Integrating Nessus 3x with EventSentry

Exporting a Scan (Step 1 of 4)

Introduction

Nessus is a comprehensive open-source vulnerability scanning program. It consists of nessusd, the Nessus daemon (which does the actual scanning), and nessus, the client, which presents the results to the user. Nessus is currently available for Linux, FreeBSD, Solaris, Mac OS X, and Windows.

Starting with version 2.71, EventSentry supports Nessus Integration via the Web Reports. This tutorial will outline the steps required to import Nessus information into your EventSentry database. In our example we are using the "NessusWX - a Nessus Client for Win32" connected to a Linux host running Nessus v3.0.

Exporting NBE file

After completing a Nessus scan you will have the option to view the results. In order for us to make good use of the this data and put it in proper context, we can export this information and import it into the EventSentry database. So the first step is to Export the scan information to an NBE file which we can then import into our database. Future versions of EventSentry will also support the XML format in addition to the NBE format.

In this case, I ran a scan that checked the host HORNET for vulnerabilities, so I will export the scan as hornet.nbe to keep things simple.

Please note that Nessus 3.x can neither export vulnerability scan results in the required NBE format, nor can you schedule vulnerability scans with it. We highly recommend that you download the free NessusWX utility, which will let you export scan results to NBE files.

If you are using a client other than NessusWX, then you will have to refer to the software documentation to determine how to export the scan results in the NBE file format. Please note that not all utilities support the NBE format.

*This tutorial has also been tested with NessusWX 1.4.5d connected to Tenable Nessus 3 for Microsoft Windows.