Tenable Nessus Installation Guide

[Janne Desir]

YeahI have had many problems with Nessus and you hit the nail on the head. Mount the DMG and find the hidden package and use that instead. I have opened up cases with them about this and also told them that their scripts in their package are no longer supported in flat packages.

when packaging nessus, we need to extract the hidden .NessusAgent.pck file, and import that to composer, then edit the 'postinstall' script that is already there? looks there is already a script when I import it, this is what it contains:

Looks like the only reason they wrap it is for the license, logo, and readme . I stumbled upon the hidden .pkg in their install guide (but should have checked here first). I shouldn't have to do that. Software is supposed to be self-explanatory.

2 years later and this fix still holds true! I was able to unhide the real .NessusAgent.pkg and remove the . from it to unhide, uploaded it into Jamf Pro and successfully rolled out the agent after. Thanks @arekdreyer.

Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.

This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.

I am trying to integrate the Splunk Add-on tenable to collect scan details from Nessus. Unfotunately, no data has been collected. Here is what I confirmed to do:

1- I installed the add-on on my heavy forwarder and configured the correct index=nessus.

2- I also installed the add-on on the search head cluster as the guide suggested after deleting both "eventgen.conf" & "inputs.conf". (Splunk Add-on for Tenable, Splunk Docs)

3- Moreover, I ensured to get the correct keys from Nessus tenable when configuring the add-on on Splunk.

(How_To_Guide_Tenable.io_Splunk_v2.pdf)

4- The indexers have the correct index.

5- Firewall ports have been allowed.

By running a tcpdump on my Heavyforwarder, I couldn't see any packages sent/received between it and the Nessus server. However, I manged to find two repetitive errors in the Nessuslog file as follow:

@Mystica856 the few times I did run into the above issue was due to a bad API or Secret Key. Hopefuly when you generated your key you copied it down from Nessus. If you do have to pull new keys make sure that you copy them down in a safe place and try adding them back to both Host and Plugin on the HF configuration page.

All the capabilities of Tenable Vulnerability Management are available in the Vulnerability Management API, a robust platform for users of all experience levels. Using the Vulnerability Management API, you can seamlessly integrate Tenable Vulnerability Management into your cybersecurity infrastructure; for example, you can:

You can automate almost any task within the Tenable's cloud platform via the API. For some, this thought can seem daunting; however, Tenable has made the learning curve as low as possible with an API Python library called pyTenable.

The pyTenable library gives users a low-level interface into the API, and it uses pythonic nomenclature to make interacting with the API simple, empowering, and ultimately pain-free. This article provides an introduction to pyTenable to help you develop your Vulnerability Management integrations as quickly and as easily as possible.

This article assumes that you already have a working Python 3.6 installation or later. I could write a whole guide on the different ways in which you could configure your environment, but for the sake of brevity, you can refer to My Development Setup on my developer blog if you're curious about my personal development environment.

The pyTenable library uses the concept of a connection class to act as the primary interface to the Vulnerability Management API. Connection classes are commonly used in many libraries, and allows for developers to have multiple connection objects within the code. This is useful if you need to use different users or interface into different instances. In practice, the pyTenable library is easy to use, simply instantiate an object and you have everything you need within that object.

When you develop an integration for Vulnerability Management, Tenable recommends that you identify yourself to the API. Identification allows Tenable to identify your integrations and API calls and it assists with debugging and troubleshooting if you have issues with the API, rate limits, or concurrency limits. Additionally, this is generally a requirement for partner integrations.

With these parameters, the pyTenable library now has the information needed to construct a User-Agent header string with the appropriate information. For more information about using User-Agent headers with the Vulnerability Management API, see User-Agent Header.

Now that you have the tio object instantiated you can make a simple call to the Vulnerability Management API. For this first call, let's get a list of configured scans from the Vulnerability Management platform:

One of the basic functions of Tenable's platform is data acquisition through scanning. Scanning can be simple or complicated depending on your environment and your specific need. The pyTenable library attempts to make scanning as simple as possible. For this introduction, we'll focus on pre-defined scan policy templates and save more complex scanning for another article.

External scanning is the simplest type, since you don't need to deploy a scanner within your environment to scan the perimeter. Conveniently, the pyTenable library makes pre-defined assumptions in order to reduce the amount of parameters you to pass.

We only had to specify the name of the scan and the list of targets to scan. If you want to do something a little more complex, such as a PCI-ASV scan, you just need to specify the scan template name:

Internal scanning is only marginally more difficult than external scanning. When you run an internal scan, you are required to define a scanner or scanner group as part of the scan definition. You can define the scanner or scanner group by either the name or UUID, just like with the scan policy templates in the external scanning examples.

Tenable's platform is generally asynchronous in practice, giving you the option to track the state of stateful actions, such as scans, however you see fit. When you launch a scan via the Vulnerability Management API or pyTenable library, it's never a blocking call, and a response is returned immediately. There are a variety of endpoints to track the state of a given job, for example, to see if a scan has been completed. In the example of scans, pyTenable has exposed this capability with the status method. This method can be used like so:

While the example may seem odd, if you look at the Scan Status documentation, all of the end-state statuses are past-tense ("ed"), whereas the intermediary statuses are present tense ("ing"). This means you can make the while loop's condition to continue a check on the last two characters of the status.

As you can see, the capabilities of the Vulnerability Management API, when coupled with the pyTenable library as an interface layer, is quite easy to work with using a minimal amount of code. This article is just the first in a series of articles to explore some common Vulnerability Management API use cases. If you would like to see more, look for the next expert article in this series, where we will discuss exporting data from Tenable Vulnerability Management.

Vulnerability scanning is an essential aspect of modern-day cybersecurity and Nessus is a well-known tool that provides a comprehensive solution for vulnerability assessments. It is a popular choice among security professionals and enthusiasts, due to its compatibility with Windows, MacOS, and Linux.

So how can you download and install Nessus on Kali, a widely-used penetration testing platform? With this step-by-step guide, you'll be up and running with Nessus in no time, equipped to proactively identify and mitigate vulnerabilities in your network.

Nessus, developed by Tenable Inc, is a widely-used open-source vulnerability scanner. It offers a paid subscription, Nessus Professional, as well as a free version, Nessus Essentials, which is limited to 16 IP addresses per scanner.

Nessus provides a range of services, including vulnerability assessments, network scans, web scans, asset discovery, and more, to aid security professionals, penetration testers, and other cybersecurity enthusiasts in proactively identifying and mitigating vulnerabilities in their networks.

Nessus is a must-have tool for security assessments and penetration testing. Its user-friendly interface and easy installation process make it a favorite among professionals. If issues arise during installation, restart your device or update plugins from the terminal.

Certain commercial entities, equipment, products, or materials may beidentified by name or company logo or other insignia in order toacknowledge their participation in this collaboration or to describe anexperimental procedure or concept adequately. Such identification is notintended to imply special status or relationship with NIST orrecommendation or endorsement by NIST or NCCoE; neither is it intendedto imply that the entities, equipment, products, or materials arenecessarily the best available for the purpose.

As a private-public partnership, we are always seeking feedback on ourpractice guides. We are particularly interested in seeing how businessesapply NCCoE reference designs in the real world. If you have implementedthe reference design, or have questions about applying it in yourenvironment, please email us at cyberh...@nist.gov.

3a8082e126