cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 10

SIEM and Nessus

Hello

I see the SIEM supports Nessus logging in the approved vendor list. When I try to add our Nessus server as a data source, there is no option in the drop=down list for Nessus as a vendor. Could someone please assist me in getting our Nessus server to send logs to the Siem?

9 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 10

Re: SIEM and Nessus

Nessus, like all VA data sources, is added as a Vulnerability Assessment source.  You'll find the Vulnerability Assessment tab under the Asset Manager (one of the gold-colored icons, top-right corner).

Scott

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 10

Re: SIEM and Nessus

Thanks Scott!

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 10

Re: SIEM and Nessus

Scott

Is ther any docs on configuring the Nessus settings in the SIEM? It is asking for a Mount Directory and a Export Scan Directory. I assume the Method is NFS. Thanks

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 10

Re: SIEM and Nessus

You have several options for importing the Nessus results: NFS, CIFS, FTP, SCP.  The required parameters vary depending on what you select here.  You'll find descriptions of the various fields in the online help associated with the "Add Vulnerability Assessment Source" dialog.

Scott

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 10

Re: SIEM and Nessus

This used to work with older versions of Nessus.  I notice that it no longer works  Nessus  6.3 and ESM  9.5.   Now getting error parsing.

penoffd
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 10

Re: SIEM and Nessus

According to our pen test guy, Nessus deprecated the .nbe format at the last update in December of 2014.  As a result the connector with Nitro using the .nbe format no longer works and you have to output the data in .xml

Former Member
Not applicable
Report Inappropriate Content
Message 8 of 10

Re: SIEM and Nessus

Thanks for this. Not sure how to have all reports automatically save as an XML.

penoffd
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 10

Re: SIEM and Nessus

My in-house compliance/pen test guy who manages both Nessus and Nexpose for our enterprise says that the arrangement with Nessus is labor intensive.  He outputs a quarterly report into a network share that the SIEM has rights to. He said he also has to change permissions on the file/report to give the SIEM service account rights to it as well or the SIEM won't import the data.

This was done before I was involved, so I'm not sure as to why there are all these gyrations to get it to work.  However, it does work, so I have to assume there's some rationale behind it.

Former Member
Not applicable
Report Inappropriate Content
Message 10 of 10

Re: SIEM and Nessus

When Nessus is added as a VA source, what is done with the synced data?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community