Questions/Request: Integration with SecurityCenter

[tbennett6421]

We have Tenable SecurityCenter and 5 nessus scanners. I'm not sure if the integrations with nessus work when they are managed by securitycenter. For example I know you can no longer login to the nessus boxes and view scan history or policies; since all of that is done at the securitycenter level and pushed out to all scanners.

This is what I get when I run vulnwhisp against securitycenter

[INFO] Connected to database at /opt/vulnwhisperer/database/report_tracker.db
[INFO] Attempting to connect to nessus...
[FAIL] Could not login to Nessus
[FAIL] Could not properly load your config!
Reason: [FAIL] Could not connect to nessus -- Please verify your settings in <vulnwhisp.base.config.vwConfig object at 0x7f8b8b68ea50> are correct and try again.
Reason: [FAIL] Could not login to Nessus

SecurityCenter's API can be found at https://docs.tenable.com/sccv/api/index.html
I would be willing to offer assistance to get this working.

[austin-taylor]

Can you try pointing vulnwhisperer at an individual nessus host (not SecurityCenter). Do you know if SC offers a trial? Happy to get it integrated.

[goosvorbook]

Hey Austin,

Over here you can find a trial for Tenable.io Vulnerability Management
https://www.tenable.com/products/tenable-io/vulnerability-management/evaluate .

Here is some documentation regarding their API https://cloud.tenable.com/api#/overview .

[tbennett6421]

@austin-taylor Just got around to that, Changing the host to a scanner only pulled scans I created on that host, (i.e. the scan support had us run for diagnostics). This doesn't get anything that we do on a daily basis.

I don't think SC offers a public trial. We trialed it as part of a POC for our organization. Any I can do to assist with this?

[qmontal]

Hi @tbennett6421,

Correct me if I am wrong, but I feel like Security Center it is by itself a Security Management tool for Nessus instances, kind of what VulnWhisperer's objective is, so I feel like VulnWhisperer would be redundant in that situation.

As you mentioned, there is no free / free trial/ community version of the product itself, so the only thing that could be done is either pull results from the Nessus instances as you mentioned, which would work as expected, or have someone that has an SC instance and the interest on this to create a module to parse the results from SC, as you already noticed that it is not working with Nessus module. At a certain point, it would be easier to just send everything directly to a ELK stack instead of making it go through VulnWhisperer.

If this is something still in your interest we will leave the issue open, otherwise I think it would be better to close it down.

Cheers!

[tbennett6421]

the biggest reason we were looking to add it to ES was to correlate it with other things like IDS alerts, failed auth attempts, etc. and triaging events from multiple sources

Closing this is fine with me, we ended up not-renewing and instead are leveraging this with Nessus Professional.

[qmontal]

Hi @tbennett6421,
I agree that having the vulnerability management results on a SIEM with the rest of data would be the best, will focus on improving VulnWhisperer to allow a better SIEM experience using the Elastic Common Schema (#97) :)
Cheers!