Patch Management Integration with Nessus Released
Today, Tenable Network Security announced integration between Nessus and a variety of patch management systems that will simplify scanning in cases where credentialed scans are difficult or impossible. The integration allows Nessus and SecurityCenter users to establish direct links to patch management systems. This simplifies patch audits as the systems in your environment do not all have to contain credentials in order to be scanned. You simply need to give Nessus credentials to your patch management server. This integration enhances compliance programs and helps eliminate confusion about the patch status of systems between IT operations and network security teams.
With Nessus patch management integration, you can:
- Retrieve patch manifests and status information from Red Hat® Network Satellite Server, Microsoft® Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM), and VMware® Go (formerly known as Shavlik).
- Quickly generate patch compliance reports in Nessus and SecurityCenter, based on the data returned from patch management systems. Presentation of records in the well-known Nessus format can speed auditors’ reviews, and simplify resolution of discrepancies between management systems.
- Retrieve accurate patch status information for systems that can’t be fully scanned by vulnerability assessment tools because of a lack of credentials. Credentials are only required for access to the patch management system.
- Retrieve patch status in environments where scanning is not available due to other constraints, such as limited networking.
- Help eliminate false positives caused by back ported patches in Red Hat Satellite environments.
This integration is available today in the case of Microsoft and VMware Go (Shavlik) systems, and is expected no later than Friday of this week for Red Hat. You’ll find the plugins in the ProfessionalFeed. Configuration documentation is available in the Patch Management Integration documentation. If working with patch management systems is a challenge for you, watch this space – I’ll be posting more details on how this integration works, and you can take advantage of it in your environment.
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Nessus
- Patch Auditing
- SecurityCenter