Nessus Host Input Client README.txt

Copyright (C) 2013-2014 Cisco and/or its affiliates. All rights reserved.

THE PRODUCT AND DOCUMENTATION ARE PROVIDED AS IS WITHOUT WARRANTY
OF ANY KIND, AND CISCO DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS,
EXPRESS OR IMPLIED, WITH RESPECT TO THE PRODUCT, DOCUMENTATION AND
RELATED MATERIALS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE; WARRANTIES
ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE; AND WARRANTIES
CONCERNING THE NON-INFRINGEMENT OF THIRD PARTY RIGHTS.

IN NO EVENT SHALL CISCO BE LIABLE FOR ANY DAMAGES RESULTING FROM
LOSS OF DATA, LOST PROFITS, LOSS OF USE OF EQUIPMENT OR LOST CONTRACTS
OR FOR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY OR
CONSEQUENTIAL DAMAGES IN ANY WAY ARISING OUT OF OR IN CONNECTION WITH
THE USE OR PERFORMANCE OF THE PRODUCT OR DOCUMENTATION OR RELATING TO
THIS AGREEMENT, HOWEVER CAUSED, EVEN IF IT HAS BEEN MADE AWARE OF THE
POSSIBILITY OF SUCH DAMAGES.  CISCO'S ENTIRE LIABILITY TO LICENSEE,
REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION OR THEORY OF LIABILITY
(INCLUDING CONTRACT, TORT, OR WARRANTY), SHALL BE LIMITED TO THE
LICENSE FEES PAID BY LICENSEE TO USE THE PRODUCT.

The Nessus Host Input Client has been tested against the CURRENT version
of Nessus as of Aug 11, 2014 (Version 5.2.7).



Details:

This cleint currently supports the optional importing of the following data types:
 - OS Information
 - Host Information
 - Port/Service/Server Information (What is running on a host)
 - Vulnerability Information
 
All types of the aformetioned data can be selectively imported (based on runtime arguments)

The default configuration values of this client will only import data associated
with reports that are 30 days old or newer.  This client will iterate through all
of the reports on the system and update information from the latest scan result per
IP address that the client is configured to import.  By default this client imports
ALL IP addresses from the Nessus results that are within the default 30 day window.



Notes:

If an IP address is found in two reports, the client will only import the results of the
MOST RECENT scan result/report.

The client will ONLY import vulnerability details for vulnerabilities with a valid
CVE or Bugrtraq ID

The client will ONLY import hosts that have a MAC address in their scan results



Runtime Options:

    --config|c      Path to the nessus.conf file.
    --os|o          Import OS Data
    --host|h        Import Nessus Discovered Hosts
    --svc|s         Import Nessus Discovered Servers/Services/Ports
    --vuln|v        Import Vulnerabilities
    --info|i        Display Import Info (Stats) and end of run
    --testmode|t    Run test import, this will only read from Nessus and display to STDOUT,
                        it will NOT IMPORT DATA on the Defense Center
    --debug|d       Display debug output, useful for debugging.  This option is force set when
                        the --testmode flag is specified
    --help|?        Display this help output

Runtime Examples:
    ./nessus.pl -c ./nessus.conf -tohsv
    The above examples assumes that the nessus.conf is in the same working path as the nessus.pl
        tool and enables the --testmode runtime argument.  The above example also enables importing
        of all OS, Host, Vulnerability and Service data types. The next is the same but using long arguments
    ./nessus.pl --testmode --os --host --svc --vuln --config ./nessus.conf




File Manifest:

nessus.pl ----- Primary application responsible for communicating with Nessus and importing
                    data into FireSight.
                
nessus.conf --- Configuration file.

README.txt ---- This file