Fortinet black logo

External Systems Configuration Guide

Nessus Vulnerability Scanner

Tenable Nessus Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Nessus API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "nessus" in the Description and Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In RESOURCE > Reports , search for "nessus" in the Description column to see the reports associated with this device.

Configuration

Nessus API

Create a user name and password that FortiSIEM can use as access credentials for the API. Make sure the user has permissions to view the scan report files on the Nessus device. You can check if your user has the right permissions by running a scan report as that user.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections and Setting Credentials and Testing Credentials and API Event Collection in the User Guide.

Settings for Access Credentials

Settings for Nessus Vulnerability Scanner API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your Nessus Vulnerability Scanner over the API.

SettingValue
Name<set name>
Device Type-Tenable Nessus Security Scanner
-Tenable Nessus6 Security Scanner
-Tenable Nessus7 Security Scanner
-Tenable Nessus8 Security Scanner
Access Protocol-Nessus API
-Nessus6 API
-Nessus7 API
-Nessus8 API
Pull Interval (minutes)5
Port8834
User Name (for Nessus and 6)A user who has permission to access the device over the API
Password (for Nessus and 6)The password associated with the user
Access Key (for Nessus7 and 8)Obtain the Access Key from Nessus
Secret Key (for Nessus7 and 8)Obtain the Secret Key from Nessus

Tenable Nessus Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Nessus API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "nessus" in the Description and Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In RESOURCE > Reports , search for "nessus" in the Description column to see the reports associated with this device.

Configuration

Nessus API

Create a user name and password that FortiSIEM can use as access credentials for the API. Make sure the user has permissions to view the scan report files on the Nessus device. You can check if your user has the right permissions by running a scan report as that user.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections and Setting Credentials and Testing Credentials and API Event Collection in the User Guide.

Settings for Access Credentials

Settings for Nessus Vulnerability Scanner API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your Nessus Vulnerability Scanner over the API.

SettingValue
Name<set name>
Device Type-Tenable Nessus Security Scanner
-Tenable Nessus6 Security Scanner
-Tenable Nessus7 Security Scanner
-Tenable Nessus8 Security Scanner
Access Protocol-Nessus API
-Nessus6 API
-Nessus7 API
-Nessus8 API
Pull Interval (minutes)5
Port8834
User Name (for Nessus and 6)A user who has permission to access the device over the API
Password (for Nessus and 6)The password associated with the user
Access Key (for Nessus7 and 8)Obtain the Access Key from Nessus
Secret Key (for Nessus7 and 8)Obtain the Secret Key from Nessus