0 Replies Latest reply: Jun 19, 2017 9:13 AM by scinmd RSS

SecurityCenter Sharing

scinmd Novice

Sharing  in SecurityCenter

by Ron Meldau

 

Sharing SecurityCenter® resources can greatly improve productivity.  For example, sharing a dashboard built by one insightful employee can save time for dozens of others in their analysis work.   You can promote   standardization so everyone is generating the same data by sharing scan policies, analyzing the same numbers with common dashboards, ARCs and reports.  Shared credentials can avoid time-consuming errors and debugging.  Group defined tools can reduce the learning curve for a new user. This article explains what can be shared in SecurityCenter and the many benefits at different levels with shared resources.

 

Let’s start with the example of a dashboard. Though sharing a dashboard seems simple, there are different ways to share:

  • If the users are in the same group, sharing the dashboard will happen automatically.
  • If the users are in different groups, sharing can happen with appropriate roles and access privileges.
  • If the users are in different organizations or SecurityCenter servers, sharing can occur through an export/import mechanism.


Dashboards are not the only tools that can be shared in SecurityCenter. The following table summarizes resources that can be shared at different levels. 


Sharing LevelsResources That Can Be SharedRoleNotes
  1. Between users in the same group
Scans, policies, dashboards, credentials, reports, queries, ARCs, assets, audit filesAny userShared automatically by SecurityCenter
  1. User to user direct (export/import)
Scans, policies, dashboards, reports, ARCs, assets, audit filesAny userTo user in another group, organization, SecurityCenter
  1. Between groups
Policies, dashboards, ARCs, assets, audit filesSecurity Manager, authorized users and rolesWithin the same organization
  1. Between organizations
Repositories, LCE, scan zones, agentsAdministratorFlexible, depending upon needs and requirements
  1. Across a SecurityCenter server
Scan policies, credentials, audit filesAdministratorShared to all users in SecurityCenter
  1. Between SecurityCenter servers
Remote and offline repositoriesAdministratorCan share vulnerability information


Another benefit with sharing is that it reduces the load on the SecurityCenter server by reducing the queries.  The object is calculated once even though it may be viewed by dozens of users.

Benefits at each level

The benefits of sharing vary depending upon the shared level.

Between users in the same group

 

  • Collaboration: Sharing  increases productivity since everyone on a team can immediately use items built by other team members. This also reduces redundant efforts.
  • Avoiding errors:  Every team member benefits from the debugging performed on shared resources.
  • Quicker start-up: New team members can use common resources without having to craft their own; common tools are also already tested and run correctly.
  • Efficiency of dashboards: Dashboards shared at the group level are calculated once and populated everywhere.  This reduces the load on a busy SecurityCenter.
  • Information sharing: Changes are seen by all sharing groups and team members.

User to user direct

You can share directly between users  by exporting and importing the specific object.  This is possible even when a user is in a different group, organization, and even  a separate SecurityCenter.  However, export/import sharing has some disadvantages: 

  • The imported dashboards put more load on SecurityCenter because they are calculated separately.
  • Changes and updates are not passed on. 
  • The sharing steps become more labor-intensive  with embedded queries and asset lists.

Between groups

Sharing between groups allows all the users in other groups to make use of the designated resources.  It also extends all the benefits of intra-group sharing  as listed above (Between users in the same group).

Between organizations

Sharing between multiple organizations within one  SecurityCenter installation usually  occurs  in larger deployments. Typically, departments and divisions across a large organization share repositories, LCE, and scan zones.    One example could be all divisions in a company sharing their vulnerability data with an audit team to facilitate oversight.  


Across a SecurityCenter

Sharing with all users in one  SecurityCenter installation is a unique capability available to the administrator.  He or she can define only three resources: scan policies, credentials, and audit files.  These resources  will be available but unchangeable to all users, groups and organizations which provides consistency to all involved. For example, a compliance scan can  be defined by the administrator and used by everyone. 

Between SecurityCenter servers

For customers that that have multiple SecurityCenter servers, repositories can be shared between them for vulnerability analysis.  For example, multiple divisions may run their own SecurityCenter implementations, but headquarters has repositories shared to it for global security assessment.

Tips

Here are some tips to remember when setting up sharing privileges.

  • Report sharing occurs uniquely with users and not groups. When setting up a group’s shared resources, reports are not an option.
  • When exporting a dashboard, report or ARC, a dialogue will ask how to handle embedded queries and asset lists.  If you choose Keep All References, you need to make the asset list or query available. You have two other approaches available.

  • Shared dashboards show up in Manage Dashboards. They are not visible with the Switch Dashboard action until they are selected by clicking on the pin icon.  ARCs also behave this way.
  • When sharing between groups, the owner can share the object to another group.
  • Any user in the group can make a copy of a resource shared to them and then share the copy with others.
  • In a group with many users, sharing can become overwhelming when too many items are listed in SecurityCenter.  Use the filter in the upper right of the screen to limit visible entries. For example, limit the view by  name or owner:



  • Scan results can be shared by choosing Download (export), Email, or Send to Report. The download is a zipped .nessus file. Send to Report produces a PDF.
  • Outside scan results from Nessus® and other tools can be shared by importing into  SecurityCenter.
  • Report results can be shared by selecting Publish, Email or selecting users with SecurityCenter.
  • The location of the import file function varies by resource type.  For example, importing an audit file is found in Scans > Audit files > Add > Advanced > Audit file - Choose File.
  • Dashboards shared Between groups do not provide drill down, editing, sharing, and copy capabilities to the recipients.

Troubleshooting

If sharing is not working as you expected, you can “debug” by double checking these items:

  • Owner of the object:  Who is the owner of the object? 
  • User definition:  In each user's definition, under Group Permissions, sharing permissions are turned on by selecting Manage Objects.  This is specified by group name.
  • Role:  What role does the user have?  Are  Share Objects Between Groups and Manage Group Relationships turned on?
  • Group definition:  The second tab of the group definition defines what each user in the group receives by default.

Summary

Sharing resources in SecurityCenter can be extremely powerful by  providing users with the data and tools they need.  The intricacies of many of those sharing facilities has been discussed in this posting.