Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Nessus Installation and Configuration

Overview

We are providing you with the steps to integrate your Nessus with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log forwarding.

Steps of Configuration

  1. Follow the instruction given in below link to install Nessus on your system
    https://lifehacker.com/how-to-use-nessus-to-scan-a-network-for-vulnerabilities-1788261156

  2. Choose Nessus and Nessus Manager option from downloads

     

  3. After installation allow your CCE server to communicate with your system from Firewall settings

  4. Accessing your Nessus on Server IP

    1. By default your nessus will be accessible at https://127.0.0.1:8834, to make it accessible from other servers at your system’s IP Login to your Nessus portal

    2. Go to setting >> Advance settings

    3. Find server IP option , put the server IP and save the settings

    4. The portal will need a reboot to apply the changes , afterwards you will able to access the portal from given IP at https://<server_ip>:8834

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Log in to UI >> SYSTEM

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Using CCE SERVER

sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be running on the CCE server to check whether or not we are getting logs.

 

Seceon Inc. All rights reserved. https://www.seceon.com