Mensaje citado por aheckerat_private: > Folks, > > Been googling for an answer to this for a number of weeks now, but have had > no success, so I figured I'd toss it out to the forum & see what y'all > think. The nessus (-devel) lists are searchable at http://marc.theaimsgroup.com/ (more specifically http://marc.theaimsgroup.com/?l=nessus-devel&r=1&w=2) you might find it useful to go through the database integration development that is being implemented for nessus (in the USE_SQL CVS branch). It currently is possible to take the nessus reports and dump them to a database. See more on this below. > > I've been involved in doing vulnerability assessments (and penetration tests) > for some time now; I use *both* nessus and ISS Internet Security Scanner, but > have yet found a way to correlate and aggregate their information into one > comprehemsive document. The only thing I've seen that even purports to do > something like this is the HArris STATAnalyzer, but I can't get any real, > solid info on *it*, either. Since ISS's tool uses an SQL database (MSDE IIRC) to store the results you can dump the Nessus results into this same database (using the tools below) and work from there. Notice that since both Nessus and Internet Scanner do use a common vulnerability representation (i.e. CVE, cve.mitre.org) it is possible to generate reports with the information on vulnerabilities found by both scanners rather easily. You just need to understand both Nessus E/R schema (see below) and Internet Scanner's (read the documentation) to work useful SQL queries to correlate both information. Of course you can use third party products to correlate this information. But Nessus support might be lacking in those. > > Anyone have any pointers for me? It'd be much appreciated. > On the Nessus side: - For the database information: http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-core/doc/database/?hideattic=0&only_with_tag=NESSUS_SQL#dirlist - For the tool to extract the information: http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-tools/nessus-extract/?hideattic=0&only_with_tag=NESSUS_SQL Oh! And if you manage to do something please contribute it to the list :-) Regards Javier Fernandez-Sanguino Security Division Germinus ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 10:36:01 PST