Reporting
To mitigate your enterprise network from threats and attacks, you should always perform vulnerabilities’ test on your system. In order, to fix them. So, as you can imagine the reporting job is very important in any SOC because it will give an overview of the vulnerabilities that your system might have.
In this article we will give you an insight on the tool we have used in reporting and vulnerability scanning.
I encourage you all to check the previous article to have a better understanding of what we are going to discuss here.
This article is divided into these sections:
- Introduction
- Installing Nessus essentials
- VulnWhisperer installation
1.Introduction :
Tools we will be using:
- VulnWhisperer: VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one.
Project URL: https://github.com/HASecuritySolutions/VulnWhisperer
- Nessus essentials: Nessus Essentials (formerly Nessus Home) is a free version of the Nessus vulnerability scanner.
2.Installing Nessus essentials :
2.1- Download from official website ( www.tenable.com) , in our project we used this version:
2.2 — Installing Nessus :
dpkg -i Nessus-8.10.0-ubuntu910_amd64.deb
/etc/init.d/nessusd start
service nessusd start
Go to https://YourServerIp:8834 and choose Nessus Essentials
2.3- Start with Nessus
Copy the activation code , create an account and wait while Nessus prepares the files.
2.4-Launch your first scan:
Go to New Scan and select Basic Network Scan
Select your Target, save and launch:
3.VulnWhisperer installation:
3.1- Use Python2.7 :
NOTE : VulnWhisperer require Python2.7 , so we will changing our default Python version
3.2- Configure VulnWhisperer :
cd /etc/
git clone https://github.com/HASecuritySolutions/VulnWhisperer
cd VulnWhisperer/
sudo apt-get install zlib1g-dev libxml2-dev libxslt1-dev
pip install -r requirements.txt
python setup.py install
nano configs/ frameworks_example.ini
Choose the modules you want to enable (in our case we will just enable Nessus) and write your Nessus account credentials :
3.3 — Check Nessus Connection and Download report:
vuln_whisperer -F -c configs/frameworks_example.ini -s nessus
Reports will be saved with csv extension.Check them under: /opt/VulnWhisperer/data/nessus/My\ Scans/
If there is not a new report, you will see
3.4- Cronjob with Vulnwhisperer :
To make Vulnwhisperer check Nessus database and download reports periodically, we will add a cronjob. So, we will not need to execute this command manually any more. Newest reports will be added automatically to Kibana.
crontab -e
add this:
SHELL=/bin/bash
* * * * * /usr/local/bin/vuln_whisperer -c /etc/VulnWhisperer/configs/frameworks_example.ini >/dev/null 2>&1
3.5-Import Elasticsearch templates :
Go to kibana Dev Tools and add template :
File URL:
You will have now an index template
3.6- Import the Kibana visualizations
Go to Kibana → Management → saved object → Import
Import the kibana.json configuration :
Under VulnWhisperer/resources/elk6/kibana.json :
File URL:
https://github.com/HASecuritySolutions/VulnWhisperer/blob/master/resources/elk6/kibana.json
Now Under Dashboards , you have :
3.7 -Add Nessus Logstash configuration file
Copy Nessys logstash File in /etc/logstash/conf.d/ :
cd /etc/VulnWhisperer/resources/elk6/pipeline/
cp 1000_nessus_process_file.conf /etc/logstash/conf.d/
cd /etc/logstash/conf.d/
nano 1000_nessus_process_file.conf
Modify output
3.8- Restart your services and check your reports :
systemctl restart logstash elasticsearch
Now you should have a new index created for Vulnwhisperer
Go to Index pattern and check your fields number :
NOTE : refresh your index pattern to recognize all fields.
Finally Go to Dashboards and check your reports
You should have no errors in visualization.
Now , all of reports generated by nessus with csv extensions and will be sent automatically to your ELK Stack , so you can visualize them under kibana dashboards.
