those who use Nessus

Z0sickxZ0sickx Security+|CASP+|CISM|CISSPMember Posts: 177 ■■■□□□□□□□
Need some assistance from those you have been using Nessus, common problems you have had with the product. i have an interview and i could use some different angles in regards to troubleshooting Scanner issues

Comments

  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    I'm going to give you the benefit of the doubt and assume you want advice on how to answer the question, and not that you're asking for help on how to bullsh** your way through an interview for a job you're unqualified for.

    First of all, if the job is full-time direct hire they are looking more for how well you will fit with the rest of the team, how you will handle stressful situations, how you would solve problems, are you a good fit for the culture and team dynamic, etc. of course the technical questions are to test your knowledge but this is ONLY meant to verify that you are who you say you are in your CV/resume. If you aren't initially qualified as having the necessary tech skills and experience you won't get an interview. So the key point is, if you didn't put on your resume that you have worked with Nessus, stop worrying. They read your resume before interviewing you and they don't generally assume you have relevant experience that isn't on there. Just be honest in the interview. If I didn't have experience using Nessus but I've used another vulnerability scanner I'd tell them that. "I'm familiar with Nessus, but so far in my previous positions I've worked with Nexpose and Retina vulnerability scanners. The biggest difficulties I've had with vulnerability scanners are...... The most common issue I've heard among my peers with Nessus is ......"

    You could get more familiar with it by downloading the free version and doing some labs with it.

    If someone lies about or exaggerates their skills and experience on their resume, they deserve to be humbled in the interview and when I'm interviewing a candidate and I smell bullsh** from a candidate who seems to have fictionalized their resume that's when I go for blood with technical questions.

    Bottom line: be honest. Nothing worse than getting canned after a month or two because you're in way over your head.
  • E Double UE Double U Member Posts: 1,850 ■■■■■■■■■□
    Been using Nessus for 2+ years now and I have not run into any issues. *** knocks on wood ***
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • Z0sickxZ0sickx Security+|CASP+|CISM|CISSP Member Posts: 177 ■■■□□□□□□□
    No i do not need answers on how to bs my way into it, i have been using it for the last few years. i just wanted different perspectives from different users/environments, i do not want to assume i know everything.
  • Z0sickxZ0sickx Security+|CASP+|CISM|CISSP Member Posts: 177 ■■■□□□□□□□
    E Double U wrote: »
    Been using Nessus for 2+ years now and I have not run into any issues. *** knocks on wood ***

    oh come on i know you have had to troubleshoot issues with getting authenticated scans :P
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    Issue we haven't tackled yet but are looking into - getting Nessus agents on remote users' computers reporting into our intranet Nessus system. Might be easy, might not be, haven't looked into it yet, but it's on our 2016 agenda.
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    Z0sickx wrote: »
    No i do not need answers on how to bs my way into it, i have been using it for the last few years. i just wanted different perspectives from different users/environments, i do not want to assume i know everything.

    In my experience, Nessus works fine as long as you use authenticated scans, though if you have remote site connected via low-bandwidth links it's best to tune the settings to lower the # of simultaneous hosts, meter bandwidth usage, etc. Especially if doing unauthenticated scans.

    It's a bit of an asspain to reset/renew your activation codes every 3 months too. If you have renewed the license for a year, why make you reactivate with new keys every 90 days? Stupid.

    My main complaint with Nessus is the remediation reports are nowhere near as good as Nexpose. Nessus finds the vulnerabilities well, but leaves you all the legwork for running down the remediation instructions from Microsoft, Adobe, etc. Nessus does give you the links to the external sites, but Nexpose gives you everything you need in a report. Saves a ton of time.

    Tenable's customer support is very good though.
  • Z0sickxZ0sickx Security+|CASP+|CISM|CISSP Member Posts: 177 ■■■□□□□□□□
    Issue we haven't tackled yet but are looking into - getting Nessus agents on remote users' computers reporting into our intranet Nessus system. Might be easy, might not be, haven't looked into it yet, but it's on our 2016 agenda.

    have not had the opportunity to play with Nessus agents, and from what i have heard in production environments it works great
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    I am not sure how you are using Nessus now, but scripting via the API might be something that some sites have not yet looked into. I use a bit of Python to automatically generate and pull XML reports into Splunk and Powershell to run scans on occasion. The API is pretty powerful and fairly well documented.

    The other thing that goes with Vuln scanning in general, is that it is pretty easy to run a scan and kick out a 200 page report, but without a 3rd party tool or script, generating metrics is tricky with just Nessus Pro. Splunk works well for me, though I have seen some PowerShell and Python scripts out there as well.
  • Z0sickxZ0sickx Security+|CASP+|CISM|CISSP Member Posts: 177 ■■■□□□□□□□
    wes allen wrote: »
    I am not sure how you are using Nessus now, but scripting via the API might be something that some sites have not yet looked into. I use a bit of Python to automatically generate and pull XML reports into Splunk and Powershell to run scans on occasion. The API is pretty powerful and fairly well documented.

    The other thing that goes with Vuln scanning in general, is that it is pretty easy to run a scan and kick out a 200 page report, but without a 3rd party tool or script, generating metrics is tricky with just Nessus Pro. Splunk works well for me, though I have seen some PowerShell and Python scripts out there as well.

    i know manipulaing the tool through the API is very powerful, but thats more on the programming side of the house and I just don't quite understand/ haven't taken the time either to play with it
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Here is a good place to start:

    https://discussions.tenable.com/docs/DOC-1186

    Scripting via APIs isn't really programming, but it is very powerful. Most advanced gear comes with an API now - I use the API to script changes to our Palo Altos as well. Once you get the basics of how REST works, it isn't too bad to work with.
Sign In or Register to comment.