Nessus scanner

Integration version: 9.0

Configure Nessus scanner to work with Google Security Operations SOAR

Generate API Key

  1. In Nessus click Settings in the top navigation bar, and the About Page will appear.
  2. In the left navigation bar, click My Account, and then the My Account page appears.
  3. Click the API Keys tab.
  4. Click Generate. A dialog box appears, confirming your selection to generate a new API key.
  5. Click Generate again, and your new API key will appear.

An API Key consists of an Access Key and a Secret Key. API Keys authenticate with the Nessus REST API (version 6.4 or greater) and pass with requests using the X-ApiKeys HTTP header.

  • API Keys are only provided upon initial generation, therefore it is recommended to store your API keys in a safe location.
  • API Keys cannot be retrieved by Nessus. If you lose your API Key, you must generate a new API Key.
  • Regenerating an API Key will immediately rid of any applications currently using the key.
  • For configuring or launching scans, you can not directly access Nessus scanning APIs, except as permitted as part of enterprise solutions Tenable.sc and Tenable.io.
  • For detailed information on Nessus scanner API keys, see the Nessus Documentation Portal.

Configure Nessus scanner integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Create Scan

Description

Create a new scan in Nessus with a template.

Parameters

Parameter Type Default Value Description
Scan Name String N/A Scan display name.
Scan Template Title String N/A Scan template title value.
Description String N/A Description content.

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result
{
 "dashboard_file": null,
 "scanner_id": 1,
 "last_modification_date": 1548175315,
 "creation_date": 1548175315,
 "user_permissions": 128,
 "owner": "admin",
 "timezone": null,
 "id": 317,
 "description": "",
"Uuid": "template-21bcfdad-2e39-818b-3d52-c52418a107fe29a0c3da8dfc1037",
 "sms": null,
 "shared": 0,
 "type": "public",
 "owner_id": 2,
 "rrules": null,
 "scan_time_window": null,
 "container_id": 0,
 "tag_id": 100,
 "notification_filters": null,
 "default_permisssions": 0,
 "emails": null,
 "name": "test",
 "custom_targets": "1.1.1.1",
 "enabled": true,
 "use_dashboard": false,
 "starttime": null,
 "policy_id": 316
 }

Get Scan Report

Description

Get a full report on the scan results.

Parameters

Parameter Type Default Value Description
Scan Name String N/A Scan display name.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_ succeed True/False is_succeed:False
JSON Result
{
    "info": {
        "control": true,
        "edit_allowed": true,
        "hasaudittrail": true,
        "user_permissions": 128,
        "alt_targets_used": null,
        "targets": "1.1.1.1",
        "uuid": "22fcf2ad-a92f-7019-8f2c-8a07151abf01a66999472d31043b",
        "hostcount": 1,
        "object_id": 258,
        "acls": [{
            "display_name": "admin",
            "name": "admin",
            "owner": 1,
            "type": "user",
            "id": 2,
            "permissions": 128
        }],
        "policy": "AdvancedScan",
        "no_target": null,
        "scanner_name": "LocalScanner",
        "scan_end": 1521367948,
        "status": "completed",
        "scanner_end": 1521367945,
        "timestamp": 1521367948,
        "scan_type": "local",
        "scan_start": 1521367553,
        "folder_id": 100,
        "name": "Nessus",
        "haskb": true,
        "pci-can-upload": false,
        "scanner_start": 1521367553
    },
    "remediations": {
        "num_cves": 5,
        "remediations": null,
        "num_impacted_hosts": 0,
        "num_hosts": 1,
        "num_remediated_cves": 0},
    "vulnerabilities": [{
        "count": 1,
        "severity": 0,
        "plugin_family": "Windows",
        "vuln_index": 109,
        "severity_index": 0,
        "plugin_name": "WindowsTerminalServicesEnabled",
        "plugin_id": 10940
    }],
    "notes": null,
    "compliance": [],
    "hosts": [{
        "info": 80,
        "scanprogresscurrent": 1927,
        "medium": 10,
        "scanprogresstotal": 1927,
        "totalchecksconsidered": 1927,
        "host_index": 0,
        "hostname": "1.1.1.1",
        "numchecksconsidered": 1927,
        "high": 0, "score": 1120,
        "low": 4,
        "severitycount ": {
            "item": [{
                "count": 80,
                "severitylevel": 0
            }]},
        "host_id": 2,
        "progress": "1927-1927/95562-95562",
        "critical": 0,
        "severity": 94
    }],
    "filters": [{
        "control": {
            "regex": "^[0-9]+$",
            "readable_regex": "NUMBER",
            "type": "entry"
        },
        "operators": ["eq", "neq", "match"
                     ],
        "readable_name": "BugtraqID",
        "name": "bid"
    }],
    "comphosts": [],
    "history": [{
        "status": "completed",
        "uuid": "bc951f80-7c2b-745d-f386-b27c95151bf4d6d3fd07a9633969",
        "history_id": 260,
        "creation_date": 1519209387,
        "scheduler": 0,
        "last_modification_date": 1519209860,
        "alt_targets_used": false,
        "type": "local", "owner_id": 2
    }]
}

Get Scan Templates

Description

Get all scan templates from the server.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result
{
    "Templates": [{
        "name": "wannacry",
        "title": "WannaCryRansomware",
        "is_agent": null,
        "unsupported": false,
        "manager_only": false,
        "desc": "RemoteandlocalchecksforMS17-010.",
        "subscription_only": false,
        "uuid": "861a8b95-f04c-40b0-ece6-263b1bec457c09cfc122c9666645"
    }]
}

Get Scans

Description

Fetch a list of existing scans.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
ScriptResult N/A N/A
JSON Result
{
    "Scans":
    [{
        "status": "completed",
        "control": true,
        "uuid": "024f0bff-489f-6677-ea7f-84545c1b4223579810b0b97f6d01",
        "read": true,
        "last_modification_date": 1538656691,
        "enabled": true,
        "creation_date": 1521364372,
        "user_permissions": 128,
        "folder_id": 100,
        "starttime": null,
        "shared": false,
        "owner": "admin",
        "timezone": null,
        "rrules": null,
        "type": "local",
        "id": 279,
        "name": "Nessus-test"
    }]
}

Launch Scan

Description

Launch a scan on the Nessus server.

Parameters

Parameter Type Default Value Description
Scan Name String N/A Scan display name.

Use cases

N/A

Run On

N/A

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result
N/A

Ping

Description

Test Connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result
N/A

Jobs

Launch Scan and get a Report

Description

A job for initiating a scan in Nessus and getting a scan report.

Parameters

Parameter Type Default Value Description
API Root 2 N/A N/A
Access Key 2 N/A N/A
Secret Key 2 N/A N/A
Scan Name 2 N/A N/A
Scan Download Path 2 N/A N/A