those who use Nessus

Need some assistance from those you have been using Nessus, common problems you have had with the product. i have an interview and i could use some different angles in regards to troubleshooting Scanner issues

Find more posts tagged with

Comments

renacido

I'm going to give you the benefit of the doubt and assume you want advice on how to answer the question, and not that you're asking for help on how to bullsh** your way through an interview for a job you're unqualified for.

First of all, if the job is full-time direct hire they are looking more for how well you will fit with the rest of the team, how you will handle stressful situations, how you would solve problems, are you a good fit for the culture and team dynamic, etc. of course the technical questions are to test your knowledge but this is ONLY meant to verify that you are who you say you are in your CV/resume. If you aren't initially qualified as having the necessary tech skills and experience you won't get an interview. So the key point is, if you didn't put on your resume that you have worked with Nessus, stop worrying. They read your resume before interviewing you and they don't generally assume you have relevant experience that isn't on there. Just be honest in the interview. If I didn't have experience using Nessus but I've used another vulnerability scanner I'd tell them that. "I'm familiar with Nessus, but so far in my previous positions I've worked with Nexpose and Retina vulnerability scanners. The biggest difficulties I've had with vulnerability scanners are...... The most common issue I've heard among my peers with Nessus is ......"

You could get more familiar with it by downloading the free version and doing some labs with it.

If someone lies about or exaggerates their skills and experience on their resume, they deserve to be humbled in the interview and when I'm interviewing a candidate and I smell bullsh** from a candidate who seems to have fictionalized their resume that's when I go for blood with technical questions.

Bottom line: be honest. Nothing worse than getting canned after a month or two because you're in way over your head.

E Double U

Been using Nessus for 2+ years now and I have not run into any issues. *** knocks on wood ***

Z0sickx

No i do not need answers on how to bs my way into it, i have been using it for the last few years. i just wanted different perspectives from different users/environments, i do not want to assume i know everything.

Z0sickx

E Double U wrote: »

Been using Nessus for 2+ years now and I have not run into any issues. *** knocks on wood ***

oh come on i know you have had to troubleshoot issues with getting authenticated scans :P

636-555-3226

Issue we haven't tackled yet but are looking into - getting Nessus agents on remote users' computers reporting into our intranet Nessus system. Might be easy, might not be, haven't looked into it yet, but it's on our 2016 agenda.

renacido

Z0sickx wrote: »

No i do not need answers on how to bs my way into it, i have been using it for the last few years. i just wanted different perspectives from different users/environments, i do not want to assume i know everything.

In my experience, Nessus works fine as long as you use authenticated scans, though if you have remote site connected via low-bandwidth links it's best to tune the settings to lower the # of simultaneous hosts, meter bandwidth usage, etc. Especially if doing unauthenticated scans.

It's a bit of an asspain to reset/renew your activation codes every 3 months too. If you have renewed the license for a year, why make you reactivate with new keys every 90 days? Stupid.

My main complaint with Nessus is the remediation reports are nowhere near as good as Nexpose. Nessus finds the vulnerabilities well, but leaves you all the legwork for running down the remediation instructions from Microsoft, Adobe, etc. Nessus does give you the links to the external sites, but Nexpose gives you everything you need in a report. Saves a ton of time.

Tenable's customer support is very good though.

Z0sickx

636-555-3226 wrote: »

Issue we haven't tackled yet but are looking into - getting Nessus agents on remote users' computers reporting into our intranet Nessus system. Might be easy, might not be, haven't looked into it yet, but it's on our 2016 agenda.

have not had the opportunity to play with Nessus agents, and from what i have heard in production environments it works great

wes allen

I am not sure how you are using Nessus now, but scripting via the API might be something that some sites have not yet looked into. I use a bit of Python to automatically generate and pull XML reports into Splunk and Powershell to run scans on occasion. The API is pretty powerful and fairly well documented.

The other thing that goes with Vuln scanning in general, is that it is pretty easy to run a scan and kick out a 200 page report, but without a 3rd party tool or script, generating metrics is tricky with just Nessus Pro. Splunk works well for me, though I have seen some PowerShell and Python scripts out there as well.

Z0sickx

wes allen wrote: »

I am not sure how you are using Nessus now, but scripting via the API might be something that some sites have not yet looked into. I use a bit of Python to automatically generate and pull XML reports into Splunk and Powershell to run scans on occasion. The API is pretty powerful and fairly well documented.

The other thing that goes with Vuln scanning in general, is that it is pretty easy to run a scan and kick out a 200 page report, but without a 3rd party tool or script, generating metrics is tricky with just Nessus Pro. Splunk works well for me, though I have seen some PowerShell and Python scripts out there as well.

i know manipulaing the tool through the API is very powerful, but thats more on the programming side of the house and I just don't quite understand/ haven't taken the time either to play with it

wes allen

Here is a good place to start:

https://discussions.tenable.com/docs/DOC-1186

Scripting via APIs isn't really programming, but it is very powerful. Most advanced gear comes with an API now - I use the API to script changes to our Palo Altos as well. Once you get the basics of how REST works, it isn't too bad to work with.