feat(nessus): import operating system from host info (plugin 11936)

Tester reported Nessus-only assets had no OS info in VulnCheck even though Nessus reports it on every scanned host (plugin 11936 'OS Identification' is included by default). The data was sitting in the host's 'info' dict but we ignored it. When a host is processed, asset.operating_system now gets populated from the first non-empty value of: info['operating-system'] info['operating_system'] info['os'] Nessus occasionally returns a list of guesses ("Microsoft Windows Server 2022 Standard\nMicrosoft Windows Server 2019 Datacenter"); we take the first line. Truncated to 255 chars to fit the column. Defensive: only fills when asset.operating_system is currently null. Wazuh-sourced assets already carry structured agent OS data and we deliberately do not clobber that with Nessus prose — Wazuh tends to be more accurate for the host where the agent runs. No schema change — operating_system column has existed since the initial migration.
2026-05-18 11:44:58 +02:00
parent 1d728d6e31
commit e7942d15e1
1 changed files with 18 additions and 0 deletions
@@ -232,6 +232,24 @@ def run_nessus_sync(
                    continue
                stats["hosts_synced"] += 1

+                # OS Identification (Nessus plugin 11936 + host info fields)
+                # Only fills when the asset row has nothing — Wazuh-sourced
+                # assets already carry structured agent OS data and we do
+                # not want to clobber that with Nessus's longer prose form.
+                if not asset.operating_system:
+                    os_label = (
+                        merged_info.get("operating-system")
+                        or merged_info.get("operating_system")
+                        or merged_info.get("os")
+                    )
+                    if isinstance(os_label, list):
+                        # Nessus sometimes returns multiple guesses — take the first
+                        os_label = next((x for x in os_label if x), None)
+                    if os_label:
+                        os_label = str(os_label).strip().splitlines()[0][:255]
+                        if os_label:
+                            asset.operating_system = os_label
+
                # Record one Scan row per host so Nessus runs appear in
                # the Scan-Jobs history (previously only Wazuh autoscan
                # populated this table). Status updated to COMPLETED /