#How to use nessus api update
First, Nessus is creating a new policy using an update request instead of the add request defined in the API. Reviewing the POST request from the Nessus web interface in Burp was not helpful. My first idea was to review how the web interface creates a request.
#How to use nessus api how to
The policy must be submitted with a defined list of server preferences, plugin preferences, and the plugin list (all of which can be obtained via other API calls).” It does not provide specific examples of how to structure the plugin information. Unfortunately the documentation states “This function creates a new policy with scan options specified. Origin: User-Agent: Mozilla/5.0 (Windows NT 6.1 WOW64) AppleWebKit/536.5 (KHTML, like Gecko)Ĭontent-type: application/x-www-form-urlencoded The example POST request in the documentation shows how to use the API.
The Nessus API has a method for creating a policy, defining the setting on it and even setting up the plugins for the policy. Nessus v5 has an API for interfacing with it, but the process for making a new policy with disabled plugins is not clearly defined in the documentation. Since Nessus releases new plugins all the time, the enabled plugins need to be reevaluated when a new profile is built. Periodically, a new Nessus profile needs to be created that has selected plugins disabled based on filter criteria. I recently found myself creating a policy in Nessus manually in a way that should be automated.