Home Esplora Aiuto
Registrati Accedi
AFS
/
infrastructure-notes
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Mor Notes for 2day

Brad Poulton 4 anni fa
parent
7af4b0be09
commit
c5eff34045
3 ha cambiato i file con 27 aggiunte e 5 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 0
      Customer Decommision Notes.md
  2. 2 1
      Phantom Upgrade Notes.md
  3. 24 4
      Tenable Notes.md

+ 1 - 0
Customer Decommision Notes.md
Vedi File 

@@ -54,6 +54,7 @@ Update TF code and remove whitelisted SG IPs and/or rules to remove access from
 
 
 - Commit the changes to the xdr-terraform-live repo and get merged into master 
 - After changes have been merged in git, apply the changes to remove the IPs from the security groups and the AWS account from transit gateway
 
+    - prod/aws-us-gov/mdr-prod-c2/275-nessus-security-managers
 
     - prod/aws-us-gov/mdr-prod-c2/205-customer-portal-lambda
 
     - prod/aws-us-gov/mdr-prod-c2/160-splunk-indexer-cluster
 
     - prod/aws-us-gov/mdr-prod-c2/095-instance-sensu

+ 2 - 1
Phantom Upgrade Notes.md
Vedi File 

@@ -40,7 +40,7 @@ Be sure you have enough space!
 
 
 ## Prep 
 
-Calendar Invite for PROD Phantom Upgrade
 
+Calendar Invite for PROD Phantom Upgrade. Coordinate with James Kerr and Greg Rivas for a time that works with the SOC.
 
 
 Required:
 
 ```
 
@@ -61,6 +61,7 @@ Current version:
 
 New version:
 
 
 Reason for upgrading: 
+<PUT REASONS HERE>
 
 ```
 
 
 Post to xdr-soc

+ 24 - 4
Tenable Notes.md
Vedi File 

@@ -1,11 +1,20 @@
 
 # Tenable Security Center Notes.md
 
 
-## Setup
 
-See https://community.tenable.com/s/article/SSH-Public-Key-Authentication. The private key for svc-scan is not in Vault because if you lose/need it, just generate a new one and push it out. 
 
+## Service
 
+`systemctl status SecurityCenter`
 
+
 
+## Log location
 
+/opt/sc/admin/logs
 
+/opt/sc/support/logs
 
+
 
+## General Setup
 
+
 
+### svc-scan
 
+See https://community.tenable.com/s/article/SSH-Public-Key-Authentication. The private key for svc-scan is not in Vault because if you lose/need it, just generate a new one and push it out. 
 
 
-## Add Custom CAs
 
+### Add Custom CAs
 
 
 See https://community.tenable.com/s/article/Upload-a-Custom-CA-certificate-custom-CA-inc-to-Tenable-sc-Formerly-SecurityCenter
 
 
@@ -119,7 +128,18 @@ Create a compressed tar archive of the 2 files: (Note: Applications such as 7-Zi
 
 
 # Tenable Nessus Manager Notes
 
 
-Use admin creds
 
+Nessus manager is just a Nessus installation that includes the agent handler. 
+
 
+## setup
 
+`systemctl status nessusd`
 
+
 
+Use admin user to login ( shared cred in Vault )
 
+
 
+## Agent setup
 
+
 
+`systemctl status nessusagent`
 
+
 
+The agent key is generated and viewable in the Nessus Manager.
 
 
 Scans are run and then sent to SC. The Agent Synchronization Job on SC syncs the plugins and other data. The Agent scans syncs the scan data. Is this correct?