I see the SIEM supports Nessus logging in the approved vendor list. When I try to add our Nessus server as a data source, there is no option in the drop=down list for Nessus as a vendor. Could someone please assist me in getting our Nessus server to send logs to the Siem?
Nessus, like all VA data sources, is added as a Vulnerability Assessment source. You'll find the Vulnerability Assessment tab under the Asset Manager (one of the gold-colored icons, top-right corner).
You have several options for importing the Nessus results: NFS, CIFS, FTP, SCP. The required parameters vary depending on what you select here. You'll find descriptions of the various fields in the online help associated with the "Add Vulnerability Assessment Source" dialog.
According to our pen test guy, Nessus deprecated the .nbe format at the last update in December of 2014. As a result the connector with Nitro using the .nbe format no longer works and you have to output the data in .xml
My in-house compliance/pen test guy who manages both Nessus and Nexpose for our enterprise says that the arrangement with Nessus is labor intensive. He outputs a quarterly report into a network share that the SIEM has rights to. He said he also has to change permissions on the file/report to give the SIEM service account rights to it as well or the SIEM won't import the data.
This was done before I was involved, so I'm not sure as to why there are all these gyrations to get it to work. However, it does work, so I have to assume there's some rationale behind it.