Nessus report upload issue

[ghost]

Hi,
I'm trying to upload a nessus report through VulntoES. This is command that i run:
python VulntoES.py -i name.nessus -e 127.0.0.1 -r nessus -I nessus_report

The response is the follow:

Traceback (most recent call last):
File "VulntoES.py", line 433, in
main()
File "VulntoES.py", line 415, in main
np = NessusES(in_file,es_ip,es_port,index_name, static_fields)
File "VulntoES.py", line 56, in init
self.es.indices.put_mapping(index=index_name, doc_type="vuln", body=json.dumps(vulnmapping))
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 271, in put_mapping
'_mapping', doc_type), params=params, body=body)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 314, in perform_request
status, headers, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 161, in perform_request
self._raise_error(response.status, raw_data)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/base.py", line 125, in _raise_error
raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
elasticsearch.exceptions.RequestError: TransportError(400, u'mapper_parsing_exception', u'No handler for type [string] declared on field [svcid]')

best regard

[infsy]

I confirm this issue, have the same !

Our Nessus version is 7.0.0 and ElasticSearch is 6.1.0.

Regards

[splendid12]

Hi I am also having some issues

running the Elastic search version 5.6.8 and Nessus version 7.0.2

below is the output, can anyone provide some advise?

Thanks in advance...

python VulntoES.py -i netgear.nessus -e 127.0.0.1 -r nessus -I nessus_report
Sending Nessus data to Elasticsearch
Traceback (most recent call last):
File "VulntoES.py", line 433, in
main()
File "VulntoES.py", line 415, in main
np = NessusES(in_file,es_ip,es_port,index_name, static_fields)
File "VulntoES.py", line 25, in init
self.tree = self.__importXML()
File "VulntoES.py", line 63, in __importXML
return xml.parse(self.input_file)
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1182, in parse
tree.parse(source, parser)
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 657, in parse
self._root = parser.close()
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1665, in close
self._raiseerror(v)
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1517, in _raiseerror
raise err
xml.etree.ElementTree.ParseError: no element found: line 2109, column 34

[ach-eddine]

Hi All,
after some search, elasticsearch changed its mapping, to fix the issue you need to change the vulnmapping properties in the code, you can find below the correction to made :) :

vulnmapping = { "properties": { "pluginName": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, "ip": { "type": "ip", "fields": { "raw": { "type": "ip" } } }, "risk_factor": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, "severity": { "type": "integer" }, "port": { "type": "integer" }, "pluginFamily": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, "plugin_type": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, "svc_name": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, "svcid": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, "synopsis": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, "solution": { "type": "keyword", "fields": { "raw": { "type": "keyword" } } }, } }
it's work fine for me, I hope it works for you too :)

Regards,
Achraf