Nessus security scans dashboard and drilldown

Dashboard Challenge
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
New Entry

Nessus security scans dashboard and drilldown

Nessus security scans dashboard and drilldown

These dashboards are part of an app i made, to visualize Nessus security scans i Splunk. The idea is somewhat inspired by the existing Tenable App for Splunk from Tenable, but I wanted to to take the visualizations to the next level, and make the data easier to understand and navigate.

The first dashboard is an overview dashboard. The picture below does not show the whole dashboard, but you get the point. It shows data from all vulnerability scans, with color coding differentiating the level of vulnerability severity. It's an easy way of seeing which environments and hosts have the most vulnerabilities, and see which type of vulnerabilities are most widespread. Also note that it shows what period there are scan data from (which might not be the same as the time picker) and how many networks have been scanned (out of the total number of networks).

4d51b4ea-ca58-11ed-94d8-8a44c75c78f8.png

This next picture shows one of many drilldown dashboards in the app. It allows for a more detailed view of vulnerabilities per host, and also the possibility to get more information about a specific host if you click on the top table. This table also uses the same color coding as the overview dashboard. The bottom table links directly to the Tenable website, with more information about the specific vulnerability ID clicked on.

3f11b268-ca58-11ed-92ba-16813f04795b.png

All dashboards allows for various types of filtering, or example only show vulnerabilities with a minimum severity, e.g. at least medium. The dashboards are also utilizing the Splunk ES asset list to get more information about the hosts, so that it's possible to sort on vulnerabilities per business group or environment, among other things. Also, there is a lookup of "ignored vulnerabilities", for which the users can add vulnerabilities to ignore them in the dashboards, e.g. by editing it in the Splunk App for Lookup File Editing.

Summary of functionality used in the dashboards:

  • Color coding of vulnerability severity
  • Drilldowns to other dashboards with more detailed information
  • Drilldowns to external URLs with information on severity IDs
  • Various filtering options on the dashboards
  • Host enrichment from Splunk ES asset list
  • Dynamic whitelisting of vulnerabilities through lookup file
  • Correlation with other sources to show meta-information about vulnerability scans
hettervik
‎05-27-2024 12:46 AM