Integrating with Nessus scanner
Integration with the Nessus scanner allows you to download and import vulnerability scans automatically, without any need for exporting the scans from Nessus or manually importing the scans into TrueSight Vulnerability Management. After the scans are downloaded and imported, assets and vulnerabilities are auto mapped automatically.
- Currently, scanner connections are only possible with the Tenable Security Center. Tenable is the creator of the Nessus Vulnerability scanner.
- When importing scans from Tenable Security Center, only "active scans" are supported. Scans imported from Nessus Agents through Nessus Manager are not supported.
This topic describes how to establish a connection with the Nessus scanner and configure the connection for auto importing scans and mapping assets and vulnerabilities.
Before you begin
At least one of the Data Refresh users currently being used for watching the connectors must be associated with the corresponding security group that is imported into TrueSight Vulnerability Management. Nessus integration utility searches for the Data Refresh users in the system. As soon as a Data Refresh user with an associated security group is found, it is used for the Nessus Integration utility. For information about configuring a Data Refresh user, see Configuring a Data Refresh profile.
Establishing a connection with the Nessus scanner for importing and mapping
To download and import scans, and then map assets and vulnerabilities automatically, a connection must be established with the Nessus scanner. When you establish the connection, by default, all the scans available on the Nessus scanner which the specified user has access to and which are generated in the last 100 days are imported. However, you can modify the number of days in the past upto which the scans should be downloaded for the first time and for the subsequent runs of the Nessus integration utility.
You can also schedule how often scans are downloaded and imported. You can search for particular scans to import, and you can also establish filters that limit the scan data that is actually imported from the overall set of scans you have selected to import. Before each subsequent run, the utility purges the scan files that were downloaded as part of the previous run.
To establish a connection with the Nessus scanner
(Optional) Change the directory in which you want the scans to be downloaded.
By default, scans are downloaded in the <TSVM_INSTALL_DIR>/application/app/utilities/data/ScannersIntegration/downloads directory.
- (Optional) Customize the download and import process.
On the application computer, navigate to the <TSVM_INSTALL_DIR>/application/app/utilities/input/ScannersIntegration directory and run the following command:
docker exec -it truesight-app-utilities /bin/bash -c "cd ScannersIntegration;python scanner-connection.py"
When prompted, enter the URL needed to contact the Nessus scanner in the following format: <protocol>://<NessusServerHostName>:<portNumber>, and press Enter. For example, https://host.calbroservices.com:8443.
- Enter the user name who has access to scans and permission to export scans, and press Enter.
- Enter password for the user.
If the user name and password are correct, by default, scans generated in the last 100 days are downloaded in a .zip file in the <TSVM_INSTALL_DIR>/application/app/utilities/data/ScannersIntegration/downloads directory.
After scans are downloaded, import and mapping process starts. You can view the progress of the process in the execution.log file, which is located in the <TSVM_INSTALL_DIR>/application/app/utilities/logs/ScannersIntegration directory. The imported scans appear on the Import page with the following name: <scanResultName>_<scanResultId>.nessus. Before each subsequent run of the utility, the utility purges the scan files that were downloaded as part of the previous run.
Changing the default location of scans
By default, scans are downloaded in the <TSVM_INSTALL_DIR>/application/app/utilities/data/ScannersIntegration/downloads directory. However, you can change the directory in which scans should be downloaded by modifying the .env file.
To change the default download location of scans
On the application computer, open the .env file with a text editor.
This file is located in the <TSVM_INSTALL_DIR>/application/app/utilities directory.
.env file is a hidden file. To display the file, run the following command:
The contents of the file looks like as follows:
DEPLOYMENT=default SCAN_FILE_DOWNLOAD_DIR=./data/ScannersIntegration/downloads INSTALL_DIR=/opt/bmc/truesight/application IS_ALL_PRODUCTS=False
- Set the value of the
SCAN_FILE_DOWNLOAD_DIRproperty to the directory in which you want to download the scans.
- Save the file.
Navigate to the <TSVM_INSTALL_DIR>/truesight-sm directory and run the following commands to stop and start the truesight-app-utilities container:
python truesight-sm.py stop --deployment application -–components utilities python truesight-sm.py start --deployment application -–components utilities
Customizing the download and import process
You can customize the download and import process for various parameters, such as import frequency and the scans to import by using the scannerIntegration.properties file.
To customize the download and import process
- On the application computer, navigate to the <TSVM_INSTALL_DIR>/application/app/utilities/input/ScannersIntegration directory.
- Open the scannerIntegration.properties file with a text editor.
Set the values of the following properties:
Property Description Default nessus.scan.enabled Specify whether to enable the integration with the Nessus scanner. Valid values are true and false. On first run of the Nessus integration utility, value of this property is automatically set to true. false nessus.importIntervalInHours Specify the frequency of the import process. Provide the interval in hours at which scans results should be imported. The frequency can range from 12 to 24 hours. Before each subsequent run, the utility purges the existing scan files that were downloaded as part of the previous run. 12 nessus.daysToScanResultsFirstRun Specify the number of days in the past upto which scan results should be imported on the first run as soon as Nessus integration is enabled. 100 nessus.daysToScanResults Specify the number of days in the past upto which scan results should be imported on subsequent runs. 1 means data for today and yesterday will be imported. 0 means data for today will be imported. 1 nessus.scanNames Specify the comma-separated list of scan names that you want to import. Important: Scan name is the name that you provide while creating the scan definition in the Nessus scanner. All import.targetOS Specify a comma-separated list of operating systems for which you to import the scan results. Default is Linux,Windows,Others that means all operating systems. If you are importing scans for networking devices, be sure to specify Others. Networking devices are not always associated with an operating system. If you are importing scans for SuSE servers, be sure to specify both Linux and Others. Linux,Windows,Others import.severityLevels
Specify a comma-separated list of severity levels of vulnerabilities for which to import the scan results.
Qualys, Nessus, and Rapid7 use different scoring for severity levels. Qualys uses scores of 1-5. Nessus uses scores of 0-4. Rapid7 uses scores of 1-10. To maintain consistency, BMC increases the Nessus severity levels by one (so they become 1-5) and maps the ten Rapid7 severity levels to five levels.
Severity 1,Severity 2, Severity 3,Severity 4, Severity 5 import.IPRange Specify an IP Address range (in CIDR format) of devices for which to download the scan results. Use the IPv4 format when entering addresses. For example, you could enter a range like 172.22.238.127/32. You can also enter a comma-separated list of multiple IP address ranges. To allow all addresses, enter 0.0.0.0/0. 0.0.0.0/0
- Save the file.
Editing the connection to the Nessus scanner
On the application computer, run the following command to navigate to the truesight-app-utilities container:
docker exec -it truesight-app-utilities /bin/bash
Navigate to the ScannersIntegration directory and run the following command:
- When prompted, enter the URL needed to contact the Nessus scanner, and press Enter.
- Enter the user name with access to scans and permission to export scans, and press Enter.
- Enter password for the user.
Exit the truesight-app-utilities container using the