DrZl0

ELK - Nessus plugins to Elasticsearch - PS script

Feb 23rd, 2021 (edited)
188
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Nessus plugins
  2.  
  3. #This Powershell script queries the Nessus Professional 8 API for plugin informations, format the JSON response and sends it at the #Logstash http input.
  4. #Installation
  5.  
  6. #Ip and port of Nessus and Logstash need to be set ; $nessusIP and $logstashIP
  7.  
  8. #API keys of Nessus and Logstash need to be set ; $xApiKey and $logstashAuth
  9.  
  10. # Ignore the self-signed certificates
  11.  
  12. if (-not("dummy" -as [type])) {
  13.    add-type -TypeDefinition @"
  14. using System;
  15. using System.Net;
  16. using System.Net.Security;
  17. using System.Security.Cryptography.X509Certificates;
  18.  
  19. public static class Dummy {
  20.   public static bool ReturnTrue(object sender,
  21.       X509Certificate certificate,
  22.       X509Chain chain,
  23.       SslPolicyErrors sslPolicyErrors) { return true; }
  24.  
  25.   public static RemoteCertificateValidationCallback GetDelegate() {
  26.       return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
  27.   }
  28. }
  29. "@
  30. }
  31. [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()
  32.  
  33.  
  34. # authentication header
  35. $xApiKey = ''              #<=============NessusAPIKey=============
  36. $headers = @{
  37.    "X-ApiKeys" = $xApiKey
  38.    "Accept" = "application/json"
  39. }
  40. $logstashAuth = ''  #<=============LogstashBasicAuth=============
  41. $headersLog = @{
  42.    "Authorization" = $logstashAuth
  43. }
  44.  
  45. $nessusIP = 'srv675m:8834'  #<=============Nessus=============
  46. $logstashIP = 'srv723l:8080' #<=============Logstash=============
  47.  
  48. # get all families
  49. $uri = "https://"+$nessusIP+"/plugins/families"
  50. $Result = Invoke-RestMethod -Uri $uri -Method GET -Headers $headers
  51. $j = 0
  52. $total = $Result.families.Count
  53. # for each family
  54. Foreach ($family in $Result.families){
  55.    $j += 1
  56.    Write-Progress -Activity "Nessus to Logstash" -PercentComplete (($j / $total)  * 100)
  57.    # get information on one family
  58.    $uri = "https://"+$nessusIP+"/plugins/families/" + $family.id
  59.    $Result = Invoke-RestMethod -Uri $uri -Method GET -Headers $headers
  60.    # for each plugin of the family
  61.    Foreach ($plugin in $Result.plugins){
  62.       # get information on the plugin
  63.       $uri = "https://"+$nessusIP+"/plugins/plugin/" + $plugin.id
  64.       $Result = Invoke-RestMethod -Uri $uri -Method GET -Headers $headers
  65.  
  66.       # format dictionary
  67.       $newAttLst = @()
  68.       foreach ($att in $Result.attributes) {
  69.          if($att.attribute_name -ne "plugin_modification_date" -and $att.attribute_name -ne "plugin_publication_date"){
  70.             $newAttLst += @{ $att.attribute_name = $att.attribute_value}        
  71.          }
  72.       }
  73.       # we remove the attribute list and add our newly formated one.
  74.       $Result.psobject.properties.remove('attributes')
  75.       $Result | Add-Member -MemberType NoteProperty -Name "attributes" -Value $newAttLst
  76.  
  77.       # send it to logstash
  78.       $JSON = $Result | ConvertTo-json
  79.       $uri = "https://"+$logstashIP
  80.       $empty = Invoke-WebRequest -uri $uri -Method POST -Body $JSON -UseBasicParsing -Headers $headersLog
  81.    }
  82. }
  83.  
  84.  
  85.  
RAW Paste Data