Nessus Professional

Community Platform

runZero integrates with Nessus Professional by importing data from the Tenable API.

Getting started with Nessus Professional

To set up an integration with Nessus Professional, you’ll need to:

1. Create an Administrator API key in an access group with Can View permission to Manage Assets.
2. Configure the Nessus Professional credential in runZero.
3. Choose whether to configure the integration as a scan probe or connector task.
4. Activate the integration to pull your data into runZero.

Requirements

Before you can set up the Nessus Professional integration:

• Verify that you have runZero Enterprise.
• Make sure you have administrator access to the Nessus Professional portal.

Step 1: Create an Administrator API key

1. Log in to Nessus Professional with the Administrator account being used for the runZero integration.
2. Go to My Profile > My Account > API Keys.
3. Generate the API token, and then download or copy it.

• You will either need to configure the Tenable credential to skip TLS verification, or provide the TLS thumbprint when creating the runZero credential.

Step 2: Add the Nessus Professional credential to runZero

1. Go to the Credentials page in runZero. Provide a name for the credentials, like Nessus Professional.
2. Choose Nessus Professional Access & Secret from the list of credential types.
3. Generate your Tenable access and secret keys via your account page in the Tenable portal, and then provide the following information:
   • Access key - Your 64-character Tenable access key.
   • Secret key - Your 64-character Tenable secret key.
   • Nessus API URL - The API URL for your Nessus Professional instance. The expected format is https://ip:port or https://domain.tld:port. The default port used by Nessus Professional is 8834.
   • Nessus insecure - Set this to Yes if you want to attempt authentication without a verified thumbprint.
   • Nessus thumbprints (optional) - A set of IP=SHA256:B64HASH pairs to trust for authentication.
     • You will need to scan your Nessus instance with runZero in order to obtain the TLS thumbprint. The TLS fingerprints service attribute report lists all previously seen fingerprints.
   • If Nessus insecure is set to No and no thumbprints are provided:
     • With a self-signed certificate, the connection will fail because the certificate chain cannot be verified.
     • With a valid certificate from a public CA, the connection can work without thumbprints.
4. If you want other organizations to be able to use this credential, select the Make this a global credential option. Otherwise, you can configure access on a per-organization basis.
5. Save the credential.

You’re now ready to set up and activate the connection to bring in data from Nessus Professional.

Step 3: Choose how to configure the Nessus Professional integration

The Nessus Professional integration can be configured as either a scan probe or a connector task. Scan probes gather data from integrations during scan tasks. Connector tasks run independently from either the cloud or one of your Explorers, only performing the integration sync. Setting up a connector will work if you’re self-hosting runZero or your Nessus Professional instance is publicly accessible.

Step 4: Set up and activate the integration to sync data

After you add your Tenable credential, you’ll need to sync your data from Nessus Professional.

Step 4a: Configure the Nessus Professional integration as a connector task

A connection requires you to specify a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where any new Tenable-only assets are created.

1. Activate a connection to Nessus Professional. You can access all available third-party connections from the integrations page, your inventory, or the tasks page.
2. Choose the credentials you added earlier. If you don’t see the credentials listed, make sure the credentials have access to the organization you are currently in.
3. Set the severity and risk levels you want to import (optional). Note: Much of the host information provided by Tenable is from Info-level plugins, so if you only import higher levels of severity you may not see much information about assets not scanned by runZero.
4. Set the Fingerprint only toggle to Yes if you want vulnerability records to be ingested for fingerprint analysis but not stored in your runZero vulnerability inventory (optional).
5. Enter a name for the task, like Nessus Professional sync (optional).
6. Choose the Explorer to perform this connector task from (optional).
7. Choose the site you want to add your assets to. All newly discovered assets will be stored in this site.
8. Enter a description for the task (optional).
9. If you want to exclude assets that have not been scanned by runZero from your integration import, switch the Exclude unknown assets toggle to Yes. By default, the integration will include assets that have not been scanned by runZero.
10. If you want to include assets that have not been assessed for vulnerabilities, switch the Include unscanned assets toggle to Yes.
11. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
12. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.

Step 4b: Configure the Nessus Professional integration as a scan probe

You can run the Nessus Professional integration as a scan probe so that the runZero Explorer will pull your vulnerability data into the runZero Console.

In a new or existing scan configuration:

• Ensure that the NESSUS option is set to Yes in the Probes and SNMP tab and change any of the default options if needed.
• Set the correct Nessus credential to Yes in the Credentials tab.
• Optionally, set the severity and risk levels for ingested vulnerability scan results.

Step 5: View Tenable assets and vulnerabilities

After a successful sync, you can go to your inventory to view your Tenable assets. These assets will have a Tenable icon listed in the Source column.

The Tenable integration gathers details about vulnerabilities detected in addition to enriching asset inventory data. Go to Inventory > Vulnerabilities to view the vulnerability data provided by Nessus Professional.

To filter by Tenable assets, consider running the following queries:

• View all Tenable assets:

  source:Tenable
  

Click into each asset to see its individual attributes. runZero will show you the attributes gathered from the Tenable scan data.

Troubleshooting

If you are having trouble using this integration, the questions and answers below may assist in your troubleshooting.

Why is the Nessus Professional integration unable to connect?

1. Are you getting any data from the Nessus Professional integration?
   • Make sure to query the inventory rather than look at the task details to review all the data available from this integration.
   • In some cases, integrations have a configuration set that limits the amount of data that comes into the runZero console.
2. Some integrations require very specific actions that are easy to overlook. If a step is missed when setting up the intergration, it may not work correctly. Please review this documentation and follow the steps exactly.
3. If the Nessus Professional integration is unable to connect be sure to check the task log for errors. Some common errors include:
   • 500 - server error, unable to connect to the endpoint
   • 404 - hitting an unknown endpoint on the server
   • 403 - not authorized, likely a credential issue
4. Verify you are running the integration task from an Explorer with access to the Tenable host if it is on-premises.

How do I solve the following error in Nessus Professional:

• "error-message":"no tenable assets match import criteria","level":"error","msg":"could not load scan result data to writer" {#nessuspro-import-error}

This is an error we have seen intermittently from Tenable. A solution that usually works is to enable the Include Unscanned Assets toggle in the Tenable task configuration. This will disable the filters we apply for live assets that were scanned in the last 30 days.