Tenable Nessus/Tenable.io Connector Guide

Summary: How to set up and use the Nessus/Tenable.io connector in Ivanti Neurons RBVM/ASOC/VULN KB.

Overview

Tenable® Nessus® is a widely deployed vulnerability scanner that can help detect malware and identify asset and asset configuration vulnerabilities. The Ivanti Neurons RBVM/ASOC/VULN KB platform supports client connector configurations to provide scheduled uploads of Tenable Nessus vulnerability scan output. The Neurons RBVM/ASOC/VULN KB Integrations page records and displays the last time data from the Tenable Nessus connector was uploaded.

When data is pulled from a specific scanner connector, it uploads the last 30 days of scan data into the Neurons RBVM/ASOC/VULN KB platform. This is a default setting that cannot be adjusted. Once the data has been pulled, it is automatically added to the default group. As a reminder, if the data already exists in the platform, it will automatically be moved to the specific group.

Obtaining Vendor API Keys for Authentication

Using the Tenable Nessus connector requires users to have an API key. Depending on the scanner in use, you will need either a Tenable.io or Nessus API key.

Generating API keys for the Tenable.io Scanner

Tenable.io keys can be created/generated from Options in Tenable.io’s scanner dashboard.

To generate API keys compatible with the Neurons RBVM/ASOC/VULN KB connector, your user account in Tenable.io must have the role of Basic or higher with the ability to view and configure scan results.

First, log in to the Tenable.io scanner dashboard and open the My Account menu by clicking your name/user icon.

Nessus Connector - Options Menu Location

On the My Account page, click the API Keys tab.

Nessus Connector - API Keys Tab

The API Keys tab provides information on using the Tenable.io REST API. Click the Generate button to create your API keys.

Nessus Connector - Generate Button Location

After clicking the Generate button, a warning window notifies you that any previously generated keys will no longer be valid after generating new API keys.

Nessus Connector - Generate API Keys Window

Click Generate to proceed with API key creation. (Otherwise, click Cancel to retain previously generated API key usage).

Following successful API key generation, the newly generated keys appear in the window above the Generate button.

Nessus Connector - API Key Location

Use these keys when setting up a new Tenable Nessus connector in Neurons RBVM/ASOC/VULN KB. Enter the Access Key in the connector’s Access Key field and the Secret Key in the connector’s Secret Key field.

Generating API keys for the Nessus Scanner

Nessus API keys can be created/generated from Options on the Nessus scanner’s menu bar.

To generate API keys compatible with the Neurons RBVM/ASOC/VULN KB connector, your user account in Nessus must have the role of Basic or higher with the ability to view and configure scan results.

First, log in to Nessus and click the user icon in the upper-right section of the menu bar.

Nessus Connector - My Account Menu Option

In the pop-up menu, click My Account.

Nessus Connector - My Account Menu Option in Nessus

On the My Account page, click the API Keys tab in the menu panel.

Nessus Connector - API Keys Tab in Nessus

In the API Keys section, click the Generate button.

Nessus Connector - Generate Button Location in Nessus

Nessus displays a warning window notifying you that any previously generated keys will no longer be valid after generating new API keys. Click the Generate button.

Nessus Connector - Generate API Keys Window in Nessus

Following successful API key generation, the newly generated keys appear in the window above the Generate button.

Nessus Connector - Access and Secret Keys in Nessus

As with the Tenable.io API keys, you can use these keys when setting up a new Tenable Nessus connector in Neurons RBVM/ASOC/VULN KB. Enter the Access Key in the connector’s Access Key field and the Secret Key in the connector’s Secret Key field.

Connector Setup

After obtaining either a Tenable or Nessus scanner API key, create a connector in Neurons RBVM/ASOC/VULN KB.

Creating a new connector in Neurons RBVM/ASOC/VULN KB requires the Integration Control IAM privilege. This privilege is available to users with the Administrator, Integration Owner, or Data Manager roles, or may be included in a custom role.

To create a connector, log into Neurons RBVM/ASOC/VULN KB and navigate to the Automate > Integrations page.

Navigation - Automation - Integrations

Using the search bar in the upper-right corner of the Integrations page, type Nessus to find the connector.

Nessus Connector - Search for Nessus Connector

Click the Configuration button in either the Tenable.io or Nessus connector cards (select based on the API key generated in the previous section).

Nessus Connector - Configuration Button Location

In the new window under Connection, complete the required fields, as described below.

Nessus Connector - Connector Configuration Window

  • Name: The connector’s name. Displayed on the connector card.

  • URL: The Tenable Nessus URL.

  • Access Key: The Tenable Nessus access key created in the previous section.

  • Secret Key: The Tenable Nessus secret key created in the previous section.

  • Network: Neurons RBVM/ASOC/VULN KB network name (ingested data associated with this network).

  • SSL: Insert optional SSL certificate.

Click Test Credentials to verify if the credentials are correct and have access to make API calls to Tenable Nessus.

Nessus Connector - Test Credentials Button Location

Configure the desired schedule for the connector to retrieve results from the Tenable Nessus instance and optionally turn on Enable auto URBA (Update Remediation by Assessment) to automatically close findings when they have been resolved and no longer detected.

Enter a single folder ID to limit the data ingested to one folder within Tenable Nessus. This optional configuration will only accept a single positive integer.

Click Save to create the connector.

Nessus Connector - Save Button Location

Once saved, the connector is now visible on the Integrations page under Currently Configured Integrations.

Tenable.io/Nessus Data Mapping in Neurons RBVM/ASOC/VULN KB

The data from a Tenable/Nessus scan file is ingested into Neurons RBVM/ASOC/VULN KB as hosts and host findings. The scanner name associated with these scans is NESSUS. Scanner Name can be used as a filter on both the Hosts and Host Findings list views. 

Hosts Page

  • Asset data extracted from the scan file is shown in the Hosts list view.

  • Both IP address and hostname are extracted from the scan file.

  • In the Host Detail under the Sources section, the Scanner is listed as NESSUS.

Host Findings Page

  • All findings from the Nessus scan file are shown in the Host Findings view in Neurons RBVM/ASOC/VULN KB.

Severity Mapping

Nessus Severity and Value*

Mapping to Neurons RBVM/ASOC/VULN KB CHMLI Scale

Critical - The plugin's highest vulnerability CVSSv2 score is 10.0.

Critical

High - The plugin's highest vulnerability CVSSv2 score is between 7.0 and 9.9.

High

Medium - The plugin's highest vulnerability CVSSv2 score is between 4.0 and 6.9.

Medium

Low - The plugin's highest vulnerability CVSSv2 score is between 0.1 and 3.9.

Low

Info - The plugin's highest vulnerability CVSSv2 score is 0.

- or -

The plugin does not search for vulnerabilities.

Informational

*Source