One of the common issues with running multiple siloed scanners is tracking the state of vulnerabilities over time. Which vulnerabilities should be closed based on my subsequent findings (or lack thereof)? This problem can be exacerbated when centralizing these point scanners into a central repository such as Risk I/O. Our Nessus connector now tracks the state of all reported vulnerabilities and auto-closes any that have been remediated.
With the latest updates to our Nessus connectors we address this problem, making managing state and programs much simpler. Now when you run your Nessus connector we analyze all of the plug-ins and scan policies used, as well as which assets were scanned in order to determine which vulnerabilities are no longer present as compared to previous scans. This works with both our Nessus API connector as well as our Nessus XML connector. When using the Nessus XML connector, just load the files in chronological order to ensure Risk I/O auto-closes correctly; for the Nessus API connector we’ll handle all of those details for you.
To fully automate the management of these Nessus findings, you can use the Risk I/O Virtual Tunnel to connect to your on-premise scanner and schedule and import findings automatically. From there, Risk I/O will analyze your findings via our processing engine matching them against any threats including exploits and breaches we observe across the Internet.
We’re big believers in automation in order to scale security programs, allowing your team to focus on fixing what matters. If you already have a Risk I/O account, give our new Nessus connector functionality a try. You’ll find it in the Connectors tab. If you don’t yet have an account, you can sign up and give it a whirl.