a. Use the useful plugin guide to filter for plugins that may be useful in your investigation.
b. Check the plugin outputs as you go, for specific context.

2. Filter the aggregated results to understand which hosts are failing to run local checks.
a. From the hamburger Menu, select Findings (under Explore).
b. Under Vulnerabilities, select Advanced and clear all filters by selecting the X to the right (directly
to the left of Apply).
c. Select the box where it says Enter filter query…
■ Notice how filters are available to scroll through.
d. Type: Plugin (do not copy & paste).
■ Notice how filters change based on the submission.
e. Select Plugin ID.
f. Select is equal to.
g. Type: 21745
■ Review plugin ID 21745: OS Security Patch Assessment Failed
h. Select Apply

If you select Advanced again from this view, notice how a bubble appears with the filter you
created. This reverts you back to the Basic view (default view). You can toggle back and forth by
selecting Advanced.
When in the Basic view, you can select the filter option to the left of Advanced. Notice how
QUICK TIP this expands your filtering options. You can then click Select Filters and manually add and edit
filters.

Discover if the Basic or Advanced view works best for you and find out more about filtering
Explore Tables.

DO NOT DISTRIBUTE Page: 18 | Table of Content


i. Select sample assets, then Plugin Output.
j. Review various error messages.
k. Review plugins that will cause plugin ID 21745 to report a failure.

DO NOT DISTRIBUTE Page: 19 | Table of Content


Lab 1: Task 3 - Create and Launch a Tag-Based Scan

Short Instructions
Tags add business context to your assets with descriptive metadata and can either be statically defined or
dynamically applied with enhanced filtering capabilities.

In this part of the lab, you will create a tag to identify Windows 2016 servers, then use this tag to launch a scan.

Step-by-Step Instructions

Step 1 - Create asset tag:


1. From the hamburger Menu, select Assets (under Explore).
2. Select Advanced, clear the existing filters and replace it with: Operating System is equal to Microsoft
Windows Server 2016* AND IPv4 Address is equal to 10.0.0.0/24
3. Select Apply.
○ Notice how this lists all 2016 Windows Servers part of our subnet.
4. To the right of Saved Filters, select the tag icon .
5. Select Select or create Category and type: {Your Initials} - Headquarters
○ Make sure to select the “Create “{your tag}” to submit your change.
6. Select Select or create Value and type: Microsoft Windows Server 2016
○ Make sure to select the “Create “{your tag}” to submit your change.
7. Notice how your Advanced filter is already submitted as the search filter for this tag.
○ Learn more about creating tags from Asset filters.
8. Select Save.

Analysis:
1. Learn more about navigating and editing tags.
2. Find and select your tag under the hamburger Menu > Settings > Tagging
a. How many assets are tied to this tag?
b. How could you edit the associated value in the future?

DO NOT DISTRIBUTE Page: 20 | Table of Content


c. How could you add another value, associated with this new category?

Step 2 - Create a tag-based scan:


1. Create another scan, using the Basic Network Scan template again.
2. Name your scan as: {Your Initials} - Windows 2016 Server
3. Select the scanner following the naming convention: {First}-{LastName}_Scanner
4. Instead of adding targets under TARGETS, select your previously created Windows 2016 Server tag
under TAGS.
○ Notice the new options that appear when a tag is selected.
○ Learn more about the difference between Existing tagged assets only versus Targets defined
by tags, and IP Selection.

Using a discovery-only public cloud connector (AWS, Azure, GCP), you can identify both the
private IP (RFC1918) or the public IP (non-RFC1918) addresses of cloud assets (EC2 instances or
QUICK TIP
VMs). Should you create a tag to capture these assets, the IP Selection option allows you to
target whichever IP is relevant to your scan.

5. Select Save & Launch.

Analysis:
1. Did the scan correctly limit the targets in scope to Windows 2016 Server within our subnet?
2. Did the scan identify the same number of vulnerabilities, in comparison to our previous scan that used the
Basic Network Scan template? Identify why.
3. What benefits are there to using tags instead of specifying targets within a scan?
○ Learn more about asset tags.

-End of Lab 1-

DO NOT DISTRIBUTE Page: 21 | Table of Content


LAB 2 - WEB APP RISKS (30 MINUTES)
The output of a Tenable Web App Scanning scan, a Dynamic Application Security Testing (DAST) tool, will provide
you with vulnerability details associated with a target URL, focused on OWASP Top 10 and third party component
vulnerabilities. This gives you a better understanding of the risk the current web based application poses to your
organization. Public facing websites can be a point of entry for threat actors if they are not designed and built
securely.

In this lab, you will:

● Install the Selenium IDE Chrome extension.

● Deploy a vulnerable web application using the Google project Gruyere.

● Create a credentialed web application scan with Selenium authentication. Note that Selenium-based

authentication is used for example purposes. The API Key, Bearer Token, Cookie and Login Form options are

also available.

● Analyze your findings.

DO NOT DISTRIBUTE Page: 22 | Table of Content


Lab 2: Task 1 - Configure a Web Application Scan

Scenario: Newly Discovered Web App


Your manager has urgently asked you to establish the risks associated with a public-facing web app that was
recently uncovered by a third-party pentest. The pentester already established that many users seem to have
access, and management would like to specifically know how vulnerable the web app is to potentially
compromised trusted accounts.

Short Instructions
Add the Selenium IDE Chrome extension, setup a vulnerable application using the Google project Gruyere and
create a scan to analyze this web application.

Step-by-Step Instructions

Step 1 - Install the Selenium IDE extension:


This Chrome extension allows you to create Selenium scripts by recording the authentication steps taken when
accessing a web application. This script can then be used for Web App Scanning to automated authentication
and find vulnerabilities from the perspective of a compromise privileged account:
1. In the same browser window, open a separate tab and access the Selenium IDE Chrome Extension.
2. Select Add to Chrome

If you are planning to use the extension in Incognito mode, navigate to chrome://extensions,
find the extension and select Details, then scroll down and toggle on Allow in Incognito.
QUICK TIPS
Did you know that the Tenable WAS Chrome extension is going away? Read more about the
EOL announcement.

DO NOT DISTRIBUTE Page: 23 | Table of Content


Step 2 - Setup a vulnerable web app with credentials:
The Tenable lab environment does not include a vulnerable web application for testing so you can create one
using the Google project Gruyere.
1. Navigate to the Google project Gruyere.
2. Scroll down to the bottom of the page and select Continue >>.
3. Under Setup, select the URL: https://google-gruyere.appspot.com/start
4. Select Agree & Start to start up the sandbox website.
5. Select Sign Up (top right corner).
6. Submit credentials:
○ User name: admin
○ Password: password
7. Select Create account.
8. You should see a confirmation message stating: Account created
9. Select Home (top left corner), and Sign Out (top right corner).

Step 3 - Create a selenium script, using the Chrome extension:


Now that you have configured credentials for the Gruyere web app, you can proceed to record the authentication
steps using the Chrome extension:
1. Copy the URL of your Gruyere app. It should follow a format similar to:
○ https://google-gruyere.appspot.com/*******/
○ Ensure to exclude the directory: /logout

2. Select the chrome extension . You may need to pin it to the toolbar using if you do not see it.
○ Notice the pop-up window.
3. Select Record a new test in a new project.
○ Title your project, then select Ok.
4. Past the URL of your Gruyere app (as the BASE URL), then select Start Recording.
5. In the new window to popped up showing the Gruyere app, select Sign in (top right corner)
6. Submit credentials:
○ User name: admin
○ Password: password
7. Select Login.
8. Close your browser window.

DO NOT DISTRIBUTE Page: 24 | Table of Content


9. In the Selenium IDE window, stop the recording (top right).
10. Submit a name for the recording.
11. Review the steps that were recorded.
It’s important that only the login steps were taken. If other actions were taken (e.g. clicked on
QUICK TIP other links, typed something else), or if you experienced a login failure, stop the recording, clear
what’s been recorded and start over. You may also be able to delete specific steps manually.

12. Download the selenium script (top right).

Step 4 - Create and run a web app scan using the selenium script
1. From the workspace tab, navigate to Web App Scanning.
2. Navigate to Scans (top left menu).
3. Select Create Scan.
4. Select Custom Scan, then modify the General values:
○ Scan Name: {Your Initials} - Credentialed WAS
○ Targets: {your gruyere URL}
i. After you add your target, select Add to Targets list.
5. Select Advanced and change the Target scan max time to 00:10:00 (10 minutes).
○ This will ensure some results are available within 10 minutes of the scan start time.
6. Select Credentials.
7. Select Add Authentication Type, then Web Application Authentication.
8. Change the Authentication method from Login Form to Selenium.
9. Modify the following values:
○ Name: {Your Initials} - Gruyere
○ Page to verify active session: https://google-gruyere.appspot.com/{yourCustomUrl}/editprofile.gtl
○ Pattern to verify active session: Edit your profile.
10. Select Add File and upload your script.
11. Select Save New Authentication.
12. Select your newly added credentials under Previously Saved Credentials.
○ Notice how they move to the left section.
13. Select Save and Run.
○ Notice your scan under the My Scans page.
14. While you wait for the scan to complete:
DO NOT DISTRIBUTE Page: 25 | Table of Content
○ Learn more on all available web application authentication methods.

Analysis:
1. When the scan completes (within 10 minutes of the scan start time), review the scan findings.
a. Select the scan name then See All Details.
b. Confirm that the Selenium authentication was successful. Learn more about:
■ Plugin ID 98141: Selenium Authentication Succeeded,
■ Plugin ID 98142: Selenium Authentication Failed
■ Plugin ID 98143: Selenium Crawl Succeeded
■ Plugin ID 98145: Selenium Crawl Failed.
c. Find and analyze various findings, such:
■ Plugin ID 98104: Cross Site Scripting (XSS).
■ Plugin ID 113338: Web Cache Poisoning
■ Plugin ID 98138: Screenshot
■ Plugin ID 98009: Web Application Sitemap
d. Notice the available data points such as payload, proof, output, HTTP request and response.
e. Download and review an attachment from a vulnerability findings.
f. For additional content, review any of the other available web application scan results.
2. Notice how under the hamburger Menu > Explore > Findings you can review Web Application Findings
along other vulnerability findings.
a. Use an advanced filter to find the Gruyere web app vulnerabilities from this aggregate view.

-End of Lab 2-

DO NOT DISTRIBUTE Page: 26 | Table of Content


LAB 3 - PRIORITIZATION (30 MINUTES)
In this lab, you will use various metrics and asset attributes in Tenable Vulnerability Management to assist with

prioritizing your remediation actions:

● Vulnerability Priority Rating (VPR).

● Asset Criticality Rating (ACR).

● Asset Exposure Score (AES).

● Cyber Exposure Score (CES).

● Tags on business critical assets.

DO NOT DISTRIBUTE Page: 27 | Table of Content


Lab 3: Task 1 - Vulnerability Priority Rating (VPR) Analysis

Scenario: Where Should We Focus?


You now have various assets and findings available and want to identify vulnerabilities of focus and which assets
have vulnerabilities that carry the highest risk to your organization.

Short Instructions
Create a filter for VPR of 9 or greater, review findings and identify which assets carry those vulnerabilities.

Step-by-Step Instructions

Step 1 - Create a Filter for VPR 9 or Higher Items:


1. From the hamburger Menu, select Findings (under Explore).
2. Create an advanced filter as: VPR is greater than or equal to 9
3. Select Apply.
4. Select Saved Filters, then Save.
5. Enter a name for this filter: {Your Initials} - VPR 9 or Greater
6. To save the filter, select the check mark.
a. If you hover over the saved filter, notice the options available when selecting the three vertical
dots.
b. Learn more about saving filters.

Analysis:
1. Remove the filter and sort the Severity column from most severe to least severe (i.e. Critical > High >
Medium > Low). Re-apply the VPR filter and sort the VPR column from greatest to least (i.e. 10 > 9). Are the
same vulnerabilities at the top of the list?
a. Learn more about the Vulnerability Priority Rating (VPR).
b. Learn more about the difference between CVSS and VPR.
2. With the VPR filter still on, select a vulnerability from the list.
a. Select See All Details.

DO NOT DISTRIBUTE Page: 28 | Table of Content


b. Review the variations sections, such as Description, Solution, See Also and Asset Affected.
c. Review the available Plugin Output. Who is this information most valuable to?
d. Review the Vulnerability Information in the tab to the right, as well as VPR Key Drivers and Risk
Information.
e. Learn more about the VPR key drivers.

3. Select Back to Findings, and with the VPR filter still on, what value would there be in changing the Group
By view from the None (the default) to Plugin? What is the default sorting order? Define Vuln Count.
a. Learn more about grouping findings.
4. With the VPR filter still on, now group by Assets. What value does this bring?

DO NOT DISTRIBUTE Page: 29 | Table of Content


Lab 3: Task 2 - Accounting for Business Context
So far we’ve focused on assets with vulnerabilities carrying VPR of 9 or greater, but without accounting for
business context. Using the Asset Critical Rating (ACR) and asset tags, we can account for business context and
determine the Asset Exposure Score (AES) of assets and ultimately review our Cyber Exposure Score (CES).

Short Instructions
Create tags for business critical assets, review and edit ACR of assets, and understand how it all comes together.

Step-by-Step Instructions

Step 1 - Create and filter with tags for business critical assets:
Management has provided you with a list of 3 business critical assets located at the headquarters which must be
tracked closely.
1. From the hamburger Menu, select Assets (under Explore).
2. Select a handful of assets manually (using the check boxes to the left).
○ These represent business critical assets.
3. Select Add Tags.
4. Select your existing category and create a new value:
○ Category: {Your Initials} - Headquarters
○ Value: Business Critical

Analysis:
1. Now that we have an asset tag for business critical assets, how would you filter for related vulnerabilities?
2. How would you find vulnerabilities with VPR greater than or equal to 9, only on business critical assets?

Step 2 - Edit and understand the value of ACR, as well as AES:


Management has provided new business context which affects the ACR of a business critical asset.
1. From the hamburger Menu, select Assets (under Explore).
2. Create an advanced filter to look for assets with your Business Critical tag.
○ You may need to refresh the page to see this new tag value show up

DO NOT DISTRIBUTE Page: 30 | Table of Content


3. Select an asset with the lowest ACR, then select See All Details.
○ Observe the ACR for each asset.
○ Learn more about ACR.
4. Select Actions (top right).
5. Select Edit ACR.
6. Increase the score to 10.
7. Select the overwrite reasoning as Business Critical.
8. In the notes section, document the new business context provided by management:
○ Device instrumental in upcoming product release, increasing ACR to 10. See case #C109289
for reference. 01/02/2024
9. Notice that ACR changes are updated within 24 hours.

Analysis:
1. How will increasing the ACR impact an asset’s AES?
a. Learn more about AES.
2. Learn more about the Lumin timing.

Step 3 - Capture the CES for a specific subset of assets:


Management is looking to understand the overall impact of business critical assets, in comparison to the rest of
the organization.
1. Navigate to the workspace (top right corner) and access the Lumin app (not Lumin Exposure View).
2. Select Configure (top right corner)
a. Observe the available industries (do not change as this will affect others in the lab).
b. Learn more about industries in Lumin.
3. Scroll down to the lab widget titled: Cyber Exposure Score by Business Context/Tag
4. To the right, select the three vertical dots, then Configure.
5. Select Add Tag, then set the category and value:
a. Category: {Your Initials} - Headquarters
b. Value: Business Critical
6. Select Save.

DO NOT DISTRIBUTE Page: 31 | Table of Content


Analysis:
1. Observe how the CES varies between asset groups.
○ Learn more about CES.
2. Click on each Tags to the left to access the Business Context/Tag Asset Details dashboards.
○ Learn more about Business Context/Tag Asset Details.
3. Repeat the same steps above to see a CES specific to Windows 2016 servers. Which group of assets
carries the highest risk values? Why is it important to review various groups of assets?
4. Under the Action to Reduce CES (top right corner), select See Top Recommended Actions. How does
this list differ from reviewing assets or vulnerabilities individually?
○ Select various solutions and observe the available data points.
○ Learn more about Recommended Actions.
5. Understand how to improve your Lumin metrics.
6. Observe the rest of the Lumin widgets.
○ Learn more about the Lumin dashboards.

-End of Lab 3-

DO NOT DISTRIBUTE Page: 32 | Table of Content


LAB 4 - DASHBOARDS & REPORTS (30 MINUTES)
In this lab, you will:

● Create dashboards from existing and custom templates.

● Create an executive report.

DO NOT DISTRIBUTE Page: 33 | Table of Content


Lab 4: Task 1 - Create Dashboards Using Existing Templates

Scenario: Communicate With Leadership


You’ve now identified assets and vulnerabilities of focus and want to better visualize and communicate your
security posture with management.

Short Instructions
Create a dashboard using the existing Vulnerability Management template, targeted at business critical assets.

Step-by-Step Instructions

Step 1 - Create a copy of the Vulnerability Management dashboard for business critical assets:
1. Back within the Vulnerability Management app and from the hamburger Menu, select Dashboards.
2. Select New Dashboard, then Template Library.
3. Search for the template: Vulnerability Management (Explore)
4. Hover over the template, then select Preview.
○ Read about this dashboard.
5. Select Add to Dashboards.
6. Scroll down. You’ll find this dashboard as Copy of Vulnerability Management.
7. Select the three vertical dots to the right of the dashboard
○ Observe the available options.
8. Select Edit.
9. Hover over the title of this dashboard (top left corner) and select the pencil .
10. Rename the dashboard as: Vulnerability Management (Business Critical Assets)
11. Select the checkmark to save this name change.
12. Select Edit Filter (top right).
13. Select All Assets and change it to Asset Tags.
14. Select your Business Critical asset tag.
15. Select Apply.
○ Observe the widgets update to only show data points related to business critical assets.
○ Learn more about filtering dashboards.
DO NOT DISTRIBUTE Page: 34 | Table of Content
16. Select Done Editing.

Analysis:
1. Of all vulnerabilities related to business critical assets, what percentage are exploitable?
2. Which business critical assets carry the most exploitable vulnerabilities?
3. Select an asset within the Top 100 Most Vulnerable Assets widget? What behavior did you just observe?
4. How would you share this dashboard with others?
○ Learn about dashboard management.
5. Schedule a detailed PDF export of this dashboard to be sent to you over email, monthly, starting in the
next half hour.
○ Learn about dashboard exports.
6. Review the dashboard feed.

DO NOT DISTRIBUTE Page: 35 | Table of Content


Lab 4: Task 2 - Create Custom Dashboards
At times, available dashboard templates may not reflect everything management is looking for, and custom
dashboards are required to meet specific needs.

Short Instructions
Create a custom dashboard using existing widgets, specific to business critical assets.

Step-by-Step Instructions

Step 1 - Create a custom dashboard for business critical assets:


1. Select New Dashboard, then Custom Dashboard.
2. Rename the dashboard as: Management (Business Critical Assets)
3. Hover over Add New Widget, then select Library.
4. Review the large pool of available widgets and select ones of value to management (by hovering over
wanted widgets and selecting Add).
5. Once you’ve added a few, select Back to Dashboards.
6. Filter this dashboard to only show business critical assets.
7. Select Done Editing.
8. Find your dashboard and navigate through it.

Analysis:
1. What data points could you see your organization use today?
2. Within your custom dashboard, how would you modify a specific widget to show findings related to
different assets than the business critical assets already being filtered for?
○ Learn more about configuring widgets.
3. Create your own custom widget and add it to your custom dashboard.
○ Learn more about custom widgets.

DO NOT DISTRIBUTE Page: 36 | Table of Content


Lab 4: Task 3 - Create Executive Report
You have been tasked to schedule the delivery of a report highlighting an overview of the organization’s
vulnerability management program, to assist the organization in identifying vulnerabilities, prioritizing
remediations, and tracking remediation progress.

Short Instructions
Create a report that fits leadership’s requirements using the existing Vulnerability Detail Report template.

Step-by-Step Instructions

Step 1 - Create a report using an existing template:


1. From the hamburger Menu, select Reports (under Act).
2. Select Create New Report.
3. Find the template titled Vulnerability Detail Report, hover over it and select Select.
4. Name the report:
○ {Your Initials} - Vulnerability Detail Report
5. Review the various widgets and chapters. Modify the order and add new widgets, as needed.
6. Select Edit Filter.
7. Select your Business Critical tag, then select Apply.
8. Select Update Logo.
9. Download the Google project Gruyere logo (or an alternative logo meeting the size criteria).
10. Select Add Logo.
11. Find your downloaded logo and add it.
12. Select Update.
13. Select Save.
14. Select the three vertical dots to the right of your report (under Actions), then select Generate Report.
15. Navigate to Report Results, then (once generation is completed), select the three vertical dots to the right
of your report (under Actions), then Download.

Analysis:
1. What is the total of unmitigated Critical and High vulnerabilities?

DO NOT DISTRIBUTE Page: 37 | Table of Content


2. What is the percentage of vulnerabilities with patches available for more than 30 days?
3. What plugin is listed at the top of the Top Active Vulnerabilities table? Find the associated assets within
Explore > Findings and export as a CSV.

4. Schedule a PDF export of this report to be sent to you over email, monthly, starting in the next half hour.
○ Learn more about scheduling reports.

5. Create another report using the Cyber Insurance Template.


○ Export and review the various sections.
○ Learn more about the Cyber Insurance Report.
6. Review the report feed.

-End of Lab 4-

DO NOT DISTRIBUTE Page: 38 | Table of Content


LAB 5 - EASM (30 MINUTES)
In this lab, you will:

● Setup your ASM inventory.

● Add a domain to ASM, as well as enrich it.

● Evaluate the risk associated with this domain.

DO NOT DISTRIBUTE Page: 39 | Table of Content


Lab 5: Task 1 - Setup your ASM inventory

Scenario: New Acquisition


You’ve just received notice of a new domain under management as part of a recent acquisition and have been
tasked to identify any public exposure. The first task will be to add this domain to ASM, but segment it from the
known and trusted assets.

Short Instructions
Allocate 300 assets to your own inventory, add a domain and improve the associated records.

Step-by-Step Instructions

Step 1 - Allocate 300 assets to your ASM inventory and access it


1. From the Workspace, navigate to the ASM app.
2. Once in ASM, select the in the top right corner.
a. Reach out to your instructor to be enabled as Business Admin. Optionally: you can impersonate
Etienne and set yourself as Business Admin.
3. Navigate to Businesses.
a. Notice how the total asset limit is shared between users and inventories.
4. Navigate to Inventories.
5. Select Create a new inventory.
a. Modify the following:
■ Name: {Your Initials} - Inventory
■ Asset limit: 300 (reduce from the default 1,000)
b. Select Create.
c. Notice your new inventory configurations.
6. Select Edit to the right of your new inventory.
a. Select Access Now

DO NOT DISTRIBUTE Page: 40 | Table of Content


Step 2 - Add a domain to your inventory
1. From the main ASM page, ensure your inventory is listed in the middle of the top bar.
○ If it isn’t, repeat the steps above to access it.
2. Once in your inventory:
○ Submit a domain of your choice (e.g. Tenable.com).
○ Select Add domain name.
■ ASM records will be fetched from what we’ve already discovered publicly.
3. Watch how your asset list will grow over the next few seconds and most likely hit the 300 asset limit.
○ Understand how an ASM asset is determined.
4. Notice how the domain was added to the left. In a scenario where you had added the incorrect domain:
a. Hover over it and select .
b. Select Delete from inventory.
■ Notice how your license is immediately cleared.
c. Re-add the domain.

Step 3 - Improve the associated records


1. Navigate back to the domain setting on the left.
a. Select Add subdomain.
■ Notice how you could add anything that was missed in the ASM discovery.
2. Navigate to Suggested domains (by selecting the in the top bar).
a. Notice the suggested domains.
b. Select one or more (using the left checkboxes).
c. Select Add to this inventory.
d. Navigate back to your inventory (by selecting Attack Surface Management in the top left).
e. Notice how the selected domain is added under your previously added domain.
3. Navigate back to Suggested domains.
a. Select the in the top right, but within the Suggested domains pane (not in the top header).
■ Notice the various options to improve suggested suggestions.
b. Select Manage brand names.
■ Understand what this entails.
c. Select Add a new entry.
d. Set a brand name (of your choice) as a positive identifier and select Save, then Close.

DO NOT DISTRIBUTE Page: 41 | Table of Content


4. Navigate back to your inventory.

a. Select the in the top header.


■ Notice the various options to expand or refine your inventory.
b. Select Add or Modify Exclusion Rules.
c. Select Add an exclusion rule.
■ Identity a subdomain that you wish to exclude (e.g. *.labs.* or *.qa.*).
d. Once added, select Save, Run rules now, then Close.
e. Refresh the page and confirm it’s gone.
■ To see it again, scroll to the bottom and select X results archived.
5. Navigate back to your inventory.
a. Select a couple assets with similar subdomains (e.g. cloud), using the checkboxes to the left.
b. Select Actions, then Add Tags.
■ As no tags exist, you’ll have to create a new tag, and repeat this process.
c. Select Create new tag.
d. Select a Tag name (e.g. Cloud) and assign a Value type (e.g. Keyword).
e. Select Actions again, then Add Tags.
f. Select your new Tag, then Add.
g. Select the in the top right, within your inventory pane (not in the top header).
h. Select Manage Columns.
i. Search for your tag (located under Generic) and select it, then SHOW.
■ Notice how your inventory now has a column for cloud.
6. Navigate back to and select Add or Modify Automation Rules.
a. Select Add rule.
■ Notice the available options.
7. Navigate back to your inventory and select any asset (using the checkbox to the left).
a. Select Actions.
b. Notice how you can send the domain over for a vulnerability or web app scan.

DO NOT DISTRIBUTE Page: 42 | Table of Content


Lab 5: Task 2 - Leverage your ASM inventory
Now that your inventory is set up and fine tuned, you’ll want to start understanding and reporting on the risk
associated with these new assets.

Short Instructions
Review assets, reporting and add subscriptions.

Step-by-Step Instructions
Step 1 - Review assets
1. Navigate to your inventory and hover over an asset and select the to the right.
a. Notice the fields available.
b. If you select an asset with a custom tag, you’ll see it under Custom columns.
2. Navigate back to your inventory and select .
a. Select Render Assets as Table.
■ Notice that you can export various tables.

Step 2 - Review assets


1. Navigate to the Dashboard .
a. Notice the displayed widgets.
2. Navigate to Subscriptions .
a. Notice the default subscriptions.
b. Select Add subscriptions.
c. Select All categories and change it to Compliance.
■ Subscribe to items of value (e.g. Weak SSL).
d. Change the category to IT Hygiene.
■ Subscribe to items of value (e.g. Assets with port 80 but no 443).
e. Subscribe to a few more items.
f. Click anywhere outside of the subscriptions window.
■ Notice how assets start to populate.

DO NOT DISTRIBUTE Page: 43 | Table of Content


g. Hover over any subscriptions and select .
■ Notice how you can receive notifications over various channels.

3. Navigate back to Dashboard.


a. Notice how new widgets have been added for the added subscriptions.
4. Select Reports .
a. Select Add Report.
b. Name the report.
c. Select Add and Run Report.
■ If you’re over your inventory license, you will not be able to generate a report.
5. Navigate back to your inventory.
a. Notice the Triage pane to the right.

-End of Lab 5-

DO NOT DISTRIBUTE Page: 44 | Table of Content


ANALYSIS ANSWERS

Lab 1: Task 1: Step 2


1.a. Will vary. Can find duration by hovering over the scan, under the STATUS column.
1.b. Amazon Linux AMI, Microsoft Windows Server 2016 and Ubuntu. Can find OS types by expanding the plugin
output for assets under plugin ID 11936.
1.c. Will vary. Can find duration by reviewing the plugin output of plugin ID 19606 for the asset selected.
1.d. Yes. Only 3 assets under plugin ID 11936, but 7 assets under plugin ID 10180.
1.e. Informational. Can be seen by reviewing findings for the scan.
1.f. Yes. Can be reviewed by opening the scan and reviewing the Warnings tab.

Lab 1: Task 2: Step 3


1. Authentication should be successful on some assets, and not on others.
2. Will vary.

Lab 1: Task 3: Step 1


1. N/A
2.a. May vary. ~7. Can review by looking at the # of assets column.
2.b. Select the value and edit the rule, then save.
2.c. Create a tag, select the existing category and create a new value.

Lab 1: Task 3: Step 2


1. Yes. May vary if the tag was not created or selected correctly.
2. The authenticated scan carries more vulnerabilities as it can utilize both local and remote plugins, where the
scan without authentication can only use remote plugins.
3. Expected targets in scope can live within a single location instead of being configured within individual scans,
simplifying scaling and auditing. Tags have the capability to be dynamic (e.g. based on OS type), where targets in
scans are based on IP addresses and hostnames. The same tags can also be used to filter for various views,
dashboards and reports.

DO NOT DISTRIBUTE Page: 45 | Table of Content


Lab 2: Task 1: Step 3
1.a. N/A
1.b. Use the provided plugins to confirm.
1.c. N/A
1.d. N/A
1.e. N/A
1.f. N/A
2.a. Advanced filter: Asset Name is equal to google-gruyere.appspot.com

Lab 3: Task 1: Step 1


1. No, as severity is based on either CVSSv2 or CVSSv3 (configurable under Settings > General > Severity), and not
VPR. This highlights the need to filter by VPR.
2.a. N/A
2.b. N/A
2.c. May vary. Individuals who are closest to performing the actual remediation actions.
2.d. N/A
2.e. N/A
3. Viewing by plugin shows a list of unique vulnerabilities, with an aggregate count of instances, where an
instance is a combination of a plugin, asset and port. Top vulnerabilities in this list carry the highest volume of
affected assets.
3.a. N/A
4. Clearly highlights assets carrying the highest volume of vulnerabilities.

Lab 3: Task 2: Step 1


1. Navigate to Explore > Findings and create an advanced filter: Asset Tags is equal to {Your Initials} -
Headquarters: Business Critical
2. Navigate to Explore > Findings and create an advanced filter: Asset Tags is equal to {Your Initials} -
Headquarters: Business Critical AND Plugin ID is greater than or equal to 9

Lab 3: Task 2: Step 2


1. A higher ACR indicates higher criticality. As AES is built from VPR and ACR, it would increase the AES.
DO NOT DISTRIBUTE Page: 46 | Table of Content
2. N/A

Lab 3: Task 2: Step 3


1. N/A
2. N/A
3. Will vary. The overall organization’s CES may be within target, while some business units may carry a high load
of high AES (and vice versa).
4. This list groups together common remediation actions between various vulnerabilities. If an individual is
already trained up and ready to action one remediation item on one asset, they can have an even greater impact
when knowing all other assets they can tackle. Their focus is no longer on specific plugins, CVEs or assets, and
instead on the actual remediation actions with the most impact. This is also the best way to reduce the CES.
5. N/A
6. N/A

Lab 4: Task 1: Step 1


1. Will vary. Can be observed in the Vulnerabilities Overview widget.
2. Will vary. Can be observed in the Top 100 Most Vulnerable Assets.
3. Dashboards are dynamic so selecting anything on dashboards navigates to the actual asset or vulnerability and
applies the associated filter. This is useful to find the actual action item.
4. Created dashboards are only visible to the owner, unless explicitly shared with other users.
5. Select the three vertical dots over a created dashboard and select Share.
6. N/A
7. N/A

Lab 4: Task 2: Step 1


1. Will vary.
2. Open a dashboard, find a widget to edit, select the three vertical dots, select Configure then modify the
selected asset tags.
3. N/A

DO NOT DISTRIBUTE Page: 47 | Table of Content


Lab 4: Task 3: Step 1
1. Will vary. Within the downloaded report, can find this under the Vulnerabilities Overview table.
2. Will vary. Within the downloaded report, can find this under the Vulnerabilities Overview table.
3. Will vary. Within the downloaded report, can find this under the Top Active Vulnerabilities table.
4. N/A
5. N/A
6. N/A

DO NOT DISTRIBUTE Page: 48 | Table of Content


About Tenable
Tenable® is the Exposure Management company. Approximately 43,000
organizations around the globe rely on Tenable to understand and reduce
cyber risk. As the creator of Nessus®, Tenable extended its expertise in
vulnerabilities to deliver the world’s first platform to see and secure any
digital asset on any computing platform. Tenable customers include
approximately 60 percent of the Fortune 500, approximately 40 percent of
the Global 2000, and large government agencies.
Learn more at tenable.com.

COPYRIGHT 2023 TENABLE, INC. ALL RIGHTS RESERVED. TENABLE, NESSUS, LUMIN, ASSURE, AND THE TENABLE
LOGO ARE REGISTERED TRADEMARKS OF TENABLE, INC. OR ITS AFFILIATES. ALL OTHER PRODUCTS OR SERVICES
ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS.

DO NOT DISTRIBUTE Page: 49 | Table of Content

You might also like