From e7942d15e1ea8d787f71960f18a7b327c91d066d Mon Sep 17 00:00:00 2001
From: vulncheck <vulncheck@sdgdvcxvwer.aleeas.com>
Date: Mon, 18 May 2026 11:44:58 +0200
Subject: [PATCH] feat(nessus): import operating system from host info (plugin
 11936)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Tester reported Nessus-only assets had no OS info in VulnCheck even
though Nessus reports it on every scanned host (plugin 11936 'OS
Identification' is included by default). The data was sitting in the
host's 'info' dict but we ignored it.

When a host is processed, asset.operating_system now gets populated
from the first non-empty value of:
    info['operating-system']
    info['operating_system']
    info['os']

Nessus occasionally returns a list of guesses ("Microsoft Windows
Server 2022 Standard\nMicrosoft Windows Server 2019 Datacenter"); we
take the first line. Truncated to 255 chars to fit the column.

Defensive: only fills when asset.operating_system is currently null.
Wazuh-sourced assets already carry structured agent OS data and we
deliberately do not clobber that with Nessus prose — Wazuh tends to
be more accurate for the host where the agent runs.

No schema change — operating_system column has existed since the
initial migration.
---
 app/services/nessus_sync.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/app/services/nessus_sync.py b/app/services/nessus_sync.py
index 116f4ae..76f805c 100644
--- a/app/services/nessus_sync.py
+++ b/app/services/nessus_sync.py
@@ -232,6 +232,24 @@ def run_nessus_sync(
                     continue
                 stats["hosts_synced"] += 1
 
+                # OS Identification (Nessus plugin 11936 + host info fields)
+                # Only fills when the asset row has nothing — Wazuh-sourced
+                # assets already carry structured agent OS data and we do
+                # not want to clobber that with Nessus's longer prose form.
+                if not asset.operating_system:
+                    os_label = (
+                        merged_info.get("operating-system")
+                        or merged_info.get("operating_system")
+                        or merged_info.get("os")
+                    )
+                    if isinstance(os_label, list):
+                        # Nessus sometimes returns multiple guesses — take the first
+                        os_label = next((x for x in os_label if x), None)
+                    if os_label:
+                        os_label = str(os_label).strip().splitlines()[0][:255]
+                        if os_label:
+                            asset.operating_system = os_label
+
                 # Record one Scan row per host so Nessus runs appear in
                 # the Scan-Jobs history (previously only Wazuh autoscan
                 # populated this table). Status updated to COMPLETED /