Tenable management pack
Disclaimer
Use this management pack at your own risk. I accept no responsibility if it causes damage.
Intro
A simple little management pack to help you monitor Tenable Nessus.
This is my most advanced mp from an authoring perspective. It has two monitors with Recalculate Health capability and a registry discovery that can be used with the Trigger On Demand Discovery task.
Elements
Classes
- Tenable.Nessus.Class.Agent
Module Types
- Tenable.Nessus.DataSource.BaseData
- Tenable.Nessus.DataSource.DiscoveryData
- Tenable.Nessus.DataSource.SQLAccess. Update the SQL query as needed.
- Tenable.Nessus.ProbeAction.AgentStatus
- Tenable.Nessus.ProbeAction.SQLAccess. Update the SQL query as needed.
Monitor Types
- Tenable.Nessus.MonitorType.AgentInstall
- Tenable.Nessus.MonitorType.SQLAccess
Discoveries
All discoveries are enabled by default and run once a day.
- Tenable.Nessus.Discovery.Agent (trigger discovery capability).
Monitors
All monitors are enabled by default.
- Tenable.Nessus.Monitor.AgentInstall (recalculate health capability).
- Tenable.Nessus.Monitor.AgentService
- Tenable.Nessus.Monitor.SQLAccess (recalculate health capability).
Recoveries
All recoveries are enabled by default.
- Tenable.Nessus.Recovery.AgentService
Views
Notes
To test the Tenable.Nessus.Monitor.SQLAccess monitor I used these queries to create/delete the login and role. I can't remember if I had to do anything else 😞.
Create Windows login
CREATE LOGIN [LAB\ADMIN_VULNSCN_DB_RO_GG] FROM WINDOWS WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english]
Delete Windows login
DROP LOGIN [LAB\ADMIN_VULNSCN_DB_RO_GG]
Create Server role
CREATE SERVER ROLE svr_role_db_scanning AUTHORIZATION [SQLNam]
Delete Server role
DROP SERVER ROLE [svr_role_db_scanning]
Links
Issues
Changes
MP Name | MP Version | Change |
Tenable.Nessus.Monitoring.Views | 2024.3.28.0 | Initial release. |
Tenable.Nessus.Monitoring.Monitoring | 2024.4.5.0 | Initial release. |
Comments
Post a Comment