Nessus Patch Management Integration Now Supports IBM Tivoli Endpoint Manager

by Paul Asadoorian
October 16, 2012

Nessus and SecurityCenter now support Tivoli Endpoint Manager (TEM) as a patch management platform in which patch-level information can be extracted for given scan targets.

Nessus Patch Management Support

We are pleased to announce new support for IBM Tivoli Endpoint Manager (TEM) for Patch Management (formerly known as BigFix). This new capability allows us to use the information gathered by TEM from systems where we may not have credentials or we’re unable to reach such systems over the network. The TEM integration is configured similarly to our integration with other patch management solutions where credentials and the server IP address/hostname are provided so Nessus can retrieve the patch information for the hosts targeted in the scan.

In addition to TEM, Nessus and SecurityCenter also integrate with the following popular patch and system management solutions:

  • Microsoft Windows Server Update Services (WSUS)
  • Microsoft System Center Configuration Manager (SCCM) 2007
  • Red Hat Network Satellite Server
  • VMware Go (formerly known as Shavlik)

In order to make use of this feature, be certain you've configured TEM properly. Refer to this discussion post for more information and instructions.

Configuring Nessus Integration with Tivoli Endpoint Manager

To enable this feature, create a Nessus scan policy and enable the Nessus plugin named "Patch Management: Tivoli Endpoint Manager Report."

Tem plugins sm

Click for larger image.

Also enable all plugins in the "Windows: Microsoft Bulletins" family.

Next, in the Preferences tab, select "Patch Management: IBM Tivoli Endpoint Manager" from the drop-down menu. Enter the IP address or hostname of your TEM system, the Web Report port, and valid credentials. If your server is configured to use SSL, be certain to check the "SSL" checkbox.

Tem config

When performing the scan, if Nessus is able to log in to the target host, the corresponding Nessus local patch-checking plugins will be run. This ensures the greatest level of accuracy for the check being performed.

If Nessus is unable to log in to the target host, and fingerprints such host as a Windows system, it will query the TEM for the patch information. If Nessus sees that the host is not being managed by the TEM solution, then it will report it as an unmanaged host.

This information will allow administrators to determine which hosts may be outside of the enforcement of policies configured in their patch and configuration management solution. Nessus will also identify the information source for the specific local check in the Plugin Output section:

Tem results sm

Click for larger image

Conclusion

Nessus’ ability to leverage the information from patch and configuration management solutions provides deeper insight into systems that may have been previously missed in scans. This added information also provides administrators a way to validate that all hosts are managed under their patch and configuration solutions, and that such solutions are providing the appropriate information.