Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guide de l'utilisateur télécharger pdf (Page 46)

New Asset Discovery

Interval

PVS listens to network traffic and attempts to discover when a new host has been

added. To do this, the PVS constantly compares a list of hosts that have generated

traffic in the past to those currently generating traffic. If it finds a new host generating

traffic, it will issue a “new host alert” via the real-time log. For large networks, PVS can

be configured to run for several days to gain knowledge about which hosts are active.

This prevents PVS from issuing an alert for hosts that already exist. The number of

days PVS should monitor traffic to learn which hosts are active is specified by this

setting. For large networks, Tenable recommends that PVS operate for at least two

days (the default setting) before detecting new hosts.

Connections to Services

When enabled, this option enables PVS to log which clients are attempting to connect

to servers on the network and what port they are attempting to connect to. They do not

indicate if the connection was successful, but only indicate that an attempt to connect

was made. Events detected by PVS of this type are logged as PVS ID “00002”.

Show Connections

When enabled, PVS will record clients in the focus network that attempt to connect to a

server IP address and port and receive a positive response from the server. The record

will contain the client IP address, the server IP address, and the server port that the

client was attempting to connect to. For example, if four different hosts within the focus

network attempted to connect with a server IP over port 80 and received a positive

response, then a list of those hosts would be reported under event “00003” and port 80.

Session Analysis

Encrypted Sessions

Dependency Plugins

This list of Plugin IDs, separated by commas, is used to detect encrypted traffic.

Encrypted Sessions

Excluded Network Ranges

This setting defines the list of IPv4 and IPv6 addresses and ports in CIDR notation to

be excluded from monitoring for encrypted traffic. Example:

192.168.1.0/24,2001:DB8::/64,10.2.3.0/22,vlan 172.16.0.0/16,192.168.3.123/32

Interactive Sessions

Dependency Plugins

This list of Plugin IDs, separated by commas, is used to detect interactive sessions.

Interactive Sessions

Excluded Network Ranges

This setting defines the list of IPv4 and IPv6 addresses and ports in CIDR notation to

be excluded from monitoring for interactive sessions. Example:

192.168.1.0/24,2001:DB8::/64,10.2.3.0/22,vlan 172.16.0.0/16,192.168.3.123/32

Syslog

Realtime Syslog Server List

Specifies the IPv4 or IPv6 address and UDP port of a Syslog server to receive real-

time events from the PVS. The field accepts up to 255 characters for the Syslog IP

addresses. A local Syslog daemon is not required. Multiple addresses are separated

by commas. Example: 192.168.1.12:4567,10.10.10.10:514,[2001:DB8::23B4]:514

Vulnerability Syslog Server

List

Specifies the IPv4 or IPv6 address and UDP port of a Syslog server to receive

vulnerability data from PVS. The field accepts up to 255 characters for the Syslog IP

addresses. A local Syslog daemon is not required. Multiple addresses are separated

by commas. Example: 192.168.1.12:4567,10.10.10.10:514,[2001:DB8::23B4]:514

While PVS may display multiple log events related to one connection, it

will only send a single event to the remote Syslog server(s).

1 2 ... 41 42 43 44 45 46 47 48 49 50 51 ... 78 79

Commentaires sur ces manuels

Pas de commentaire

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guide de l'utilisateur Page 46

Commentaires sur ces manuels

Produits connexes et manuels pour Logiciel Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0