Description:
This dashboard is intended make it easier to search the results from Nessus Security Center. It doesn’t require any additional addons.
<form>
<label>Nessus Scan Results</label>
<fieldset submitButton="true" autoRun="false">
<input type="checkbox" token="t_severity">
<label>Severity</label>
<choice value="Critical">Critical</choice>
<choice value="High">High</choice>
<choice value="Medium">Medium</choice>
<choice value="Low">Low</choice>
<prefix>(</prefix>
<suffix>)</suffix>
<initialValue>Critical,High,Medium,Low</initialValue>
<valuePrefix>severity.name=</valuePrefix>
<delimiter> OR </delimiter>
</input>
<input type="multiselect" token="t_scan_name">
<label>Scan Name</label>
<choice value="*">All</choice>
<fieldForLabel>Scan Name</fieldForLabel>
<fieldForValue>Scan Name</fieldForValue>
<search>
<query>sourcetype=tenable:sc:vuln $t_severity$"
| dedup scan_result_info.name
| rename scan_result_info.name as "Scan Name"
| table "Scan Name" |sort "Scan Name"</query>
<earliest>$t_time_selector.earliest$</earliest>
<latest>$t_time_selector.latest$</latest>
</search>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>scan_result_info.name="</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter> OR </delimiter>
<default>*</default>
</input>
<input type="radio" token="t_search_type" searchWhenChanged="false">
<label>Search Systems By</label>
<choice value="netbiosName">netbiosName</choice>
<choice value="ip">ip</choice>
<initialValue>netbiosName</initialValue>
</input>
<input type="multiselect" token="t_system_search">
<label>$t_search_type$</label>
<fieldForLabel>$t_search_type$</fieldForLabel>
<fieldForValue>formatted_$t_search_type$</fieldForValue>
<search>
<query>sourcetype=tenable:sc:vuln $t_severity$ $t_scan_name$
| dedup $t_search_type$
| eval formatted_$t_search_type$=$t_search_type$
| replace "*\\*" with "*\\\\*" in formatted_$t_search_type$
| table $t_search_type$, formatted_$t_search_type$
| sort $t_search_type$</query>
<earliest>$t_time_selector.earliest$</earliest>
<latest>$t_time_selector.latest$</latest>
</search>
<choice value="*">All</choice>
<delimiter> OR </delimiter>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>$t_search_type$=</valuePrefix>
<default>*</default>
</input>
<input type="checkbox" token="t_time_range">
<label>Publish Date Time Ranges</label>
<choice value="(plugin_age<=30)">< 30 days</choice>
<choice value="(plugin_age>=30 AND plugin_age<=90)">30-90 days</choice>
<choice value="(plugin_age>=90 AND plugin_age<=365)">90-365 days</choice>
<choice value="(plugin_age>=365)">>365 days</choice>
<delimiter> OR </delimiter>
<initialValue>(plugin_age<=30),(plugin_age>=30 AND plugin_age<=90),(plugin_age>=90 AND plugin_age<=365),(plugin_age>=365)</initialValue>
</input>
<input type="time" token="t_time_selector">
<label>Nessus Scan Age</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<title>Search Results</title>
<table>
<search>
<query>sourcetype=tenable:sc:vuln $t_system_search$ $t_severity$ $t_scan_name$ severity.id>0
| eval scan_time=strftime(lastSeen,"%m/%d/%y %H:%M:%S")
| eval plugin_age=tostring(now()-pluginModDate, "duration")
| eval pluginModDate=strftime(pluginModDate,"%m/%d/%y %H:%M:%S")
| rex field=plugin_age mode=sed "s/\+.*$//"
| where $t_time_range$
| table scan_time, netbiosName, ip, pluginID, pluginName, pluginInfo, scan_result_info.name, port, severity.name
|sort severity.name pluginName</query>
<earliest>$t_time_selector.earliest$</earliest>
<latest>$t_time_selector.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>
