Tuesday, May 16, 2023

Vulnerability Management - Nessus Knowledgebase

A Knowledgebase (KB) is created for each target during a Nessus scan. When a plugin collects information that needs to be "shared" with other plugins it is stored in the KB for that host. The KB can be found for a specific host in the Host Details section of the scan results reached by drilling down on that host.


Note: Nessus also collects a global KB that shares information not only between different scripts but between different hosts.


KBs are in the following format:

timestamp data_type key=value

-> timestamp: Epoch time representing when a scan completes

-> data_type: 1 is for strings, 3 is for integers


For e.g. 1475164035 3 portscanner/14272/Ports/tcp/1334=1


There are several functions used by plugins to read or write information to the KB:


1. set_kb_item(): Adds a new item in the host knowledge base. The value can either be a string or an integer. If an item with the same name already exists in the KB, it's unaffected as the KB can have the same key listed multiple times.


2. set_global_kb_item(): Adds a new item in the global knowledge base. The value can either be a string or an integer. If an item with the same name already exists in the KB, it's unaffected as the KB can have the same key listed multiple times.


3. replace_kb_item(): Same as set_kb_item() except it will replace the value found in the key.


4. get_kb_item(): Fetches the value of the key in the KB (all of them if more than one exists) and returns the result.


5. get_global_kb_item(): Fetches the value of the key in the global KB (only the first value if more than one exists) and returns the result.


6. rm_kb_item(): Deletes a KB entry. If multiple entries exist, specifying a value makes the function only delete the entry for that specific value.


7. get_kb_list(): Returns the list of values for KB keys matching a certain pattern (e.g. "SMB/Registry/*")


8. get_global_kb_list(): Same as get_kb_list but for the global KB.


Please refer the below link for more information:

https://community.tenable.com/s/article/What-is-the-Nessus-Knowledgebase-KB


Happy Learning !!

 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Vulnerability Management - Understanding vulnerability posture

Understanding the vulnerability posture of an organisation at a basic level helps you drive remediation efforts. So, I don't know what t...