Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Nessus Scheduled Result Import

 

A scheduled results import retrieves completed Nessus scan reports from an external location.

A completed scan report can be stored on a Nessus server or a file repository. JSA connects to the Nessus server or file repository by using SSH and then imports completed scan report files. The reports are filtered by a defined regular expression or maximum report age. JSA supports imports of Nessus scan reports in .nessus format or scan reports that are exported to a Nessus output format, such as XML2.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Nessus scanner.
  5. From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
  6. From the Type list, select Nessus Scanner.
  7. From the Collection Type list, select Scheduled Results Import.
  8. In the Remote Results Hostname field, type the IP address or hostname of the Nessus client or server that hostsyour Nessus or XML2 scan result files.
  9. Choose one of the following authentication options:

    Option

    Description

    Login Username

    To authenticate with a user name and password:

    1. In the SSH Username field, type the user name to access the Nessus scanner or the repository that hosts the scan result files.

    2. In the SSH Password field, type the password that is associated with the user name.

    The password must not contain the exclamation mark (!) character. This character might cause authentication failures over SSH.

    Enable Key Authorization

    To authenticate with a key-based authentication file:

    1. Select the Enable Key Authentication check box.

    2. In the Private Key File field, type the directory path to the key file.

    The default directory for the key file is/opt/qradar/conf/vis.ssh.key. If a key file does not exist, you must create the vis.ssh.key file.

  10. In the Remote Results Directory field, type the directory location of the scan result files.

    The default directory path is ./.

  11. In the File Name Pattern field, type a regular expression (regex) to filter the list of files that are specified in the Remote Directory. All matching files are included in the processing.

    By default, the Report Name Pattern field contains .*\.nessus as the regex pattern. The .*\.nessus pattern imports all Nessus formatted result files in the remote directory.

  12. In the Max Reports Age (Days) field, type the maximum file age for your scan results file.

    Files that are older than the specified days and time stamp on the report file are excluded when the schedule scan starts. The default value is 7 days.

  13. To configure a CIDR range for your scanner:
    1. In the text field, type the CIDR range that you want this scanner to consider or click Browse to select a CIDR range from the network list.

    2. Click Add.

  14. Click Save.