To protect your corporate network from threats and attacks, you should always perform a vulnerability test on your system. In order to fix them. So, as you can imagine, working with reports is very important for any SOC because it gives an overview of the vulnerabilities that may be on your system.
In this article, we are going to walk you through the tool we used to generate reports and scan vulnerabilities.
Table of contents for all posts.
- Introduction. Infrastructure and technology deployment for SOC as a Service (SOCasS)
- ELK stack - installation and configuration
- Walking through the open Distro
- Dashboards and ELK SIEM visualization
- Integration with WAZUH
- Alerting
- Making report
- Case Management
This article is divided into the following sections:
- Introduction
- Installing Nessus Essentials
- Installing VulnWhisperer
1. Introduction
The tools we will be using:
- VulnWhisperer : VulnWhisperer is a vulnerability management tool and reporting aggregator. VulnWhisperer will fetch all reports from various vulnerability scanners and create a file with a unique name for each one.
- Nessus Essentials ( Nessus Home) β Nessus.
2. Nessus
2.1- (www.tenable.com),
2.2 β Nessus
dpkg -i Nessus-8.10.0-ubuntu910_amd64.deb
/etc/init.d/nessusd start
service nessusd starthttps: // YourServerIp: 8834 Nessus Essentials.
2.3- Nessus
, , Nessus .
2.4- :
New Scan Basic Network Scan.
, :
3. VulnWhisperer
3.1- Python2.7
: VulnWhisperer Python2.7, Python .
3.2- VulnWhisperer
cd /etc/
git clone https://github.com/HASecuritySolutions/VulnWhisperer
cd VulnWhisperer/
sudo apt-get install zlib1g-dev libxml2-dev libxslt1-dev
pip install -r requirements.txt
python setup.py install
nano configs/ frameworks_example.ini, ( Nessus), Nessus:
3.3 β Nessus
*vuln_whisperer -F -c configs/frameworks_example.ini -s nessus*
*Reports will be saved with csv extension.Check them under: /opt/VulnWhisperer/data/nessus/My\ Scans/*
,
3.4- Cronjob Vulnwhisperer
Vulnwhisperer Nessus , cron. , . Kibana.
crontab βe:
SHELL=/bin/bash
* * * * * /usr/local/bin/vuln_whisperer -c /etc/VulnWhisperer/configs/frameworks_example.ini >/dev/null 2>&1
3.5- Elasticsearch
kibana Dev Tools :
3.6-
Kibana β Management β saved object β Import
kibana.json:
:
https://github.com/HASecuritySolutions/VulnWhisperer/blob/master/resources/elk6/kibana.json
( elk6 β . )
:
3.7 - Nessus Logstash
Nessys /etc/logstash/conf.d/:
cd /etc/VulnWhisperer/resources/elk6/pipeline/
cp 1000_nessus_process_file.conf /etc/logstash/conf.d/
cd /etc/logstash/conf.d/
nano 1000_nessus_process_file.conf
3.8- :
systemctl restart logstash elasticsearch
Vulnwhisperer.
:
: , .
,
.
, nessus csv, ELK, kibana.
https://medium.com/@ibrahim.ayadhi/reporting-f54e1ee84cf4
Elasticsearch
Telegram Chat DevOps and Security Telegram Chat