-
Notifications
You must be signed in to change notification settings - Fork 0
Overview
This is a high-level overview of what you can do with this project.
Invoke-Power-Nessie.ps1
Option 0. Use this script to configure an Elastic stack to properly ingest and visualize the Nessus scan data before ingestion.
- Check for Elasticsearch URL, Kibana Url, and elastic credentials
- Import Ingest Pipelines
- Import Index Template
- Import Saved Objects (Dashboards / Data Views)
- Create Elasticsearch API Key for Nessus data ingest
Option 1. Downloads scans from the Nessus My Scans folder (or custom folder) and move them to a different folder of your choosing for archival purposes.
- Downloads Nessus File
- Moves scan in the Nessus Web UI from the source folder (configurable) to the destination folder (configurable)
Note: The archive feature only works when the Nessus_Archive_Folder_Name (destination folder) is configured, otherwise, scans won't move in the Nessus Web UI. Not configuring the Nessus_Archive_Folder_Name is ideal for those that run re-occurring scans and are not constantly creating new scans.
Option 2. Parses a single Nessus XML report and imports it into Elasticsearch using the _bulk API.
Option 3. Parses multiple Nessus files from a provided directory.
Option 4. Automatically checks for any unprocessed .nessus files and ingest them into Elastic.
- Downloads .nessus files
- Moves Nessus scans from the source folder to the destination folder in the Nessus Web UI (Only when Nessus_Archive_Folder_Name is configured)
- Ingests .nessus files
- Adds hash of .nessus file to ensure the scan hasn't been processed
- Renames .nessus to .processed
Option 5. Purges the ProcessedHashes.txt file and renames any .processed file to their respective original file name so that the files may be processed again.
Option 6. Compare scan data between scans and export results into Elasticsearch as a new patch summary data stream.
Option 7. Export a PDF (Dashboard) or CSV (Discover Search) with data from Kibana using the POST URLs.
Option 10. (Hidden) Deletes the oldest scan found in the scan history. However, this is only supported with those that have Nessus Manager which is no longer available to purchase. This has not been tested but lives here for those that do have the APIs available and also for the hope that this API endpoint will be made available again to all Nessus users.
- Get Nessus API Keys Nessus Documentation.
- Download the latest release from here and extract to a directory of your choosing.
- Alternatively, to use the latest branch, clone this project to the directory of your choosing:
git clone https://github.com/nicpenning/Power-Nessie.git
- Setup Elasticsearch : Step by step instruction 👉🏻 Option 0 above!
- Run the Invoke-Power-Nessie.ps1 script supplying required variables for your use case and using the guided options.
- Watch the Nessus files get downloaded and then ingested into Elasticsearch - Resolve any issues along the way / Ask questions here.
To fully automate the ingestion on a daily, weekly, or monthly schedule you could create a scheduled task to have the Invoke-Power-Nessie.ps1 script kick off as needed.