Troubleshooting
Problem
Performing a 'Scheduled Live Scan - JSON API' against Tenable Nessus, version 6 or later, may fail with the following error: 'Runtime error: HTTP Error [400] Retrieving Data'
Symptom
Check "error" in qradar.error for these events:
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] java.io.IOException: Server returned HTTP response code: 400 for URL:
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1639)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:23)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at com.q1labs.vis.scanners.nessus.AbstractApiConnector.getStreamFromApi(AbstractApiConnector.java:309)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at com.q1labs.vis.scanners.nessus.NessusJsonApiConnector.submitScan(NessusJsonApiConnector.java:141)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at com.q1labs.vis.scanners.nessus.NessusTaskModule.liveScan(NessusTaskModule.java:769)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at com.q1labs.vis.scanners.nessus.NessusTaskModule.scan(NessusTaskModule.java:354)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at com.q1labs.vis.scanners.base.ScannerModule.run(ScannerModule.java:219)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] at java.lang.Thread.run(Thread.java:798)
Dec 10 08:27:50 ::ffff:xxx.xxx.xxx.xxx [vis0.vis] [Nessus Scanner-355-worker] com.q1labs.vis.scanners.nessus.NessusTaskModule: [ERROR] [NOT:0000003000][xxx.xxx.xxx.xxx/- -] [-/- -]Abandoning scan task 172.21.0.15/32:1024, exceptions were thrown
Cause
Nessus Scan policies that were migrated from an earlier version of Tenable Nessus may not be automatically updated to include a unique identifier ('uuid'), which is required in Nessus version 6.0 and later.
Resolving The Problem
To resolve the issue create a new Scan Policy in Nessus, or edit the existing Policy.
Results: Nessus now returns results without the Run time error.
Where do you find more information?
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21992852