Tenable Community

[Montray Yadav]

Iam trying to setup the splunk addon for tenable to pull scan reports from our nessus pro box. I have setup the addon on a heavy forwarder with the information needed but i never see anything come over. My fear in researching is that this functionality doesn't work as smoothly based on issues i have seen others have. I wondered if anyone has successfully gotten this working and how? My settings are: (please note that my heavy forwarder performs no indexing functionality, so the "nessus" index is only created on my actual indexer. Hoping this isn't the problem.)

As far as I know this is related to the change of API format that was introduced in Nessus 8. I do not believe this addon currently works for the new API structure, but it certainly should be able to. I have seen some projects on github that are able to pull from Nessus 8.x so my plan was to try to edit this Splunk app with similar logic.

Scan exports are still fully supported in 8.1.0. This functionality may have changed in how it needs to be queried, so it is very important to read the API documentation for your existing version for 3rd party integrations.

Is anyone using Tenable Nessus agent in their environment? Have you noticed any issues with throughput for your backups? I ask because we have it installed on our Commvault servers and it is affecting the network but I'm being told that Nessus agent does not interfere with day to day operations. I ran a library throughput trend report with Nessus agent installed, uninstalled and reinstalled, there definitely is a issue there. Anyone else having similar issues?

@Damian Andre - We did have issue with a SQL server job where when the Nessus agent was removed the backups completed within minutes versus hours. I certain there is a correlation there but need to go through the channels to get a resolution.

Our log files do provide some pretty comprehensive stats when it comes to performance to try to narrow down the bottleneck, which could get you further in terms of identifying which component is specifically slowing down (maybe its the file opens, or a slowdown in the loopback networking, or network speed across the wire etc.). There is some automated performance analyses that could help.

@Tenzin I did have similar issues with Tenable Nessus before (about a year ago). Had always backed up different servers, various agents just fine prior the introduction of Nessus. Tenable Nessus was implemented and I started seeing CV ports being "scanned/blocked" interrupting CV Backup connection.

Had a ticket with CV when I was somewhat already convinced Nessus was breaking things. Inquired about some sort of documentation around that and nothing was found in CV Docs. Talked to Security and they said that Nessus as considering CV operation as a threat. And from there it was a ping pong where CV would ask me to talk to Nessus and vice versa.

I`d say, select maybe 2 / 3 different agents you are having issues and create a total exclusion from Nessus, run a backup. It is likely you will see success. Grab the logs, enable Nessus and run another backup and compare the logs, see if you can spot any of the errors below and analyze with your security team.

The link you provided from the Tenable community is very helpful and may help get the discussion started with our security team. Am I right in assuming we only need to exclude ports 8400-8403 (CV Listening ports)?

@Damian Andre @Mike Struening I know this is an old discussion but Damian had mentioned seeing some internal tickets around Nessus Tenable and breaking backups. I have searched the docs online and MA but could not find anything related to Commvault and Tenable. Do you guys have any internal documentation or best practices when it comes to Nessus and Commvault?

Hey @dude - most of the cases relate to flagged security vulnerabilities (they are running outdated versions, require third-party updates like java or python, or producing false positives for components not in use etc.). The other issues are very outlier from what I can see - some strange issues with install, network, and performance - but only a handful. They don't seem to have a common thread as to the solution. I am not aware of any internal best practices for it - its not something it seems that comes up too often.

Tenable is aware of the competitive environment in which it operates. Referencing competitors such as Rapid7, SentinelOne, Wiz during negotiations may result in significant reductions in quoted prices.

Keep in mind the importance of favorable payment terms. Suggest alternate payment schedules like semi-annual or quarterly. This can provide considerable cash flow benefits and can often be negotiated with the supplier.

To get more discount levers and commercial items to consider when negotiating your Tenable contracts, sign up for a free forever Vendr account. We have a plethora of negotiation insights available for Tenable in our platform.

These insights reflect the experiences of actual buyers and can provide a glimpse into the negotiation possibilities with Tenable. To delve deeper into the wealth of knowledge our community has to offer, we encourage you to sign up for a free forever Vendr account. By joining, you'll unlock additional insights such as the estimated time to implement Tenable, what to expect for your renewal, and other discount levers that can be implemented if you're stuck during the negotiation process. Currently, there are several community insights available for Tenable, each offering a unique perspective to help you make an informed decision.

As a comprehensive tool for cloud security challenges, Tenable.io caters to various needs of businesses. It presents a robust solution for a wide range of enterprises, with an average customer size of 800 and a solid retention rate of 55.74% which signifies strong customer satisfaction.

Tenable.sc, formerly known as SecurityCenter, serves businesses with more complex cybersecurity needs. Offering solutions such as vulnerability management, attack surface management, and cloud security, it serves to a slightly larger average customer size of 900.

Tenable, classified under the IT & Security category as a cybersecurity tool, has achieved various market positions with each of their products. With Tenable.io obtaining a medium market share, demonstrating its strong presence in the cybersecurity field.

Pivotal to Tenable's offerings is their adherence to necessary compliance and security standards. The GDPR, ISO27001, and the DPA form the backbone of their regulatory compliances which should reassure businesses about their stringent data security practices.

Moreover, Tenable also implements advanced Multi-Factor Authentication (MFA) and Single Sign-On (SSO) capabilities that further enhance their security, facilitating secure yet convenient access for users across their platforms.

Lastly, the protection of Personally Identifiable Information (PII) forms an essential part of Tenable's commitment, showcasing their alignment with global data protection norms and providing assurance about their adherence to data security regulations.

Nessus and OpenVAS started as the open-source Nessus Project back in 1998 by Renaud Deraison and in 2005 Tenable (co-founded by Renaud) changed the Nessus version 3 license model to closed-source, looking to improve the solution by dedicating time and resources, and create a professional commercial product. Nessus was forked in 2005 to keep an open-source version alive, and in 2006 one of these forks was rebranded to OpenVAS . Since 2008 it is Greenbone Networks who develop and drive forward OpenVAS providing the feed of checks.

The numbers in the graphs above are purely on the number of CVEs that each scanner will detect. But what is the overlap between the CVEs detected by both scanners, and what about CVEs that are unique to each? In Figure 4 we can see that there is a considerable overlap in the detection of CVEs between OpenVAS and Tenable. However, Tenable checks for 12,015 CVEs which OpenVAS does not check for and OpenVAS checks for 6,749 CVEs which Tenable does not check for.

One of the striking differences is that Tenable will check for 258 additional critical vulnerabilities, that means OpenVAS can identify 4.6% fewer critical vulnerabilities than Tenable. Critical-rated vulnerabilities are the vulnerabilities that will often cause your IT/security staff to lose sleep and turn to drink.

So, in terms of coverage of checks for vulnerabilities when broken down by risk level Tenable wins at every risk level. But OpenVAS is still relatively close, and importantly we can see where it matters most - at the critical risk level.

But we can also see there are more remote checks for critical CVEs within Windows 10 from OpenVAS, this could be because Tenable have more checks specifically Windows 10 within their agent-based scanning.

Microsoft Exchange is the email and calendaring server software used by thousands of organizations across the globe. It is often exposed by organizations to the internet to allow for email to be received, and for remote users to access Outlook Web Access (OWA) and view their inboxes or calendar in a browser.

Accellion File Transfer Appliance (FTA) allows users to transfer large and sensitive files and there are 3 hosting models (private cloud, on-premises, and hosted). As of 30th April 2021, FTA is considered End of Life.

PrintNightmare is a vulnerability that affects the Print Spooler service on Windows, the vulnerabilities allow an attacker to execute code on affected systems. Usually, Windows systems do not have their SMB port exposed to the internet. There are 2 CVEs which are associated with PrintNightmare:

3a8082e126