Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tenable Security Center connector for Defense Center

I am trying to use the Tenable Security Center connector to provide vulnerability data to our Defense Center.

I am trying to use it on a CentOS 6.5 host. All the requisite perl modules installed are installed.

When trying to run the script it gives this results:

# ./SecurityCenter.pl -server XXX.XXX.XXX.XXX
Error loading plugin 'SecurityCenter': Type of arg 1 to keys must be hash (not hash element) at InputPlugins/SecurityCenter.pm line 383, near "})"
Type of arg 1 to keys must be hash (not hash element) at InputPlugins/SecurityCenter.pm line 384, near "})"
Type of arg 1 to keys must be hash (not hash element) at InputPlugins/SecurityCenter.pm line 385, near "})"
Compilation failed in require at (eval 26) line 1.

The instructions do not indicate that SecurityCenter.pm is supposed to be altered in any way, so I'm not sure how to approach this.

Everyone's tags (1)
2 REPLIES
New Member

I had the same issue on RHEL

I had the same issue on RHEL 6.5 with Perl v5.10.1

I was able to get past this error with the following patch to InputPlugins/SecurityCenter.pm:

383,385c383,385
<     foreach my $ID (keys $vulns->{$_}){
<       foreach my $proto (keys $vulns->{$_}{$ID}){
<         foreach my $port (keys $vulns->{$_}{$ID}{$proto}){
---
>     foreach my $ID (keys %{$vulns->{$_}}){
>       foreach my $proto (keys %{$vulns->{$_}{$ID}}){
>         foreach my $port (keys %{$vulns->{$_}{$ID}{$proto}}){

 

The script now seems to hang after it downloads the vulnerability data from SecurityCenter and tries to upload it to the Defense Center server.

New Member

Thanks for the hint - my

Thanks for the hint - my script would not run either until I made the above changes. Now I have another, possibly related, problem. I have access to vulnerability data for thousands of systems in Security Center, however only a few hundred systems are getting imported into SourceFire.

After the script runs, it prints the line "SecurityCenter JSON Vulnerability Request Identified 3,717 unique vulnerabilities on 345 systems". I traced that statement to this:

scalar keys(%{vulns})

I'm assuming the keys are the individual systems?

Has anyone run into this problem?

 

EDIT:  I get two [INFO] messages when running the script.

-- Use of uninitialized value $ceiling in numeric gt (>) at InputPlugins/SecurityCenter.pm line 310.

-- Use of uninitialized value in length at SFHostInputAgent.pm line 439.

447
Views
0
Helpful
2
Replies