Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Nessus Scanner Overview

 

JSA can use a Nessus client and server relationship to retrieve vulnerability scan reports. You can also use the Nessus XMLRPC API or JSON API to access scan data directly from Nessus.

When you configure your Nessus client, you need to create a Nessus user account for your JSA system. A unique user account ensures that JSA has the correct credentials to log in and communicate with the Nessus server. After you create the user account, a connection test verifies the user credentials and remote access.

Note

Do not install Nessus software on a critical system due to the CPU requirements when scans are active.

Data Collection Options

The following options are available for data collection of vulnerability information from Nessus scanners:

  • Scheduled Live Scan--Live scans enable predefined scans to be started remotely over SSH in Nessus and the data is imported at the completion of the scan.

  • Scheduled Results Import--Static result files from completed scans are imported from a repository over SSH that contains the Nessus scan results.

  • Scheduled Live Scan - XMLRPC API--The XMLRPC enables predefined scans to be started remotely and actively collected by using XMLRPC API.

    The Nessus XMLRPC API is only available on Nessus servers and clients with software V4.2 - V5.x.

  • Scheduled Live Scan - JSON API --Enables predefined scans to be started remotely and actively collected by using JSON API.

    The JSON API is not available on Nessus servers and clients with software versions earlier than V6.0.

  • Scheduled Completed Report Import - XMLRPC API--Enables completed reports to be imported from the Nessus server using XMLRPC API.

    The Nessus XMLRPC API is only available on Nessus servers and clients with software V4.2 - V5.x.

  • Scheduled Completed Report Import - JSON API--Enables completed reports to be imported from the Nessus server.

    The JSON API is not available on Nessus servers and clients with software versions earlier than V6.0.

Server Certificates

Before you add a scanner, a server certificate is required to support HTTPS connections. JSA supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:

  • Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using Secure Copy (SCP) or Secure File Transfer Protocol (SFTP).

  • To automatically download the certificate to the/opt/qradar/conf/trusted_certificates directory, SSH into the Console or managed host and type the following command:

    /opt/qradar/bin/getcert.sh <IP_or_Hostname> <optional_port_(443_default)>