Troubleshooting Risk Analyzer with Tenable

When retrieving against a Tenable instance you will want to tail  /var/log/firemon/sm/secmgr.log 


You should see this start with a string of "Begin Retrieval and parsing for Tenable Security Center". 

2018-10-26 10:26:00,052 [sched-worker-2] [INFO ] c.f.s.r.s.r.RetrievalScanDataParser      : Begin retrieval and parsing for Tenable Security Center
2018-10-26 10:26:00,061 [sched-worker-2] [INFO ] c.f.s.r.s.r.RetrievalScanDataParser      : Started parsing Vulnerability Definitions for Tenable Security Center
2018-10-26 10:26:00,083 [sched-worker-2] [INFO ] c.f.s.r.s.r.RetrievalScanDataParser      : Parsing Vulnerability Definitions for Tenable Security Center since last update 2018-10-25T10:26:00.039673-04:00[America/New_York]
2018-10-26 10:26:00,083 [sched-worker-2] [INFO ] .TenableSecurityCenterBulkScanDataParser : Bulk importing Tenable Vulnerability Definitions 0 through 10000

FireMon would need to know if there are custom defined vulnerability definitions or plugins.  These would not be supported and would cause this to fail.  If there are custom vulnerability definitions or plugins, the retrieval may fail with the following error "Error parsing Vulnerability Instance from Input Stream".  There should be an object name that the security team managing Tenable can help identify if this is a custom defined vulnerability or plug-in.   

2018-10-26 10:37:27,834 [sched-worker-2] [ERROR] c.f.s.r.s.r.RetrievalScanDataParser      : Error processing scan data for TRE DC (24) and Scan Vuln Data Source TENABLE_SECURITY_CENTER
java.lang.RuntimeException: Error parsing Vulnerability Instance from Input Stream

To view the total number of vulnerabilities from your scan data source Open your Browser's Developer Tools, navigate to Network, then navigate to Admin > Settings > Risk Analyzer. There should be a value of totalVulnDefs in the admin network call json properties located under "results"