About the connector
Nessus is the industry’s most widely deployed assessment solution for identifying the vulnerabilities, configuration issues, and malware that attackers use to penetrate your network or your customer's network.
This document provides information about the Nessus connector, which facilitates automated interactions, with a Nessus server using FortiSOAR™ playbooks. Add the Nessus connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list along with details of all the completed scans for a specified time duration, retrieving information about asset(s) that are associated with a specified scan, and retrieving information about the vulnerabilities associated with a particular asset.
Version information
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later
Compatibility with Nessus Versions: 6.4 and later
Installing the connector
For the procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the URL of Nessus server to which you will connect and perform the automated operations and credentials to access that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the Nessus connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server URL |
URL of the Nessus server to which you will connect and perform the automated operations. |
| Access Key |
Access Key that is configured for your account to access the Nessus server to which you will connect and perform the automated operations. |
| Secret Key |
Secret Key that is configured for your account to access the Nessus server to which you will connect and perform the automated operations. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| List Scans |
Retrieves a list along with the details of all the completed scans from the Nessus server, based on the time duration, such as 24 hours or last 3 days, you have specified. |
search_scans
Investigation |
| Trigger Scan |
Triggers a scan on the Nessus server based on the scan ID you have specified. |
launch_scan
Investigation |
| List Scan’s Assets |
Retrieves information about asset(s) that are associated with a particular scan from the Nessus server, based on the scan ID you have specified. |
get_endpoints
Investigation |
| List Asset’s Vulnerabilities |
Retrieves information about vulnerabilities that are associated with a particular asset from the Nessus server, based on the scan ID and host ID you have specified. |
get_vulnerabilities
Investigation |
| Get Vulnerability Information |
Retrieves information about vulnerabilities from the Nessus server, based on the scan ID, host ID, and plugin ID you have specified. |
vuln_details
Investigation |
| Get Plugin Information |
Retrieves information about a specific plugin from the Nessus server, based on the plugin ID you have specified. |
plugin_details
Investigation |
operation: List Scans
Input parameters
| Parameter |
Description |
| Completion Time |
(Optional) Time duration for which you want to retrieve a list along with details of all the completed scans from the Nessus server. For example, if you choose Last 24 Hours, then the details of all the scans that were completed in the last 24 hours will be retrieved from the Nessus server.
You can choose from the following options: Last 24 Hours, Last 3 Days, Last 5 Days, Last 7 Days, Last 15 Days, Last 25 Days, Last 30 Days, Last 50 Days, Last 60 Days, Last 90 Days, Last 120 Days, and Last 180 Days.
Note: By default, this option is set to Last 15 Days. |
Output
The JSON output contains a list along with the details of all the completed scans retrieved from Nessus, based on the time duration you have specified.
Following image displays a sample output:
operation: Trigger Scan
Input parameters
| Parameter |
Description |
| Scan ID |
ID of scan that you want to trigger on the Nessus server. |
| Targets |
(Optional) Targets that will be scanned instead of the default. Value for this field can be an array where each index is a target or an array with a single index of comma-separated targets.
For example, ['111.122.22.1', 'example.com'] |
Output
The JSON output contains the status of the trigger scan operation. The JSON output returns a Successmessage if the scan is triggered is successfully or an Error message containing the reason for failure. The JSON output also contains the UUID of the triggered scan.
Following image displays a sample output:
operation: List Scan's Assets
Input parameters
| Parameter |
Description |
| Scan ID |
ID of scan whose associated asset(s) information you want to retrieve from the Nessus server. |
Output
The JSON output contains information about the asset(s) associated with a specific scan retrieved from the Nessus server, based on the scan ID you have specified.
Following image displays a sample output:
operation: List Asset’s Vulnerabilities
Input parameters
| Parameter |
Description |
| Scan ID |
ID of scan whose associated asset-specific vulnerabilities information you want to retrieve from the Nessus server. |
| Host ID |
ID of host whose associated asset-specific vulnerabilities information you want to retrieve from the Nessus server. |
Output
The JSON output contains information about the asset-specific vulnerabilities retrieved from Nessus, based on the scan ID and host ID you have specified.
Following image displays a sample output:
operation: Get Vulnerability Information
Input parameters
| Parameter |
Description |
| Scan ID |
ID of scan whose associated vulnerabilities information you want to retrieve from the Nessus server. |
| Host ID |
ID of host whose associated vulnerabilities information you want to retrieve from the Nessus server. |
| Plugin ID |
ID of plugin whose associated vulnerabilities information you want to retrieve from the Nessus server. |
Output
The JSON output contains information about the vulnerabilities retrieved from the Nessus server, based on the scan ID, host ID, and plugin ID you have specified.
Following image displays a sample output:
operation: Get Plugin Information
Input parameters
| Parameter |
Description |
| Plugin ID |
ID of plugin whose details you want to retrieve from the Nessus server. |
Output
The JSON output contains information about the specific plugin retrieved from the Nessus server, based on the plugin ID you have specified.
Following image displays a sample output:
Included playbooks
The Sample - Nessus - 1.0.0 playbook collection comes bundled with the Nessus connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Nessus connector.
- Get Plugin Information
- Get Vulnerability Information
- List Asset’s Vulnerabilities
- List Scans
- List Scan’s Assets
- Trigger Scan
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
