Tenable Nessus
runZero integrates with Tenable Nessus using two methods. For all versions of Nessus, runZero can import Nessus files (.nessus
) that were exported from your Nessus instance. Exports from Tenable Security Center are also supported. For Nessus Professional users, the runZero integration can pull scan data from the Nessus Professional API.
Getting started with Tenable Nessus
To use the Tenable Nessus integration, you’ll need to:
- Export vulnerability scan results as Nessus files.
- Import the Nessus files through the inventory pages.
Requirements
Before you can set up the Nessus integration:
- Verify that you have runZero Enterprise.
- Make sure you have access to the Nessus portal.
Step 1: Export vulnerability scan results
- Log in to Nessus with the account being used for the runZero integration.
- Open the scan results you want to be able to import into runZero.
- Choose Export > Nessus to download the scan results.
Step 2: Import the Nessus files into runZero
- Go to the Inventory page in runZero.
- Choose Import > Nessus scan (.nessus) from the list of import types.
- On the import data page:
- Choose the site you want to add your assets to, and
- Set the severity levels and minimum risk level to ingest. (Note: much of the host information provided by Tenable is from Info-level plugins, so if you only import higher levels of severity you may not see much information about assets not scanned by runZero.)
Step 3: View Nessus assets and vulnerabilities
After a successful sync, you can go to your inventory to view your Nessus assets. These assets will have a Tenable icon listed in the Source column.
The Nessus integration gathers details about vulnerabilities detected in addition to enriching asset inventory data. Go to Inventory > Vulnerabilities to view the vulnerability data provided by Nessus.
To filter by Nessus assets, consider running the following queries:
- View all Nessus assets:
source:Tenable
Click into each asset to see its individual attributes. runZero will show you the attributes gathered from the Nessus scan file.
Troubleshooting
If you are having trouble using this integration, the questions and answers below may assist in your troubleshooting.
Why is the Tenable Nessus integration unable to connect?
- Are you getting any data from the Tenable Nessus integration?
- Make sure to query the inventory rather than look at the task details to review all the data available from this integration.
- In some cases, integrations have a configuration set that limits the amount of data that comes into the runZero console.
- Some integrations require very specific actions that are easy to overlook. If a step is missed when setting up the intergration, it may not work correctly. Please review this documentation and follow the steps exactly.