The Tenable Passive Vulnerability Scanner is used to monitor network traffic in real-time. It produces an accurate vulnerability report and produces a real-time forensic log of network events such as shared files, DNS lookups and social network activity.

Tenable's research team is constantly updating the Passive Vulnerability Scanner's set of real-time protocol analyzers. Currently, the following types of protocols are supported for real-time forensic logging:

• DNS lookups and lookup failures
• FTP GET and PUT network events
• HTTP file transfers and search engine submissions
• NFS file sharing
• Social networking activity such as Facebook and Twitter
• SQL queries
• SMB file sharing (Windows file sharing) of office documents

When these logs are sent to the Tenable Log Correlation Engine, they are available for many types of correlation and alerting activities. For example, when PDF files are observed being downloaded from the Internet, reputation of the source IP address is analyzed for any malicious history. User IDs can be tracked to see which files and systems they have been accessing. Botnets and misconfigured systems that make many DNS queries that fail can also easily be identified with these types of logs.

Passive network analysis allows for rapid identification of systems that share files. These systems can be further scanned by Tenable Nessus for specific audits of the disk drive content to search for credit cards, Social Security numbers and other potentially sensitive data.

The Tenable Passive Vulnerability Scanner also uses network content analysis to audit your network. This includes real-time identification of vulnerabilities as well as collection of system data. Some very interesting audit points that are collected in real-time include:

• Collection of email addresses from email servers
• Expired SSL certificates
• Port independent discovery of any web server
• Web user-agent summary reporting
• Passive discovery of DNS and NetBIOS names
• Passive auditing of client side email, web and chat applications
• Services that are encrypted

Real-time network content analysis with the Tenable Passive Vulnerability Scanner provides instant analysis of what is connected to your network and also provides a real-time forensic audit trail of network activity.