All Apps and Add-ons

Splunk Add-on for Nessus: No nessus_scan input with "TypeError: 'NoneType' object is not iterable"

katherine_garro
Engager

Hi,

We're having trouble getting the nessus_scan input working, while nessus_plugin does work.

Splunkd.log contains the following:

12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py" Traceback (most recent call last):
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 266, in <module>
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     main()
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 261, in main
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     run()
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 173, in run
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     collector.collect_scan_data()
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"   File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_data_collector.py", line 266, in collect_scan_data
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py"     sid_set = list(set([str(scan.get("id")) for scan in scans]))
12-14-2015 15:48:30.673 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py" TypeError: 'NoneType' object is not iterable

Has anyone else seen this before, and know how to fix or further debug?

Thanks!

1 Solution

jkat54
SplunkTrust
SplunkTrust

The error suggests that this code snippet is failing:

in nessus.py:
sid_set = list(set([str(scan.get("id")) for scan in scans]))

with error of "TypeError: 'NoneType' object is not iterable.

Which means "scans" is not an array... but instead its null / empty.

So i'm guess scans is populated by something else in the code, and it's blank because it's not able to populate itself. So i'd bet something is wrong with your configuration. Either a bad nessus host/server ip/name OR bad user/pass.

After reviewing the code, it appears the app is pulling any data from nessus. Can you please post your nessus.conf with sensitive changed to protect the innocent?

View solution in original post

jkat54
SplunkTrust
SplunkTrust

The error suggests that this code snippet is failing:

in nessus.py:
sid_set = list(set([str(scan.get("id")) for scan in scans]))

with error of "TypeError: 'NoneType' object is not iterable.

Which means "scans" is not an array... but instead its null / empty.

So i'm guess scans is populated by something else in the code, and it's blank because it's not able to populate itself. So i'd bet something is wrong with your configuration. Either a bad nessus host/server ip/name OR bad user/pass.

After reviewing the code, it appears the app is pulling any data from nessus. Can you please post your nessus.conf with sensitive changed to protect the innocent?

jkat54
SplunkTrust
SplunkTrust

im reviewing nessus.py now to see how the array named scans is populated

0 Karma

jkat54
SplunkTrust
SplunkTrust

nessus.py calls collector.collect_scan_data() in your NessusScanCollector specified in your nessus.conf. By default NessusScanCollector is nessus_data_collector.py. nessus_data_collector.py contains the following code that is throwing your error:

        is_hosts_empty = True
        for (sid, ascan) in ckpt_scans.items():
            if len(ascan.get("hosts", {})) > 0:
                is_hosts_empty = False
                break

        if is_hosts_empty:
            scans = self._collect_scans()
            sid_set = list(set([str(scan.get("id")) for scan in scans]))

Last line is where the error occurs. scans is empty , but it shouldnt even try this bit of code unless is_hosts_empty = True... So why is is_hosts_empty = True? Looks like the length of ascan.get("hosts",{})) is not greater than 0. So still looking into what ascan.get does... almost there.

0 Karma

katherine_garro
Engager

Hi,

Thanks for the quick response. I got to the same result as you, the account we were logging in with had no scan results. I would consider this a bug (the script should handle no results without throwing an exception and filling the error log), but glad it now works.

Regards,

0 Karma

jkat54
SplunkTrust
SplunkTrust

Glad I could help! Thanks for marking the answer. Look forward to seeing you around!

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...