Sharing in SecurityCenter
by Ron Meldau
Sharing SecurityCenter® resources can greatly improve productivity. For example, sharing a dashboard built by one insightful employee can save time for dozens of others in their analysis work. You can promote standardization so everyone is generating the same data by sharing scan policies, analyzing the same numbers with common dashboards, ARCs and reports. Shared credentials can avoid time-consuming errors and debugging. Group defined tools can reduce the learning curve for a new user. This article explains what can be shared in SecurityCenter and the many benefits at different levels with shared resources.
Let’s start with the example of a dashboard. Though sharing a dashboard seems simple, there are different ways to share:
- If the users are in the same group, sharing the dashboard will happen automatically.
- If the users are in different groups, sharing can happen with appropriate roles and access privileges.
- If the users are in different organizations or SecurityCenter servers, sharing can occur through an export/import mechanism.
Dashboards are not the only tools that can be shared in SecurityCenter. The following table summarizes resources that can be shared at different levels.
|Sharing Levels||Resources That Can Be Shared||Role||Notes|
|Scans, policies, dashboards, credentials, reports, queries, ARCs, assets, audit files||Any user||Shared automatically by SecurityCenter|
|Scans, policies, dashboards, reports, ARCs, assets, audit files||Any user||To user in another group, organization, SecurityCenter|
|Policies, dashboards, ARCs, assets, audit files||Security Manager, authorized users and roles||Within the same organization|
|Repositories, LCE, scan zones, agents||Administrator||Flexible, depending upon needs and requirements|
|Scan policies, credentials, audit files||Administrator||Shared to all users in SecurityCenter|
|Remote and offline repositories||Administrator||Can share vulnerability information|
Another benefit with sharing is that it reduces the load on the SecurityCenter server by reducing the queries. The object is calculated once even though it may be viewed by dozens of users.
Benefits at each level
The benefits of sharing vary depending upon the shared level.
Between users in the same group
- Collaboration: Sharing increases productivity since everyone on a team can immediately use items built by other team members. This also reduces redundant efforts.
- Avoiding errors: Every team member benefits from the debugging performed on shared resources.
- Quicker start-up: New team members can use common resources without having to craft their own; common tools are also already tested and run correctly.
- Efficiency of dashboards: Dashboards shared at the group level are calculated once and populated everywhere. This reduces the load on a busy SecurityCenter.
- Information sharing: Changes are seen by all sharing groups and team members.
User to user direct
You can share directly between users by exporting and importing the specific object. This is possible even when a user is in a different group, organization, and even a separate SecurityCenter. However, export/import sharing has some disadvantages:
- The imported dashboards put more load on SecurityCenter because they are calculated separately.
- Changes and updates are not passed on.
- The sharing steps become more labor-intensive with embedded queries and asset lists.
Sharing between groups allows all the users in other groups to make use of the designated resources. It also extends all the benefits of intra-group sharing as listed above (Between users in the same group).
Sharing between multiple organizations within one SecurityCenter installation usually occurs in larger deployments. Typically, departments and divisions across a large organization share repositories, LCE, and scan zones. One example could be all divisions in a company sharing their vulnerability data with an audit team to facilitate oversight.
Across a SecurityCenter
Sharing with all users in one SecurityCenter installation is a unique capability available to the administrator. He or she can define only three resources: scan policies, credentials, and audit files. These resources will be available but unchangeable to all users, groups and organizations which provides consistency to all involved. For example, a compliance scan can be defined by the administrator and used by everyone.
Between SecurityCenter servers
For customers that that have multiple SecurityCenter servers, repositories can be shared between them for vulnerability analysis. For example, multiple divisions may run their own SecurityCenter implementations, but headquarters has repositories shared to it for global security assessment.
Here are some tips to remember when setting up sharing privileges.
- Report sharing occurs uniquely with users and not groups. When setting up a group’s shared resources, reports are not an option.
- When exporting a dashboard, report or ARC, a dialogue will ask how to handle embedded queries and asset lists. If you choose Keep All References, you need to make the asset list or query available. You have two other approaches available.
- Shared dashboards show up in Manage Dashboards. They are not visible with the Switch Dashboard action until they are selected by clicking on the pin icon. ARCs also behave this way.
- When sharing between groups, the owner can share the object to another group.
- Any user in the group can make a copy of a resource shared to them and then share the copy with others.
- In a group with many users, sharing can become overwhelming when too many items are listed in SecurityCenter. Use the filter in the upper right of the screen to limit visible entries. For example, limit the view by name or owner:
- Scan results can be shared by choosing Download (export), Email, or Send to Report. The download is a zipped .nessus file. Send to Report produces a PDF.
- Outside scan results from Nessus® and other tools can be shared by importing into SecurityCenter.
- Report results can be shared by selecting Publish, Email or selecting users with SecurityCenter.
- The location of the import file function varies by resource type. For example, importing an audit file is found in Scans > Audit files > Add > Advanced > Audit file - Choose File.
- Dashboards shared Between groups do not provide drill down, editing, sharing, and copy capabilities to the recipients.
If sharing is not working as you expected, you can “debug” by double checking these items:
- Owner of the object: Who is the owner of the object?
- User definition: In each user's definition, under Group Permissions, sharing permissions are turned on by selecting Manage Objects. This is specified by group name.
- Role: What role does the user have? Are Share Objects Between Groups and Manage Group Relationships turned on?
- Group definition: The second tab of the group definition defines what each user in the group receives by default.
Sharing resources in SecurityCenter can be extremely powerful by providing users with the data and tools they need. The intricacies of many of those sharing facilities has been discussed in this posting.