WIXLIB

Integrate Nessus entTracker v8.x and abovePublication Date: November 13, 2018

Integrate Nessus entTracker v8.6 and above [Subtitle]AbstractThis guide helps you in configuring Nessus Vulnerability scanner/SecurityCenter/Professional andEventTracker to receive Nessus events. In this guide, you will find the detailed procedures required formonitoring Nessus Vulnerability scanner.AudienceAdministrators who are assigned the task to monitor and manage Nessus events using EventTracker.The information contained in this document represents the current view of EventTracker. on theissues discussed as of the date of publication. Because EventTracker must respond to changingmarket conditions, it should not be interpreted to be a commitment on the part of EventTracker,and EventTracker cannot guarantee the accuracy of any information presented after the date ofpublication.This document is for informational purposes only. EventTracker MAKES NO WARRANTIES,EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limiting therights under copyright, this paper may be freely distributed without permission fromEventTracker, if its content is unaltered, nothing is added to the content and credit toEventTracker is provided.EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectualproperty rights covering subject matter in this document. Except as expressly provided in anywritten license agreement from EventTracker, the furnishing of this document does not give youany license to these patents, trademarks, copyrights, or other intellectual property.The example companies, organizations, products, people and events depicted herein are fictitious.No association with any real company, organization, product, person or event is intended orshould be inferred. 2018 EventTracker Security LLC. All rights reserved. The names of actual companies andproducts mentioned herein may be the trademarks of their respective owners.1

Integrate Nessus entTracker v8.6 and above [Subtitle]Table of ContentsAbstract . 1Audience . 1Overview . 3Prerequisites. 31.Integration of Nessus Vulnerability Scanner/SecurityCenter to EventTracker server . 3Verify Nessus Vulnerability Scanner Integration in EventTracker. 52.Integration of Nessus Professional to EventTracker server . 9Obtaining Nessus Professional credentials. 9Sending Nessus Professional logs to EventTracker. . 11Verify Nessus Vulnerability Scanner Integration in EventTracker. 14Verify generated credential xml . 14Verify Extended DLA configuration . 15Verify Task is created in Task Scheduler . 16EventTracker Knowledge Pack . 16Categories . 16Flex Reports . 18Import Nessus Vulnerability Scanner knowledge pack into EventTracker. 26Knowledge Objects . 26Category . 28Flex Reports . 29Parsing Rule. 30Verify Nessus Vulnerability Scanner knowledge pack in EventTracker . 32Knowledge Objects . 32Category. 32Flex Reports . 33Parsing Rule . 34Create Flex Dashboards in EventTracker . 35Schedule Reports . 35Create Dashlets . 38Sample Flex Dashboards . 422

Integrate Nessus entTracker v8.6 and above [Subtitle]OverviewNessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposuresarchitecture for easy cross-linking between compliant security tools. Nessus employs the Nessus AttackScripting Language (NASL), a simple language that describes individual threats and potential attacks. Nessushas a modular architecture consisting of centralized servers that conduct scanning, and remote clients thatallow for administrator interaction.This guide provides procedure only to integrate Nessus scan reports to EventTracker. Additionally, if canconfigure EventTracker to alter system vulnerability score according to vulnerability reports.Prerequisites EventTracker v8.x should be installed.Nessus Vulnerability Scanner/SecurityCenter version Nessus 6.X series (Nessus 6.0 – Nessus 6.9.3) orNessus Professional should be installed.Windows Version 7 or later should be installed.Integration script must run on EventTracker Manager.1.Integration of Nessus VulnerabilityScanner/SecurityCenter to EventTracker serverFollowing are the steps to integrate Nessus Vulnerability Scanner/SecurityCenter to EventTracker Manager. Please contact the EventTracker support team for obtaining Nessus Integrator pack.The Integrator package will be obtained in a Zip file format.Extract provided file to following location: ET INSTALL Path \ScheduledActionScripts\Nessus\Extracted ZIP file will contain the following files:Figure 13

Integrate Nessus entTracker v8.6 and above [Subtitle] Double-click on the Nessus Integrator.bat to start the integration process.Once clicked the “.bat” starts running and you will get a pop-up window as shown in below image.Figure 2 In the pop-up window, enter the Nessus URL that you are accessing and your Nessus Username andPassword.After entering the details, click on OK.Once clicked on OK, an authentication pop up window will appear asking for the Username and Passwordas shown below:An authentication pop up window will appear asking for administrator username and password for TaskScheduling as shown below:Figure 3 Please enter your System Username and Password to proceed with the Task Scheduling. Click OK to continue.4

Integrate Nessus entTracker v8.6 and above [Subtitle]Verify Nessus Vulnerability Scanner Integration inEventTracker Login to EventTracker web- Admin- Manager.Figure 4 Go to the Direct Log Archiver Tab and check if the configurations are replicating as shown in the belowfigure.5

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 5 Confirm if the configurations are set right by clicking the Edit button. The below screen gets displayedafter you click the Edit button.6

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 6 Click on Configure to check the Computer Name, Configuration name and system description.7

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 7 Click on Save & Close.Now, Go to Start and open Task Scheduler to confirm if the scheduling action is created or not.Below given image shows the Nessus Task that is created for scheduling.8

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 8 Check if the Task Scheduler is configured correctly with the right conditions to trigger the task, with thespecified date and time when it needs to be run.Nessus Integration is now completed with EventTracker to receive Nessus Events.2.Integration of Nessus Professional to EventTrackerserverObtaining Nessus Professional credentials 9Log in to Nessus professional web console.

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 9 Click on Settings Tab and choose My Account option.Now click on API Keys Tab as shown the below image.Figure 10 10Now click on Generate button.Access key and Secret Key will be displayed now as shown below:

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 11 Please make a note of it as it is required for further integration process.Sending Nessus Professional logs to EventTracker. Download and apply the latest KP update from link given KP Update Link.Once downloaded the Nessus integrator package can be found in %ET INSTALL PATH%\KnowledgePacks\Nessus Vulnerability Scanner.The Integrator package will be obtained in a Zip file format. Extract the files. A folder namedNessusProfessional Script will be present, and it would contain files as show below.Extract the files to get the below file contents as shown in the image below:Figure 12 Double-click on the Nessus Professional Integrator.bat to start the integration process.Once clicked the “.bat” starts running and you will get a pop-up window as shown in below image.11

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 13 It will check if EventTracker Agent and PowerShell version 5.0 or above is installed on thecomputer where the .bat is running. If status shows as installed, click on Next to proceed, else youwill not be able to proceed further.NOTE: Manual installation of the EventTracker Agent and PowerShell version 5.0 needs to be done if itis not present. 12Once clicked on Next, you will get another pop-up window as shown below.

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 14In the pop-up window that appears, enter the details that are obtained during configuration, as discussed inthe above steps. Once the credentials are entered, click on Finish button as shown in figure above.Figure 1513

Integrate Nessus entTracker v8.6 and above [Subtitle] Please enter your System Username and Password to proceed with the Task Scheduling.Click OK to continue.Verify Nessus Vulnerability Scanner Integration inEventTrackerVerify generated credential xml Once the script run is complete, the first thing that would be done is a Details.xml will be createdwithin“%ETINSATLL tegrator\NessusProfessional Scripts” which would contain details entered in the integrator and will be stored in an encryptedformat. Also, a folder Nessus Reports will be created in the same path as shown below:Figure 16 Once that is done, within Nessus Reports folder, a folder by the name Csv Files and Xml Files will becreated.Figure 1714

Integrate Nessus entTracker v8.6 and above [Subtitle] Within the Csv Files folder you will have all the Nessus report csv files present, xml files within theXml Folder which confirms the integration is a success. This is shown below:Figure 18Verify Extended DLA configuration Log in to EventTracker console.Go to the Admin dropdown and click on Manager option as shown below.Figure 19 15Navigate to Direct Log Archiver tab.Make sure if there is DLA configured on XML files as shown in the below image.

Integrate Nessus entTracker v8.6 and above [Subtitle]Figure 20Verify Task is created in Task Scheduler Go to Start and open Task Scheduler to confirm if the scheduling action is created or not.Below given image shows the Nessus-Scheduler that is created for scheduling.Figure 21 Nessus Integration is now completed with EventTracker to receive Nessus Events.EventTracker Knowledge PackOnce logs are received into EventTracker, Categories reports can be configured into EventTracker. Thefollowing Knowledge Packs are available in EventTracker Enterprise to support Windows.Categories Nessus-Basic network scan: This category provides details about a basic network scan that is done.16