search

mitre / heimdall_tools

DEPRECATED: A set of utilities for converting and working with compliance data for viewing in the heimdall applications
https://heimdall-tools.mitre.org
Other
35 stars 20 forks source link

Error running `nessus_mapper` against exported scan file from tenable.io #84

Closed pkaeding closed 3 years ago

pkaeding commented 3 years ago

I'm trying to import an agent scan triggered from tenable.io into Heimdall. I set up the scan in tenable as a compliance scan, targeting CIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1:

image

However, the mapping fails. I believe this is because there is no preference for sc_version.

Here is a version of the .nessus file, with the actual results redacted: https://gist.github.com/pkaeding/0d81bb5b3528c2ca61c949afd446b395

Is it possible to get this to work with a scan from tenable.io? Perhaps there is an option I need to set in the scan settings? Or something to pass to heimdall_tools?

docker run -it -v ~/Downloads:/share mitre/heimdall_tools nessus_mapper -x /share/CIS_Ubuntu_18.04_L2.nessus -o staging -V
Traceback (most recent call last):
    11: from /usr/local/bundle/bin/heimdall_tools:23:in `<main>'
    10: from /usr/local/bundle/bin/heimdall_tools:23:in `load'
     9: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/exe/heimdall_tools:14:in `<top (required)>'
     8: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
     7: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/command.rb:44:in `dispatch'
     6: from /usr/local/bundle/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
     5: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
     4: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
     3: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/cli.rb:54:in `nessus_mapper'
     2: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/cli.rb:54:in `new'
     1: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/nessus_mapper.rb:50:in `initialize'
/usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/nessus_mapper.rb:75:in `extract_scaninfo': undefined method `[]' for nil:NilClass (NoMethodError)
    12: from /usr/local/bundle/bin/heimdall_tools:23:in `<main>'
    11: from /usr/local/bundle/bin/heimdall_tools:23:in `load'
    10: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/exe/heimdall_tools:14:in `<top (required)>'
     9: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
     8: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/command.rb:44:in `dispatch'
     7: from /usr/local/bundle/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
     6: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
     5: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
     4: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/cli.rb:54:in `nessus_mapper'
     3: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/cli.rb:54:in `new'
     2: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/nessus_mapper.rb:50:in `initialize'
     1: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/nessus_mapper.rb:70:in `extract_scaninfo'
/usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/nessus_mapper.rb:78:in `rescue in extract_scaninfo': Invalid Nessus XML file provided Exception: undefined method `[]' for nil:NilClass (RuntimeError)
    11: from /usr/local/bundle/bin/heimdall_tools:23:in `<main>'
    10: from /usr/local/bundle/bin/heimdall_tools:23:in `load'
     9: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/exe/heimdall_tools:14:in `<top (required)>'
     8: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
     7: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/command.rb:44:in `dispatch'
     6: from /usr/local/bundle/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
     5: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
     4: from /usr/local/bundle/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
     3: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/cli.rb:54:in `nessus_mapper'
     2: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/cli.rb:54:in `new'
     1: from /usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/nessus_mapper.rb:46:in `initialize'
/usr/local/bundle/gems/heimdall_tools-1.3.40.3.gdd4e448/lib/heimdall_tools/nessus_mapper.rb:52:in `rescue in initialize': Invalid Nessus XML file provided Exception: Invalid Nessus XML file provided Exception: undefined method `[]' for nil:NilClass (RuntimeError)
rx294 commented 3 years ago

Hey @pkaeding, thank you for posting the issue. Would you be able to post a un-redacted tenable.io sample to a test instance? Need to validate if anything beyond sc_version is different.

Thank you.

pkaeding commented 3 years ago

Sure, here is a scan from a couple test instances: https://gist.github.com/pkaeding/6b321a6d86b2d06d1da9f51c92023e6a

rx294 commented 3 years ago

Thank you for the sample.