cancel
Showing results for 
Search instead for 
Did you mean: 
gsween
Level 7
Report Inappropriate Content
Message 1 of 10

SIEM and Nessus

Hello

I see the SIEM supports Nessus logging in the approved vendor list. When I try to add our Nessus server as a data source, there is no option in the drop=down list for Nessus as a vendor. Could someone please assist me in getting our Nessus server to send logs to the Siem?

9 Replies
staschler
Level 13
Report Inappropriate Content
Message 2 of 10

Re: SIEM and Nessus

Nessus, like all VA data sources, is added as a Vulnerability Assessment source.  You'll find the Vulnerability Assessment tab under the Asset Manager (one of the gold-colored icons, top-right corner).

Scott

gsween
Level 7
Report Inappropriate Content
Message 3 of 10

Re: SIEM and Nessus

Thanks Scott!

gsween
Level 7
Report Inappropriate Content
Message 4 of 10

Re: SIEM and Nessus

Scott

Is ther any docs on configuring the Nessus settings in the SIEM? It is asking for a Mount Directory and a Export Scan Directory. I assume the Method is NFS. Thanks

staschler
Level 13
Report Inappropriate Content
Message 5 of 10

Re: SIEM and Nessus

You have several options for importing the Nessus results: NFS, CIFS, FTP, SCP.  The required parameters vary depending on what you select here.  You'll find descriptions of the various fields in the online help associated with the "Add Vulnerability Assessment Source" dialog.

Scott

Re: SIEM and Nessus

This used to work with older versions of Nessus.  I notice that it no longer works  Nessus  6.3 and ESM  9.5.   Now getting error parsing.

penoffd
Level 10
Report Inappropriate Content
Message 7 of 10

Re: SIEM and Nessus

According to our pen test guy, Nessus deprecated the .nbe format at the last update in December of 2014.  As a result the connector with Nitro using the .nbe format no longer works and you have to output the data in .xml

docdriza
Level 10
Report Inappropriate Content
Message 8 of 10

Re: SIEM and Nessus

Thanks for this. Not sure how to have all reports automatically save as an XML.

penoffd
Level 10
Report Inappropriate Content
Message 9 of 10

Re: SIEM and Nessus

My in-house compliance/pen test guy who manages both Nessus and Nexpose for our enterprise says that the arrangement with Nessus is labor intensive.  He outputs a quarterly report into a network share that the SIEM has rights to. He said he also has to change permissions on the file/report to give the SIEM service account rights to it as well or the SIEM won't import the data.

This was done before I was involved, so I'm not sure as to why there are all these gyrations to get it to work.  However, it does work, so I have to assume there's some rationale behind it.

docdriza
Level 10
Report Inappropriate Content
Message 10 of 10

Re: SIEM and Nessus

When Nessus is added as a VA source, what is done with the synced data?