-
Notifications
You must be signed in to change notification settings - Fork 1
Graphite
Graphite is badass. I love metrics and I love dashboards. Vanilla Nessus (i.e. not Nessus Security Center) doesn't offer a good way to chart scans. Graphite does.
This feature uses a TCP graphite listener. If you use a UDP listener and can't change that open an issue and I'll take a look at what would take to add it. (Alternatively, fork the project, add the feature, and send a pull request).
Graphite expects you to send it three things.
- The metric / path you're sending data to.
- The value to graph.
- The timestamp of the event you're graphing.
To send data to Graphite you need to use the --graphite-server and --graphite-metric flags. If you want to set your own timestamp you can use the --timestamp <s> flag to set the timestamp epoch style. If you don't it will default to the most recent midnight.
Right now, nessus-analyzer sends four statistics to graphite.
- The average CVSS base score.
- The average number of open ports per host.
- The percentage of hosts with at least one "high severity event"
- The number of events per host.
Over time you want 1, 3, and 4 to trend downwards. 2 isn't a bona fide risk measurement, but if the average number of ports per host goes up without an explanation you may want to investigate.
$ ./nessus-analyzer.rb --graphite-server graphite --graphite-metric security.scans.web_serversThis sends data to the graphite server under the security.scans.web_servers metric.