Nessus

Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.

Integration with LogicHub

Connecting with Nessus

To connect to Nessus following details are required:

Actions with Nessus

List Scans

Lists Nessus Scans.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Folder (Optional): Select folder where the scans you want to list are stored.
  • Last Modification Date (Optional): Limit the results to those scans that have only changed since the specified time. Enter epoch seconds (UNIX Timestamp).

Output of Action
Multiple JSON rows containing scan details:

  • has_error: True/False
  • error: message/null
  • other keys of Scan details

Scan Status

Gets the status for a scan (completed, aborted, imported, pending, running, resuming, canceling, canceled, pausing, paused, stopping, stopped).

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Scan ID: Select column that contains the ID of the scan to retrieve.

Output of Action
Correlated JSON rows containing Scan status:

  • has_error: True/False
  • error: message/null
  • status: completed/aborted/imported/pending/running/resuming/canceling/cancelled/pausing/paused/stopping/stopped

Scan Details

Gets detail for the given scan.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Scan ID: Select column that contains the ID of the scan to retrieve.
  • History ID (Optional): Select column that contains the historical ID of the historical data that should be returned.
  • Limit (Optional): Specify the maximum number of hosts that should be returned.

Output of Action
Correlated JSON rows containing Scan details:

  • has_error: True/False
  • error: message/null
  • other keys of scan details.

Scan Host Details

Gets detail for the given scan host.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Scan ID: Select column that contains the ID of the scan to retrieve.
  • Host ID: Select column that contains the ID of the scan host to retrieve.
  • History ID (Optional): Select column that contains the historical ID of the historical data that should be returned.

Output of Action
Correlated JSON rows containing Scan host details:

  • has_error: True/False
  • error: message/null
  • other keys of scan host details.

Launch Scan

Launches a Scan identified by Scan ID.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Scan ID: Select column that contains the ID of the scan to launch.
  • Alternative Targets (Optional): Select column that contains comma-separated alternative targets to scan. If specified, these targets will be scanned instead of the default.

Output of Action
Correlated JSON rows containing Scan UUID:

  • has_error: True/False
  • error: message/null
  • scan_uuid: string

List Scan Templates

Lists Tenable-provided scan templates. Tenable provides a number of scan templates to facilitate the creation of scans and scan policies.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Template Type: Select the type of templates to retrieve Scan/Policy.

Output of Action
Multiple JSON rows containing Scan templates:

  • has_error: True/False
  • error: message/null
  • other keys of scan template.

Template Details

Gets detail for the given scan template.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Template Type: Select the type of templates to retrieve Scan/Policy.
  • Template UUID: Select a column that contains the UUID of the template.

Output of Action
Correlated JSON rows containing Scan template details:

  • has_error: True/False
  • error: message/null
  • other keys of template details.

Create Scan

Creates a Nessus Scan. A minimum set of inputs to create a basic scan is asked directly. For advanced usage, use the Raw Configuration input.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Template UUID (Optional): Select column that contains UUID of the editor template to use
  • Settings: Name (Optional): Enter the jinja-templated name of the Scan. Example: 'Vuln Scan V{{index_column}}'
  • Settings: Enabled (Optional): Select (True/False) whether to enable the schedule for the scan
  • Settings: Targets (Optional): Select column that contains comma-separated targets to scan.
  • Raw Configuration (Optional): Jinja-templated JSON configuration for creating the scan. Use this if you want to provide extra Settings or when you're using an editor template and it is required that all fields returned in Template Details must be sent. Using this field will discard the above inputs. (Refer: /api#/resources/scans/create).

Example:

```
{
  "uuid": "{{template_uuid}}",
  "settings": {
    "name": "{{name}}",
    "description": "{{description}}",
    "emails": "{{emails}}",
    "enabled": "true",
    "launch": "ON_DEMAND/DAILY/WEEKLY/MONTHLY/YEARLY",
    "folder_id": "{{folder_id}}",
    "policy_id": "{{policy_id}}",
    "scanner_id": "{{scanner_id}}",
    "text_targets": "{{targets}}",
    "agent_group_id": []
  }
}
```

Output of Action:
Correlated JSON rows containing created scan details:

  • has_error: True/False
  • error: message/null
  • other keys of created scan details.

Example:

```
{
    "scan": {
        "creation_date": {integer},
        "custom_targets": {string},
        "default_permisssions": {integer},
        "description": {string},
        "emails": {string},
        "id": {integer},
        "last_modification_date": {integer},
        "name": {string},
        "notification_filter_type": {string},
        "notification_filters": {string},
        "owner": {string},
        "owner_id": {integer},
        "policy_id": {integer},
        "enabled": {boolean},
        "rrules": {string},
        "scanner_id": {integer},
        "shared": {integer},
        "starttime": {string},
        "tag_id": {integer},
        "timezone": {string},
        "type": {string},
        "user_permissions": {integer},
        "uuid": {string}
    }
}
```

Scan Export Create

Creates an export request for the given scan. Use the Scan Report Download action to download the report upon completion.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Scan ID: Select column that contains the ID of the scan to export.
  • History ID (Optional): Select column that contains the historical ID of the historical data that should be exported.
  • Format: Select file format to use Nessus/HTML/CSV/DB.
  • Password (Optional): Select column containing the password that will be used to encrypt database (DB) exports. In case if it is not specified or a blank column-value is encountered, a random password will be used.
  • Additional Configuration (Optional): Provide jinja-templated additional configuration for filters or formatting options. (Refer: /api#/resources/scans/export-request).

Output of Action
Correlated JSON rows containing export details:

  • has_error: True/False
  • error: message/null
  • other keys of export details.

Scan Export Status

Check the file status of an exported scan.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Scan ID: Select column that contains the ID of the scan to export.
  • File ID: Select column that contains the ID of the file (got in Export Create Action).

Output of Action
Correlated JSON rows containing Export status

  • has_error: True/False
  • error: message/null
  • status: {string}

Scan Report Download

Downloads the exported scan report.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Scan ID: Select column that contains I=D of the scan to export.
  • File ID: Select column that contains the ID of the file (got in Export Create Action).
  • File Extension (Optional): Enter extension name of the file. For example: xml, html, csv, db.
  • Poll Duration (Optional): Maximum duration to poll in seconds for 'ready' status of a scan report (per row). (Default is 0 seconds, that is, Don't poll).
  • Retries (Optional): Number of retries to make in poll duration per row. (Default is 0 retries).

Output of Action
Correlated JSON rows containing exported report file details:

  • has_error: True/False
  • error: message/null
  • lhub_file_id: {string}

Did this page help you?