cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8352
Views
0
Helpful
12
Comments
dohurd
Cisco Employee
Cisco Employee

New Nessus Host Input API connector for Firepower 6.x.  Allows the importation of Nessus vulnerability reports into the Firepower Host Map.  You will need to rename the file .tar.gz

Comments

This is great. Do you know of connector for 5.4?

ptechau
Level 1
Level 1

The connector version 2.0.3-beta that Doug posted will work with v5.4.

JASON CHOQUETTE
Level 4
Level 4

Will this work with Tenable SecurityCenter?  Is there any detailed documentation on configuring this?

dohurd
Cisco Employee
Cisco Employee

No.  The connector for Tenable's Security Center' os different.

You can download it here.  https://supportforums.cisco.com/document/12261131/tenable-connector-and-docs-v30

I haven't heard anyone say how it works with FP 6.x. but I think Security Center needs to be 5.x for this to work.

Dennis Perto
Level 5
Level 5

Hi dohurd, ptechau

I am getting this error while importing scans from a Nessus Professional 6.9.2. The connection to Nessus seems successful but the HostInput script is failing.

root@fmc01:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -iohsv

Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1094.

Printing stack trace:

        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (150)

        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (396)

        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1312)

        called from ./nessus.pl (476)

root@fmc01:/Volume/home/admin#

seefarrun
Level 1
Level 1

I'm also getting a similar error.  It goes through fine in testmode, so I guess it's a problem with when it's attempting to put it into Firepower?  Did you ever get this sorted or is this no longer supported?

 

Nessus V6.11

Firepower Management 6.2.2

 

Running through each of the options:

 

 

root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -h --verbose
. . .
36:36:30:32:32:34 [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,2935]
AddHost Failed with error -1 at ./nessus.pl line 446

Printing stack trace:
        called from /usr/lib/perl5/5.10.1/Carp.pm (44)
        called from ./nessus.pl (446)


root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -v --verbose
. . . 
36:36:30:32:32:34 [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,2935]
AddHost Failed with error -1 at ./nessus.pl line 446

Printing stack trace:
        called from /usr/lib/perl5/5.10.1/Carp.pm (44)
        called from ./nessus.pl (446)


root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -o --verbose
. . .
        };

$VAR1 = 'Microsoft Windows Server 2008 Enterprise Service Pack 2';
Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1162.

Printing stack trace:
        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (150)
        called from /usr/lib/perl5/site_perl/5.10.1/Error.pm (396)
        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1380)
        called from ./nessus.pl (476)



root@lon-fpmv:/Volume/home/admin# ./nessus.pl -c ./nessus.conf -s --verbose
. . .
$VAR1 = [
          {
            'hostname' => 'host.example.com'
          }
        ];
'host.example.com' is not a valid address range [/usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm,749]
Not a HASH reference at /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm line 1620.

Printing stack trace:
        called from /usr/local/sf/lib/perl/5.10.1/SF/SFDataCorrelator/HostInput.pm (1620)
        called from ./nessus.pl (572)

babiojd01
Level 1
Level 1

I am getting the same hash error. How do we fix it?

babiojd01
Level 1
Level 1

So the trick is to comment out some sections of the nessus.pl script. I was able to get it to work last night. There are sections where it tells the script to croak if it fails. If you comment those out it will continue on and not stop. Send me a mail if you want the details.

Isaac Smith
Level 1
Level 1

Is this still valid? We want to integrate our Nessus scans.  I realize this post is kind of old and newer versions of Nessus and FMC are out now. We're on 6.4.0.6 on our FMC and I'm not sure what version of Nessus we have but i am checking

babiojd01
Level 1
Level 1

I think so. Its been a while since I tried to run it. Follow what I said in the earlier post and see if it works.


@dohurd wrote:

New Nessus Host Input API connector for Firepower 6.x.  Allows the importation of Nessus vulnerability reports into the Firepower Host Map.  You will need to rename the file .tar.gz


 

Hello, I too am also checking in on this.

 

Currently the Nessus Scanner version is at 8.9.0 today and the FMC we are wondering if this will work with is 6.4.0.7+.

 

What is the latest version of the script?

adrian_iovita
Level 1
Level 1

If anyone is still interesting to integrate Tenable vulnerabilities here is a python project used to automatically import vulnerabilities into FMC.

Tested and working with Tenable.SC and FMC 7.2

https://github.com/ArmsSec/Cisco-FMC-Tenable

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: