2 Replies Latest reply on Aug 8, 2019 8:56 AM by Liz Carpenter

    Anyone integrated Tenable's Nessus vulnerability s/w with FootPrints V11 to open tix?

    Liz Carpenter
      Share This:

      We would very much like to have Nessus send emails into FootPrints Version 11 to open Incident tickets for possible vulnerabilities on our desktops and laptops. One of the questions is how can we do a FootPrints cmdb "look up" of the machine name received from Nessus in order to populate the "owner" of the machine into the Customer Information tab and then the Address Book lookup should take over from there.  Nessus doesn't have the "owner" information but only has the machine name which is why we have to use the machine name to do a cmdb lookup.  Any information would be greatly appreciated.  Thanks!!

        • 1. Re: Anyone integrated Tenable's Nessus vulnerability s/w with FootPrints V11 to open tix?
          Jacque Donald

          This can be done, we do this ourselves.

          This is a solution that would work.

          The machine must have a ci record in the cmdb.

          Have tenable email FootPrints to create a ticket.

          In that ticket have a field that matches the same name as the name field in the ci record. (Let's say that field is just 'Name')

          Format that email to have tenable place the hostname in the email as Name='hostname'

          This will populate the ticket on creation from the email with the ci name in the name field.

          Have a business rule (on create or timed) that would find any ci where ticket field 'Name' equals ci record 'Name' field and then link the first record found.

          Now you have a ticket with the ci linked.

          In our world, we have a Primary Contact listed in the ci record, we have a few fields for this, Contact Name, Contact User ID and Contact Email. (This saves us from needing to link a contact because linking a contact with over 40k contacts in an address book is ridiculously slow)

          After the ticket is created, have some control field, like 'CI Data' that would be a drop down preferably, then set that to 'Unpopulated' by default.

          Have a timer job that looks for a record in an open status, that participates in the relationship that the ci linking is defined to for that record type, then in the action, copies over the contact details and sets that control field 'CI Data' to 'Populated' (to prevent looping).

          In the rule actions, copy the linked record field values for the contact owners details, and you have that data from there to use for further workflow rules and processes.

          The fields of course are just some generic values, but the idea is the same, just create the record by email and populate the machine name in the ticket, link the ci, and then you can copy any data after that ci is linked in a secondary rule, and then take whatever actions you want at that point...

          Hope that helps and makes sense.

           

          I typed all of this before realizing you mentioned FP 11, the email trick works for the field pop in 11 as well, but I cannot quite remember the rest of the details as you may actually have a smoother finished product in 11 versus 12...

          • 2. Re: Anyone integrated Tenable's Nessus vulnerability s/w with FootPrints V11 to open tix?
            Liz Carpenter

            Jacque Donald thanks SO much for your response.  This is very helpful information. 

            1 of 1 people found this helpful