Tenable Nessus/Tenable.io Connector Guide

How to obtain the Access Key and Secret Key from Tenable.io and Nessus. Also shows how to set up the associated connector in RiskSense.

Overview

Tenable® Nessus® is a widely deployed vulnerability scanner that can help detect malware and identify asset and asset configuration vulnerabilities. The RiskSense platform supports client connector configurations to provide scheduled uploads of Tenable Nessus vulnerability scan output. The RiskSense Integrations page records and displays the last time data from the Tenable Nessus connector was uploaded.

When data is pulled from a specific scanner connector, it uploads the last 30 days of scan data into the RiskSense platform. This is a default setting that cannot be adjusted. Once the data has been pulled, it is automatically added to the default group. As a reminder, if the data already exists in the platform, it will automatically be moved to the specific group.

Obtaining Vendor API Keys for Authentication

Using the Tenable Nessus connector requires users to have an API key. Depending on the scanner in use, you will need either a Tenable.io or Nessus API key.

Generating API keys for the Tenable.io Scanner

Tenable.io keys can be created/generated from Options in Tenable.io’s scanner dashboard. First, log in to the Tenable.io scanner dashboard and open the My Account menu by clicking your name/user icon.

Nessus Connector - Options Menu Location

On the My Account page, click the API Keys tab.

Nessus Connector - API Keys Tab

The API Keys tab provides information on using the Tenable.io REST API. Click the Generate button to create your API keys.

Nessus Connector - Generate Button Location

After clicking the Generate button, a warning window notifies you that any previously generated keys will no longer be valid after generating new API keys.

Nessus Connector - Generate API Keys Window

Click Generate to proceed with API key creation. (Otherwise, click Cancel to retain previously generated API key usage).

Following successful API key generation, the newly generated keys appear in the window above the Generate button.

Nessus Connector - API Key Location

Use these keys when setting up a new Tenable Nessus connector in RiskSense. Enter the Access Key in the connector’s Access Key field and the Secret Key in the connector’s Secret Key field.

Generating API keys for the Nessus Scanner

Nessus API keys can be created/generated from Options on the Nessus scanner’s menu bar. First, log in to Nessus and click the user icon in the upper-right section of the menu bar.

Nessus Connector - My Account Menu Option

In the pop-up menu, click My Account.

Nessus Connector - My Account Menu Option in Nessus

On the My Account page, click the API Keys tab in the menu panel.

Nessus Connector - API Keys Tab in Nessus

In the API Keys section, click the Generate button.

Nessus Connector - Generate Button Location in Nessus

Nessus displays a warning window notifying you that any previously generated keys will no longer be valid after generating new API keys. Click the Generate button.

Nessus Connector - Generate API Keys Window in Nessus

Following successful API key generation, the newly generated keys appear in the window above the Generate button.

Nessus Connector - Access and Secret Keys in Nessus

As with the Tenable.io API keys, you can use these keys when setting up a new Tenable Nessus connector in RiskSense. Enter the Access Key in the connector’s Access Key field and the Secret Key in the connector’s Secret Key field.

Connector Setup

After obtaining either a Tenable or Nessus scanner API key, create a connector in RiskSense.

To create a connector, log into RiskSense and navigate to the Automate > Integrations page.

Navigation - Automate - Integrations

Using the search bar in the upper-right corner of the Integrations page, type Nessus to find the connector.

Nessus Connector - Search for Nessus Connector

Click the Configuration button in either the Tenable.io or Nessus connector cards (select based on the API key generated in the previous section).

Nessus Connector - Configuration Button Location

In the new window under Connection, complete the required fields, as described below.

Nessus Connector - Connector Configuration Window

  • Name: The connector’s name. Displayed on the connector card.
  • URL: The Tenable Nessus URL.
  • Access Key: The Tenable Nessus access key created in the previous section.
  • Secret Key: The Tenable Nessus secret key created in the previous section.
  • Network: RiskSense network name (ingested data associated with this network).
  • SSL: Insert optional SSL certificate.

Click Test Credentials to verify if the credentials are correct and have access to make API calls to Tenable Nessus.

Nessus Connector - Test Credentials Button Location

Configure the desired schedule for the connector to retrieve results from the Tenable Nessus instance and optionally turn on Enable auto URBA (Update Remediation by Assessment) to automatically close findings when they have been resolved and no longer detected. Click Save to create the connector.

Nessus Connector - Save Button Location

Once saved, the connector is now visible on the Integrations page under Currently Configured Integrations.

Tenable.io/Nessus Data Mapping in RiskSense

The data from a Tenable/Nessus scan file is ingested into RiskSense as hosts and host findings. The scanner name associated with these scans is NESSUS. Scanner Name can be used as a filter on both the Hosts and Host Findings list views. 

Hosts Page

  • Asset data extracted from the scan file is shown in the Hosts list view.
  • Both IP address and hostname are extracted from the scan file.
  • In the Host Detail under the Sources section, the Scanner is listed as NESSUS.

Host Findings Page

  • All findings from the Nessus scan file are shown in the Host Findings view in RiskSense.

Severity Mapping

Nessus Severity and Value* Mapping to RiskSense CHMLI Scale
Critical - The plugin's highest vulnerability CVSSv2 score is 10.0. Critical
High - The plugin's highest vulnerability CVSSv2 score is between 7.0 and 9.9. High
Medium - The plugin's highest vulnerability CVSSv2 score is between 4.0 and 6.9. Medium
Low - The plugin's highest vulnerability CVSSv2 score is between 0.1 and 3.9. Low

Info - The plugin's highest vulnerability CVSSv2 score is 0.

- or -

The plugin does not search for vulnerabilities.
Informational

*Source: https://docs.tenable.com/tenableio/vulnerabilitymanagement/Content/Analysis/RiskMetrics.htm