cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Nessus Connector for Host Input API, Firepower Version 6.x

5419
Views
0
Helpful
11
Comments

New Nessus Host Input API connector for Firepower 6.x.  Allows the importation of Nessus vulnerability reports into the Firepower Host Map.  You will need to rename the file .tar.gz

Comments
Nicholas Penning
Beginner

This is great. Do you know of connector for 5.4?

ptechau
Beginner

The connector version 2.0.3-beta that Doug posted will work with v5.4.

JASON CHOQUETTE
Enthusiast

Will this work with Tenable SecurityCenter?  Is there any detailed documentation on configuring this?

dohurd
Cisco Employee

No.  The connector for Tenable's Security Center' os different.

You can download it here.  https://supportforums.cisco.com/document/12261131/tenable-connector-and-docs-v30

I haven't heard anyone say how it works with FP 6.x. but I think Security Center needs to be 5.x for this to work.

Dennis Perto
Contributor

Hi dohurd, ptechau

I am getting this error while importing scans from a Nessus Professional 6.9.2. The connection to Nessus seems successful but the HostInput script is failing.

root@fmc01:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -iohsv

Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1094.

Printing stack trace:

        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (150)

        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (396)

        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1312)

        called from ./nessus.pl (476)

root@fmc01:/Volume/home/admin#

seefarrun
Beginner

I'm also getting a similar error.  It goes through fine in testmode, so I guess it's a problem with when it's attempting to put it into Firepower?  Did you ever get this sorted or is this no longer supported?

 

Nessus V6.11

Firepower Management 6.2.2

 

Running through each of the options:

 

 

root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -h --verbose
. . .
36:36:30:32:32:34 [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,2935]
AddHost Failed with error -1 at ./nessus.pl line 446

Printing stack trace:
        called from /usr/lib/perl5/5.10.1/Carp.pm (44)
        called from ./nessus.pl (446)


root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -v --verbose
. . . 
36:36:30:32:32:34 [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,2935]
AddHost Failed with error -1 at ./nessus.pl line 446

Printing stack trace:
        called from /usr/lib/perl5/5.10.1/Carp.pm (44)
        called from ./nessus.pl (446)


root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -o --verbose
. . .
        };

$VAR1 = 'Microsoft Windows Server 2008 Enterprise Service Pack 2';
Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1162.

Printing stack trace:
        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (150)
        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (396)
        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1380)
        called from ./nessus.pl (476)



root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -s --verbose
. . .
$VAR1 = [
          {
            'hostname' => 'host.example.com'
          }
        ];
'host.example.com' is not a valid address range [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,749]
Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1620.

Printing stack trace:
        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1620)
        called from ./nessus.pl (572)

babiojd01
Beginner

I am getting the same hash error. How do we fix it?

babiojd01
Beginner

So the trick is to comment out some sections of the nessus.pl script. I was able to get it to work last night. There are sections where it tells the script to croak if it fails. If you comment those out it will continue on and not stop. Send me a mail if you want the details.

Isaac Smith
Beginner

Is this still valid? We want to integrate our Nessus scans.  I realize this post is kind of old and newer versions of Nessus and FMC are out now. We're on 6.4.0.6 on our FMC and I'm not sure what version of Nessus we have but i am checking

babiojd01
Beginner

I think so. Its been a while since I tried to run it. Follow what I said in the earlier post and see if it works.


@dohurd wrote:

New Nessus Host Input API connector for Firepower 6.x.  Allows the importation of Nessus vulnerability reports into the Firepower Host Map.  You will need to rename the file .tar.gz


 

Nicholas Penning
Beginner

Hello, I too am also checking in on this.

 

Currently the Nessus Scanner version is at 8.9.0 today and the FMC we are wondering if this will work with is 6.4.0.7+.

 

What is the latest version of the script?