Importing of ACAS/Nessus scans for patch mgmt

[degthat8412]

Need the ability to import Nessus scans for patch vulnerability identification

[Cingulara]

Need to know how that information would be added, what the structure is, several examples, and how that would be matched to whatever host and whatever checklist type.

[degthat8412]

Working that info to add to this. Just putting in place holders when I have the idea, like we talked about.

[Cingulara]

Roger that. I should say sanitized examples.

[degthat8412]

I have a test laptop, that I can fill out some checklists. Then complete scap scans and provide both. David Gould Tutela

[Cingulara]

The Nessus scan goes with the SYSTEM, not any checklist. So we need to record the System information with the checklists separately w/ a link. And then add the Nessus scan and other info to that record. The Nessus scan file XML raw data will be saved, and then we can export as a CSV / PDF report as needed as this grows and evolves.

The data in the XML file needs to be put into a CSV such as the below image and filtered.

For each ReportItem record under the Report host you have code like this to parse and put into a CSV/XLSX:

<ReportItem port="445" svc_name="cifs" protocol="tcp" severity="0" pluginID="110095" pluginName="Authentication Success" pluginFamily="Settings">
<description>Nessus was able to execute credentialed checks because it was possible to log in to the remote host using provided credentials, no access or privilege issues were reported, and no subsequent failures were reported for the successful credentials.</description>
<fname>authenticated_hosts.nasl</fname>
<plugin_modification_date>2018/10/02</plugin_modification_date>
<plugin_name>Authentication Success</plugin_name>
<plugin_publication_date>2018/05/24</plugin_publication_date>
<plugin_type>summary</plugin_type>
<risk_factor>None</risk_factor>
<script_version>1.14</script_version>
<solution>n/a</solution>
<synopsis>Nessus was able to log in to the remote host using the provided credentials. No issues were reported with access, privilege, or intermittent failure.</synopsis>
<plugin_output>
Nessus was able to log in to the following host as acasadmin
with no privilege or access problems reported:

  Protocol        : SMB
  Port            : 445</plugin_output>
</ReportItem>

There will be a separate ticket for the System information required.

[Cingulara]

That goal it to save the XML into a field w/ the System, then show it via the web interface and export it to XLSX as well.

This would be on a "system" page that has yet to be built so we need to build the system page, show all relevant information, and make the "checklist" page into that landing spot for systems.

[Cingulara]

Basically have a list of items you read from the XML, similar to controls and such, and match it to the XML data read in. You will need the following data:

• report host IP
• pluginID
• pluginName
• pluginFamily
• severity 0 = Info, 1 = Low, 2 = Moderate, 3 = High, 4 = Critical

[Cingulara]

Need to see the relationships in the XML more per server and to find the Host Totals and Totals to finalize this requirement and get it spec'd out.