Introducing Nessus Auto-Close with Risk I/O

Ed Bellis    November 13, 2013
Our Latest Nessus Connector

Our latest Nessus connector auto-closes remediated vulnerabilities and tracks state.

One of the common issues with running multiple siloed scanners is tracking the state of vulnerabilities over time. Which vulnerabilities should be closed based on my subsequent findings (or lack thereof)? This problem can be exacerbated when centralizing these point scanners into a central repository such as Risk I/O. Our  Nessus connector now tracks the state of all reported vulnerabilities and auto-closes any that have been remediated.

With the latest updates to our Nessus connectors we address this problem, making managing state and programs much simpler. Now when you run your Nessus connector we analyze all of the plug-ins and scan policies used, as well as which assets were scanned in order to determine which vulnerabilities are no longer present as compared to previous scans. This works with both our Nessus API connector as well as our Nessus XML connector. When using the Nessus XML connector, just load the files in chronological order to ensure Risk I/O auto-closes correctly; for the Nessus API connector we’ll handle all of those details for you.

To fully automate the management of these Nessus findings, you can use the Risk I/O Virtual Tunnel to connect to your on-premise scanner and schedule and import findings automatically. From there, Risk I/O will analyze your findings via our processing engine matching them against any threats including exploits and breaches we observe across the Internet.

We’re big believers in automation in order to scale security programs, allowing your team to focus on fixing what matters. If you already have a Risk I/O account, give our new Nessus connector functionality a try. You’ll find it in the Connectors tab. If you don’t yet have an account, you can sign up and give it a whirl.

3 thoughts on “Introducing Nessus Auto-Close with Risk I/O

  1. David

    To clarify, are you going through the policy settings on follow up scans and validating that the newer scan includes the same (or equivalent) plugins before determining that a vuln is remediated?

  2. rhuberrhuber

    That is correct, we are looking for proof of absence. If an asset is scanned using an identical plugin and the vulnerability no longer present we will automatically close the vulnerability in Risk I/O.

Leave a Reply

Your email address will not be published. Required fields are marked *