Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
8164
Views
0
Helpful
12
Comments

Nessus Connector for Host Input API, Firepower Version 6.x

dohurd
Cisco Employee
Cisco Employee

‎07-01-2016 11:02 AM - edited ‎03-08-2019 07:00 PM

New Nessus Host Input API connector for Firepower 6.x.  Allows the importation of Nessus vulnerability reports into the Firepower Host Map.  You will need to rename the file .tar.gz

Labels:
Preview file
43 KB
0 Helpful
Comments
Nicholas Penning
Level 1
Level 1
‎07-11-2016 09:11 AM

This is great. Do you know of connector for 5.4?

ptechau
Level 1
Level 1
‎08-15-2016 04:15 PM

The connector version 2.0.3-beta that Doug posted will work with v5.4.

JASON CHOQUETTE
Level 4
Level 4
‎11-11-2016 12:56 PM

Will this work with Tenable SecurityCenter?  Is there any detailed documentation on configuring this?

dohurd
Cisco Employee
Cisco Employee
‎11-14-2016 07:08 AM

No.  The connector for Tenable's Security Center' os different.

You can download it here.  https://supportforums.cisco.com/document/12261131/tenable-connector-and-docs-v30

I haven't heard anyone say how it works with FP 6.x. but I think Security Center needs to be 5.x for this to work.

Dennis Perto
Level 5
Level 5
‎12-27-2016 04:11 AM

Hi dohurd, ptechau

I am getting this error while importing scans from a Nessus Professional 6.9.2. The connection to Nessus seems successful but the HostInput script is failing.

root@fmc01:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -iohsv

Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1094.

Printing stack trace:

        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (150)

        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (396)

        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1312)

        called from ./nessus.pl (476)

root@fmc01:/Volume/home/admin#

seefarrun
Level 1
Level 1
‎09-22-2017 06:53 AM

I'm also getting a similar error.  It goes through fine in testmode, so I guess it's a problem with when it's attempting to put it into Firepower?  Did you ever get this sorted or is this no longer supported?

 

Nessus V6.11

Firepower Management 6.2.2

 

Running through each of the options:

 

 

root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -h --verbose
. . .
36:36:30:32:32:34 [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,2935]
AddHost Failed with error -1 at ./nessus.pl line 446

Printing stack trace:
        called from /usr/lib/perl5/5.10.1/Carp.pm (44)
        called from ./nessus.pl (446)


root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -v --verbose
. . . 
36:36:30:32:32:34 [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,2935]
AddHost Failed with error -1 at ./nessus.pl line 446

Printing stack trace:
        called from /usr/lib/perl5/5.10.1/Carp.pm (44)
        called from ./nessus.pl (446)


root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -o --verbose
. . .
        };

$VAR1 = 'Microsoft Windows Server 2008 Enterprise Service Pack 2';
Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1162.

Printing stack trace:
        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (150)
        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (396)
        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1380)
        called from ./nessus.pl (476)



root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -s --verbose
. . .
$VAR1 = [
          {
            'hostname' => 'host.example.com'
          }
        ];
'host.example.com' is not a valid address range [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,749]
Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1620.

Printing stack trace:
        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1620)
        called from ./nessus.pl (572)
babiojd01
Level 1
Level 1
‎09-16-2018 01:47 PM

I am getting the same hash error. How do we fix it?

babiojd01
Level 1
Level 1
‎09-17-2018 04:17 AM

So the trick is to comment out some sections of the nessus.pl script. I was able to get it to work last night. There are sections where it tells the script to croak if it fails. If you comment those out it will continue on and not stop. Send me a mail if you want the details.

Isaac Smith
Level 1
Level 1
‎12-19-2019 05:11 AM

Is this still valid? We want to integrate our Nessus scans.  I realize this post is kind of old and newer versions of Nessus and FMC are out now. We're on 6.4.0.6 on our FMC and I'm not sure what version of Nessus we have but i am checking

babiojd01
Level 1
Level 1
‎12-19-2019 05:26 AM

I think so. Its been a while since I tried to run it. Follow what I said in the earlier post and see if it works.

@dohurd wrote:

New Nessus Host Input API connector for Firepower 6.x.  Allows the importation of Nessus vulnerability reports into the Firepower Host Map.  You will need to rename the file .tar.gz

 

Nicholas Penning
Level 1
Level 1
‎02-03-2020 05:12 AM

Hello, I too am also checking in on this.

 

Currently the Nessus Scanner version is at 8.9.0 today and the FMC we are wondering if this will work with is 6.4.0.7+.

 

What is the latest version of the script?

00u10w6v6oIjyxXZv5d7
Level 1
Level 1
‎11-24-2023 06:03 AM

If anyone is still interesting to integrate Tenable vulnerabilities here is a python project used to automatically import vulnerabilities into FMC.

Tested and working with Tenable.SC and FMC 7.2

https://github.com/ArmsSec/Cisco-FMC-Tenable

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents