Ingest .nessus files from Tenable's Nessus scanner directly into ElasticSearch with most of the ECS mappings.
%% Example of sequence diagram
sequenceDiagram
PowerShell->>Nessus: Downloads .Nessus File(s) via Nessus API
Nessus->>PowerShell: .nessus File(s) Saved Locally
PowerShell->>Elasticsearch: Ingest Parsed XML Data via Elasticsearch API
With some careful setup of your ElasticSearch cluster and a little PowerShell you can turn your .nessus files into this:
If you are looking for a more robust solution that handles many other vulnerability scanners try this project: https://github.com/HASecuritySolutions/VulnWhisperer
The Nessus-ES project is a simplified way of taking .nessus files and ingesting them into Elastic using PowerShell on Windows, Mac, or Linux*
*Never tested
Requirements
- Functioning ElasticSearch Cluster (7.0+, 7.16.2 Tested)
- PowerShell 5.0+ (7.0+ is recommended)
- .nessus File(s) Exported
- Add Index Template (How To)
- Add Index Pattern, Searches, Visualizations, and Dashboards
- Have coverage of ECS across as many fields possible.
- Add Documentation (Wiki)
- Add Automated Nessus File Download Script
- Add Detection Rules
- Add Setup Script (Template, Objects, API, etc..)
- Upgrade to ECS 1.12
- Revamp Dashboards to use Lens Visuals
- Create a release for easier deployment
Added Automated Download and Ingest capability - Check the Wiki!
ExtractFrom-Nessus.ps1 -> Automate-NessusImport.ps1 -> ImportTo-Elasticsearch-Nessus.ps1
Here are some other details from the dashboard not pictured above that could also be useful:
