3D Tool Examples

Dave Breslin (@ Tenable Discussions Forum)

Tenable Documentation3D Tool 2.0 User Guide3D Tool 2.0 Quick Start Guide

TopologyTopology derived from Nessus traceroute dataConsider creating a user in SecurityCenter just for use

with the 3D ToolFilter a SecurityCenter traceroute query by address to

control the areas of your network to render

Nessus Traceroute Plugin 10287

SC Host Query

IP Topology Configuration

(Create a login first, see 3D Tool 2.0 Quick Start Guide->Step 4)

Topology Rendering for Host

Network Topology Rendering

(Use another SecurityCenter 10287 query not filtered on a single host)

Internet Facing ServicesUse 3D Tool “Modifiers” to highlight Internet facing

servicesHosts will have raised bars representing counts for

Internet facing servicesIts important to understand where host services are

exposed to the Internet when prioritizing vulnerabilitiesUse PVS plugin 14, “Accepts External Connections”Use existing network topology demonstrated in previous

slide

PVS Plugin 14

SC Plugin 14 Query

Modifier (PVS Plugin 14)

(3D Tool 2.0 User Guide -> Modifiers -> Count List)

Ensure to use “Total Vulns” from the Internet Facing Services SecurityCenter Query

Internet Browsing ServicesUse a “Count List” Modifier like the previous Internet

Facing Services exampleHosts will have raised bars representing counts for

services they connect to on the InternetIts important to understand where hosts reach out to the

Internet when prioritizing “client” vulnerabilitiesClient vulnerabilities are detected by PVS and Nessus

when using credentialed scansUse PVS plugin 16, “Outbound external connection”

PVS Plugin 16

Port 21 FTP ConnectionsUse a “Connections List” ModifierShow connection line for hosts that connect to port 21Dark shaded side of a connection line will highlight a host

that makes a connection to port 21White shaded side of a connection line will highlight a

host that provides a service on port 21Its important to understand on a network where services

are provided and usedUse PVS plugin 3, “Internal client trusted connection”

PVS Plugin 3

SC Query FTP Connections

Modifier (PVS Plugin 3)

(3D Tool 2.0 User Guide -> Modifiers -> Connections List)

Nessus Versus PVS VulnsUse two “Count List” ModifiersHosts will have bars on top of them representing Nessus

vulnerability countsHosts will have bars below them representing PVS

vulnerability countsIts important to look for potential gaps in coverageNessus gaps might be caused by unscanned service ports,

infrequent host scanning or lack of credentialed scanningPVS gaps might be caused by configuration errors,

network visibility issues or poor operations management

SC Vuln Queries

Consider filtering out info and low severity rated vulnerabilities

Modifiers (Vulnerability Counts)

(3D Tool 2.0 User Guide -> Modifiers -> Count List)

Ensure to use “Total Vulns” from both queries