Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 030410.html (Request Expert securityfocus.com Support)

Re: Aggregating vulnerability report data?

From: Javier Fernández-Sanguino Peña <jfernandez(at)germinus.com>
Date: Fri Mar 14 2003 - 12:27:48 EST

Mensaje citado por ahecker@evilscientist.com:

> Folks,

The nessus (-devel) lists are searchable at http://marc.theaimsgroup.com/ (more specifically http://marc.theaimsgroup.com/?l=nessus-devel&r=1&w=2) you might find it useful to go through the database integration development that is being implemented for nessus (in the USE_SQL CVS branch).

It currently is possible to take the nessus reports and dump them to a database. See more on this below.

>
> I've been involved in doing vulnerability assessments (and penetration tests)

Since ISS's tool uses an SQL database (MSDE IIRC) to store the results you can dump the Nessus results into this same database (using the tools below) and work from there. Notice that since both Nessus and Internet Scanner do use a common vulnerability representation (i.e. CVE, cve.mitre.org) it is possible to generate reports with the information on vulnerabilities found by both scanners rather easily.

You just need to understand both Nessus E/R schema (see below) and Internet Scanner's (read the documentation) to work useful SQL queries to correlate both information.

Do you need help?X

Of course you can use third party products to correlate this information. But Nessus support might be lacking in those.

>
> Anyone have any pointers for me? It'd be much appreciated.

On the Nessus side:
- For the database information:
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-core/doc/database/?hideattic=0&only_with_tag=NESSUS_SQL#dirlist - For the tool to extract the information: http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-tools/nessus-extract/?hideattic=0&only_with_tag=NESSUS_SQL

Oh! And if you manage to do something please contribute it to the list :-)

Regards

Javier Fernandez-Sanguino
Security Division
Germinus  


Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html Received on Fri Mar 14 13:36:27 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:34 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library