Tenable's Nessus is an on premise vulnerability scanner designed to make vulnerability scanning easy and simple. Use the Nessus API Importer to ingest your Nessus vulnerability scan information into Kenna to assist you in reducing risk across your environment. The Nessus API Importer is a generic Importer designed to import data from Tenable Nessus, or Tenable.io.
Important: We strongly suggest using the Tenable.io connector with Tenable.io data instead of using the Nessus API Importer. The benefits of this connector include the following:
For information on the differences between the two connectors, please see the Nessus API Importer vs Tenable.io Connector Comparison Chart. If you currently use the Nessus API Importer connector today and want to migrate to use the Tenable.io connector, please contact your CX representative or Support for recommended approach. |
User Prerequisites/Tenable Importer Connector Setup
-
Access Key & Secret Key
-
Access to the Tenable.io API
-
*If you are using on-premise Tenable Nessus, you will need to have the Virtual Tunnel or Kenna Agent deployed within your network.
Configuring the Tenable Importer in Kenna
Once you’ve selected the Nessus Importer from the Connectors page, the following screen will appear.
-
Enter a name for the connector
-
Enter the Access Key & Secret Key (Username and Password will be deprecated by Tenable as announced around 09/2020) for the service account you wish to leverage.
-
Enter the Host information for your scanner. When entering the host IP and port, there is no need to prefix with https:// as it is not required (cloud.tenable.com:443)
-
Select which scans you would like to import. (The Scan List box will populate after you enter the Access and Secret Keys as well as the Host information.
-
Select the frequency at which you want to run your Kenna Nessus Importer connector
-
**If you are using Tenable Nessus, please check either “Use Kenna Virtual Tunnel” or “Use Kenna Agent” depending on which is deployed in your environment.
-
Save and Verify
What Tenable items are synced with Kenna items?
plugin_name |
Name |
|
plugin_id |
Identifier (Vulnerability) |
|
plugin_description |
Description |
+'seeAlso' + ‘Related CVE IDs’ + 'Related BugTraq IDs' + 'Other Security Standard Reference IDs' |
plugin_solution + plugin_output |
Solution/Fix |
|
patch_publication_date |
Fix Published |
|
severity |
scanner_score |
(1-10) Informational - 1 |
status (default = open) |
Vulnerability Status |
Only maps open/closed vulnerabilities. We will autoclose any vulnerability not seen on the next connector import (by the same connector). |
vuln > output |
Details / Synopsis |
|
cves |
CVE |
|
vuln > port |
Ports |
|
last_found |
Last Seen |
|
first_found |
Found On |
|
N/A |
Created |
Date the vulnerability was first imported to Kenna. Not mapped to a scanner field. |
operating_system |
OS |
|
host_uuid |
external_id |
|
host-fqdn |
hostname |
|
host-ip |
ip_address |
|
mac-address |
MAC_address |
|
netbios-name |
NetBios |
|
Tags |
Tags |
All of these items are converted to tags within Kenna. |
*Please note that for the XML Connector, there will not be any Tags imported.
What Tenable items are turned into Kenna Tags?
The following metadata from Tenable will be converted into tags within Kenna. These tags can be used during search queries or to create Risk Meter groups.
-
Tags
-
Asset Groups
Vulnerability Date Information
Within Kenna you will notice several dates in the Vulnerabilities tab. When importing your Tenable data the following criteria are used to populate those date fields.
-
“Found” within Kenna is when the scanner first found the vulnerability
-
“Last Seen” within Kenna is the most recent date the Tenable scanner found the vulnerability
-
“Created” within Kenna is the date the vulnerability was first imported to Kenna
Optional Settings
The following settings can be enabled on the backend for Tenable Importer connectors. To get these settings enabled or for more information, please contact Support, or your Customer Success Engineer.
-
Incremental Imports (Tenable.io only)
-
If you’d like to only import the data that has changed since the last time we’ve run the connector, please ask your CS team or Support to enable incremental imports. This will help with connector run time, as we are no longer asking for all data, but rather just the data that has changed since our last run. (Note: For the first run of a new connector, we will need to conduct a full import, even if this is enabled.)
-
-
Ignore Scanner Last Seen Time
-
If you do not want the asset last seen time in Kenna to be the scanner reported last seen time.
-
-
Skip Tags
-
This setting will allow you to NOT create any Tags within Kenna based on the Tenable Nessus Scan metadata.
-
-
Tenable Skip Tags
-
This setting will allow you to NOT create any Tags within Kenna based on the Tenable.io Scan metadata.
-
-
Tag Reset
-
This setting will assist in keeping your Tenable metadata in sync with Kenna. Each time the connector is run, ALL tags within Kenna will be removed and the Tenable tag metadata re-created.
-
If you have created any manual tags OR any tags were created off of metadata from other connectors that tag info will be removed and will be refreshed once those other connectors are rerun.
-
How Many times the Connector Tries:
-
Once you've kicked off the connector, Kenna will invoke the scan Export up to 3 times, pausing 1 second in-between each try.
-
Attempt the scan Download up to 180 times, pausing 60 seconds in-between each try.
-
If the data is not finished processing, and we are unable to download the scan report into Kenna after these tries, the connector will automatically fail and will not restart until the next scheduled connector run. A manual run can be kicked off from inside the Kenna Instance by Admins.
API Calls:
-
…/policies
-
…/scans
-
…/scans/{scan_id}/export
-
…/scans/{scan_id}/export/{file_id}/download
-
…/scans/{scan_id}/history
-
…/assets/{asset_uuid} && fetch ‘tags'
Additional Assistance:
Please contact Kenna Support should you require any additional assistance with the Nessus Importer.
Comments
Please sign in to leave a comment.