Tenable integration - requests library error

mrkitt

There is no firewall blocking rules (tested with telnet and curl), but logstash throws the following error and nothing else:
Requests Library Error: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
I tried to connect to nessus both through login/password and access/secret key. The error is the same. Also seems like api access to the specified account is not disabled, so I am stuck now

llewandowski

Hi,
We would like more detail information.
Could you run command below:

curl -XGET '127.0.0.1:9200/tenable/_search?q=' -u user:password

You will send me result please.

llewandowski

Hello,
We still waiting for answer for you.
We are the same time did deep analise and you can connect ELS to tenable.sc.
If you want connect directly to Nessus you can't.

Below screen from ELS with tenable.sc

mrkitt

Hi,
there is no index called just tenable, but tenable-2024.04 so I put it on my curl request
[root@siem_els ~]# curl -XGET '127.0.0.1:9200/tenable-2024.04/_search?q=' -u logserver Enter host password for user 'logserver': {"took":6,"timed_out":false,"_shards":{"total":2,"successful":2,"skipped":0,"failed":0},"hits":{"total":{"value":0,"relation":"eq"},"max_score":null,"hits":[]}}

Here what I see in discover

llewandowski

Hi,

Could you check set variable base_url from file main.py ?

Should be for example only IP:
base_url ="192.168.0.101"

mrkitt

The IP address in this variable is set correctly, I checked it twice

llewandowski

Hi,
Try to login via website to tenable.sc