TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
We've been using a highly customized MS Access database to ingest and report on Internet Scanner results for some time. But lately we've been talking about migrating to SQL/Crystal. Using our current Access system, we produce reports for our security community that are very detailed and rich with relevant information about various risks facing these systems far beyond that available from the reports in Internet Scanner alone. We start by importing all the vulnerabilities and services found on hosts scanned, along with the OS' and banners found by the IS tool. Then we import all the administrative information available in our center's registration database regarding the IP's scanned. Finally we collect, process and ingest total aggregate ARP information (TARP) from the network routers including IP & MAC addresses and time last seen trafficking on the network. We call it a Security Information Management Database and Reporting System. It has numerous applications and uses beyond just IT security. They include but are certainly not limited to asset management, policy making and policy enforcement, network analysis and management, IP address management and configuration management. Of course another huge advantage is the ability to quickly roll up center-wide numbers for management, in addition to producing low level reports for administrators, regarding vulnerabilities, services, OS's, owners, projects, contacts, (just about any data field), all from the same db/reporting engine. It also helps us deal with the false positives. Because we can use another security tool to scan for specific checks suspected as being false positives, we can then import that data to help weed out false positive results from IS. We also support waivering certain IP's from certain vulnerabilities showing on the reports that are either proven false positives or required services on the network. Our next step is migrating the whole thing to SQL and using Crystal as you mentioned. But licensing, funding, time and and such is very limited here at NASA. (Plus Access is cheap. ;-) Feel free to contact me if you want any more information or have any questions. At 04:04 PM 6/25/2002, Jason McCullough - Contractor wrote: >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to >[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! >---------------------------------------------------------------------------- > >Has anyone in the past ever bothered to make a tool that can copy certain >entries from a .html or rich text Crystal Reports generated by Internet >Scanner (Vulnerabilities by IP assessment) and spill it out into a >customizable database? > >Thanks > >Jason ............................................................................ Ian Shaffer IT Security Engineer - GITSVST Goddard IT Security Vulnerability Scanning Team NASA Goddard Space Flight Center Raytheon ITSS - Code 297 c.240.432.0435 [EMAIL PROTECTED] w.301.286.9562 ............................................................................
