Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Nessus Data Importer: Processing PID info crash, w...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I've just started poking around this app and I ran into a roadblock. I've tried using login info and API key and I get the same result. Here's what I see when I run the script:
./nessus2splunkjson.sh
Api keybased log in failed, double check the access and secret keys, reverting to session based login
Depending on the size of your scan this can take several hours/days
Processing Scan Name: fooserver.foo.com , scan_id: 378 , history_id: 379
Traceback (most recent call last):
File "nessus2splunkjson.py", line 301, in <module>
pi = get_pid_info(pid)
File "nessus2splunkjson.py", line 92, in get_pid_info
return dict((h['attribute_name'], h['attribute_value']) for h in data['attributes'])
TypeError: 'NoneType' object is not iterable
I'm not sure how to proceed from here. Any advice would be greatly appreciated. Thanks.
Jim
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran into this. There are plugins with no attributes. To work around this I added a new line to the nessus2splunkjson.py script at line 92:
if data['attributes'] is not None:
Here is what I have for lines 86-93.
#get plugin id info
def get_pid_info(pid):
data = connect('GET', '/plugins/plugin/{0}'.format(pid))
if data is not None:
if data['attributes'] is not None:
return dict((h['attribute_name'], h['attribute_value']) for h in data['attributes'])
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jmatthews_sovrn check out @spayneort most recent post, although the work around may work , the underlying issue might be with nessus app itself and not the import script. I would run nessusd -R to re-process plugins , otherwise you might be skipping over and not importing valuable data. Regardless, I will check with nessus to see if there can infact be an instance of a plugin without attributes, however I have yet to see this given your nessus is configured and operating correctly. If it turns out that plugins with no attributes is not normal .. I will look into building some sort of error checking into future versions. Thank you very much for bringing this issue up and your help is much appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That works too. I ran nessusd -R, took out the fix that @spayneort recommended, and reran. It's processing my scans now. So there's that. ; )
Thanks again.
Jim
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
awesome, dont forget to switch back to api keys, it works allot better with that method as authentication.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Example:
/plugins/plugin/66334
{
"attributes": null,
"family_name": "General",
"name": "Patch Report",
"id": 66334
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was on Plugin Set 201508201115. I ran nessusd -R to re-process the plugins. Now I am seeing attributes for 66334. There may have been corruption in my plugin database.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
interesting , i get a different outcome for plugin (66334) .. see below
is your version and pluginset the same as mine? (my plugins just updated as I started up)
6.4.2 (#34)
Plugin Set
201508210415
/plugins/plugin/66334
{
"attributes": [
{
"attribute_value": "patches_summary.nbin",
"attribute_name": "fname"
},
{
"attribute_value": "Patch Report",
"attribute_name": "plugin_name"
},
{
"attribute_value": "$Revision: 1.47 $",
"attribute_name": "script_version"
},
{
"attribute_value": "Install the patches listed below.",
"attribute_name": "solution"
},
{
"attribute_value": "None",
"attribute_name": "risk_factor"
},
{
"attribute_value": "The remote host is missing one or more security patches. This plugin\nlists the newest version of each patch to install to make sure the\nremote host is up-to-date.",
"attribute_name": "description"
},
{
"attribute_value": "all",
"attribute_name": "agent"
},
{
"attribute_value": "2013/07/08",
"attribute_name": "plugin_publication_date"
},
{
"attribute_value": "local",
"attribute_name": "plugin_type"
},
{
"attribute_value": "The remote host is missing several patches.",
"attribute_name": "synopsis"
},
{
"attribute_value": "2015/08/11",
"attribute_name": "plugin_modification_date"
}
],
"family_name": "General",
"name": "Patch Report",
"id": 66334
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran into this. There are plugins with no attributes. To work around this I added a new line to the nessus2splunkjson.py script at line 92:
if data['attributes'] is not None:
Here is what I have for lines 86-93.
#get plugin id info
def get_pid_info(pid):
data = connect('GET', '/plugins/plugin/{0}'.format(pid))
if data is not None:
if data['attributes'] is not None:
return dict((h['attribute_name'], h['attribute_value']) for h in data['attributes'])
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This worked for me. Awesome, thanks!
Jim
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jim , im sorry you are having this issue..
i have seen this before when its a new install of nessus , is it?
if it is, did you update the nessus plugins successfully without any errors?
if it is not a new nessus install, what is the nessus status of the scan you are trying to import? "fooserver.foo.com " is it "completed", "aborted", "canceled" etc.
regards
alain
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey
Thanks for the quick response!
This isn't a new install of Nessus. It's been running for a couple of months now. I am able to update the plugins successfully. For my 'fooserver.foo.com' scan, it is an On Demand scan that has completed successfully. I've tried it with other scans and I always get the same error.
Let me know if there's anything I can provide to help troubleshoot the issue. Thanks again.
Jim
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No worries, can you post your version for nessus and plugin sets? im also looking into @spayneort work around
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My version of Nessus is 6.4.3 (#35) and my plugin set is 201508201815. I was able to use @spayneort's workaround.
Thanks for your help with this!
Jim
.conf25 Global Broadcast: Don’t Miss a Moment
Observe and Secure All Apps with Splunk
What's New in Splunk Observability - August 2025
