TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
It's not a huge job to automate it. Everyone's requirements are different, and for me it's important that tools provide their output in a useful format that allows further processing. If you automate it to the point where all the data you're interested in gets into a central database without any user interaction, the only real difference is that you use normal database reporting tools rather than each tool's built-in tools. And I find that I'm always working with input from more than one source, so this works well for me. For any type of corporate situation, I think it's the way to go. Accioly, Daniel wrote: >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to >[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! >---------------------------------------------------------------------------- > >Very Interesting Ian! But the problem is that if a Scanning Tool cannot >provide a simple way of generating this kind of reports as a "buit-in >feature" its useless! > >I mean... what good does it make to perform a scan if you cannot >automatically compile the data generated in a way that you can identify the >vulnerabilities that have to be addressed? > >I trully belive that there is a HUGE difference between customizing reports >and being forced to create your own ones to be able to work. > >Well... thank you for your help and congratilations on a work well done on >your reports. I'm already trying to contact the local ISS people for >specific help, but I belive I'll have to find another way to assess the >vulnerabilities of my customer network. > >Sincerelly > >Daniel > >-----Original Message----- >From: Ian Shaffer [mailto:[EMAIL PROTECTED]] >Sent: sexta-feira, 12 de julho de 2002 11:16 >To: Accioly, Daniel; '[EMAIL PROTECTED]' >Subject: RE: Internet Scanner - Splitting machines is possible? > > >I don't think that there is any easy way to merge the databases and have >the IS reporting engine still generate the reports properly. > >We deal with it here by taking the Access databases from our IS scanning >agents all over the center and import them into one specially designed >integrated Access database. > > From there we make center wide reports that bring in other data types and >other scanning tool results and put all the data into the same security >reports. We can design new reports as necessary, then tweak them and >improve them until they give us just what we need. > >It's a lot of work, but I think it is the "wave of the future" for Security >Information Management. > >Look at what RealSecure and other security tools are starting to do, the >exact same thing. They are managing all sorts of security related data and >spitting it out into a wide variety of reports that are meaningful and >usable for a variety of users, from security professionals and >administrators to branch managers and center CIO's. > >At 10:58 AM 7/11/2002, Accioly, Daniel wrote: > >>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to >>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any >> >problems! > >>--------------------------------------------------------------------------- >> >- > >>Hello everybody, >> >> I have a question regarding the use of the Internet Scanner >>Database. >> >> While I was scanning my network, I decided to split the job >> >between > >>two machines to speed up the work (they are in separate networks and >>scanning different hosts). Now I have two databases (one in each machine) >>and I have to generate one single report. >> >> As I didn't find any way to export the scan results from one >> >machine > >>to another, I tried to merge the access databases manually importing the >>tables from the scan6db.mdb file without success... can anybody help me!? >> >>Thanks! >>____________________________________________ >>Daniel Accioly Rosa >>Consultant >>N&DCP - Global Network Services >>UNISYS Brazil >>Phone: 55+21-3804-5110 (Net 692-5110) >>Fax: 55+21-3804-5330 (Net 692-5330) >> > >............................................................................ >Ian Shaffer IT Security Engineer - GITSVST >Goddard IT Security Vulnerability Scanning Team >NASA Goddard Space Flight Center >Raytheon ITSS - Code 297 c.240.432.0435 >[EMAIL PROTECTED] w.301.286.9562 >............................................................................ >
