question Re: Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center? in SecOps forum

Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?

cbester — Thu, 22 Feb 2018 19:13:21 GMT

The application on Store seems to only be available for Security Center, not for Professional

Re: Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?

Dave Smith1 — Fri, 23 Feb 2018 05:26:53 GMT

Not me.. but is there a "Contact Vendor" link in Store at all?

Re: Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?

jarodm — Mon, 07 May 2018 13:44:54 GMT

I've done a custom integration to the Tenable Nessus (non-Security Center) REST API in the past. The API isn't difficult, but there are a lot of moving parts to contend with.

I know that Tom at http://www.secopspartners.com/ has done a few of them, and presumably other partners have solutions ready to go as well.

Jarod

Re: Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?

cbester — Mon, 14 May 2018 20:40:58 GMT

Thanks, I've got most of it working now, glad to hear I'm not alone in this.

Re: Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?

dan_tembe — Thu, 17 May 2018 12:16:21 GMT

Hello,

Hope this helps.

I don't have Tenable Nessus but to extend to what Jarod mentioned. REST API to SNOW is fairly straightforward.

I just finished WAZUH/OSSEC integration using OSSEC's inbuilt "webhook" slack integration to route OSSEC/WAZUH alerts to ServiceNow Event Management then to Security Operations. I had to go this route since I wanted the inbuilt handling capabilities for this integration.

Also, am working (about 75% done but is 100% operational now) on a python script to tail "alerts.json" file on the same server (OSSEC/WAZUH).

The reason I am responding to your Nessus integration post, is if you have a log file or if Nessus Professional has a Slack or Webhook integration or has a alerts log file you can tail, you can use my code and edit it to fit your needs. At least you have the authentication (POST) and JSON map built.

Here is the link - https://github.com/dtembe/OSSEC_WAZ_2SNOWEM

the file called "slack" is actually edited to route events to ServiceNOW EM & the other file is called ossec2snowem.py. Hopefully this gets you well on your way.

Hopefully you can share your edits and work too for rest of the community.

Good Luck.

Dan

Re: Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?

Ryan Garrett — Fri, 25 May 2018 03:12:41 GMT

Cbester,

Nessus Professional version 6 is reaching End of Life at the end of this year and Tenable has removed the ability to get scan details from Nessus Professional 7 through the API. I do not work for Tenable, but I would guess this is an effort to move customers to Security Center or Tenable.io.

Best,

Ryan

Re: Has anyone integrated Vulnerability with Tenable Professional instead of Tenable Security Center?

mkemp — Wed, 03 Oct 2018 13:36:10 GMT

It can be done, we used IntegRhythm to help with the integration. In short a CSV file is exported from the scanner and ingested in via email.

We also looked at the api, but it was going to take more work to get that done.