nicpenning / nessus-es Goto Github PK

Currently, the export of scans by date is not functioning. Unsure why, but needs to be fixed so that a user can put in a date for Export_Day and export all of the scans from all scans on that day.

Currently, the ability to remove scans by history from the API requires Nessus Manager and does not work with Nessus Professional licenses.

Go vote here to see if we can bring back that API endpoint for Nessus Professional!

https://suggestions.tenable.com/ideas/NPRO-I-387

This project, while effective, is stale and needs great improvements to utilize the latest features of the Elastic stack. The following will greatly enhance this means of ingesting Nessus scan data.

• Remove PowerShell 5.1 Compatibility
• Remove Deprecated Templates
• Migrate to Data Stream
• Overhaul Dashboard
• Update Docs

Currently, host.os.name contains the same data as host.os.full which includes the version information. To be better compliant with ECS, we should us a simplified version of the OS in host.os.name.

This might be possible by using cpe-o in the xml data:
<tag name="cpe-0">cpe:/o:microsoft:windows_10:::x64-enterprise -&gt; Microsoft Windows 10 64-bit</tag>

But then only use the second part above which is Microsoft Windows 10 64-bit. Need to research if this is uniform across the data and implement.

Today we use this for both fields:
<tag name="operating-system">Microsoft Windows 10 Enterprise Build 19045</tag>

Right now there are three scripts that can be used for different purposes.

Extract...ps1 : Exports scans from Nessus
Automate...ps1 : Finds files to ingest into Elastic
Import...ps1 : Ingest nessus files into Elastic

The plan is to have a single script that can act as a wizard 🧙🏻‍♂️ or used for end to end automation 🤖.

This should also include the Elastic stack configuration features such as importing the templates, dashboards, pipelines, etc.

• Extract Nessus Files
• Ingest Nessus Files
• Automate Extraction and Ingestion
• Configure Elastic Stack

Consider the following change (works for me) in order to preserve the "vanity name" of the scan in the exported files.
Line 303
$exportFileName = Join-Path $Nessus_File_Download_Location $($($convertedTime | Get-Date -Format yyyy_MM_dd).ToString()+"-$($_.name)"+"-$scanId$($Export_Custom_Extended_File_Name_Attribute).nessus")

Hi dear
I installed nesses on Ubuntu 20.0.4 and ran Elasticsearch on another node and the command on my system.
I ran your code on my pc (windows10 ,powershell 7)
is my command is true ? (Nessus_File_Download_Location)
I do not understand these (-Nessus_Archive_Folder_Name , Export_Scans_From_Today , Export_Day)

.\Invoke-NessusTo-Elastic.ps1 -Nessus_URL "https://192.168.4.59:8834" -Nessus_File_Download_Location "D:\result-nessus" -Nessus_Access_Key "redacted" -Nessus_Secret_Key "redacted" -Nessus_Source_Folder_Name "/opt/nessus/var/nessus/users/Nessus/reports/" -Nessus_Archive_Folder_Name "Archive-Ingested" -Export_Scans_From_Today "false" -Export_Day "01/11/2024" -Export_Custom_Extended_File_Name_Attribute "scan" -Elasticsearch_URL "http://192.168.100.169:9200" -Elasticsearch_Index_Name "logs-nessus.vulnerability" -Elasticsearch_Api_Key "redacted:redacted"

And other questions is that i dont have the value that you mentioned as _scanner1 in (Export_Custom_Extended_File_Name_Attribute)