Nessus Integration for DefenseStorm

to pull this repository and submodules:

git clone --recurse-submodules https://github.com/DefenseStorm/nessusScanResults.git

If this is the first integration on this DVM, Do the following: cp ds-integration/ds_events.conf /etc/syslog-ng/conf.d

Edit /etc/syslog-ng/syslog-ng.conf and add local7 to the excluded list for filter f_syslog3 and filter f_messages. The lines should look like the following:

filter f_syslog3 { not facility(auth, authpriv, mail, local7) and not filter(f_debug); };

filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news,local7); };

Restart syslog-ng service syslog-ng restart

Copy the template config file and update the settings cp nessusScanResults.conf.template nessusScanResults.conf

change the following items in the config file based on your configuration token console site

user = password = scanner = <comma separated list of scanners (no spaces) scan_list = scans.json (customize if needed)

Add these modules if they are not yet there: apt-get install python3-requests

Add the following entry to the root crontab so the script will run every day at 2am.

0 2 * * * cd /usr/local/nessusScanResults; ./nessusScanResults.py