I find the reporting in IS to be less than useful. At this point, I just
pull down the MDB file to my workstation and run my own set of
queries/reports within MS Access. And yes, we're also stung by the fact
that many checks require admin rights. In most environments, this is
probably not at all realistic. We've been really hampered in our
vulnerability management efforts by this.
I understand that different customers have different needs, but rather
than making a decision that just caters to one side, it would be far
better if both options were available so that those of us "on the ground"
can make the decision that best suits our environments: Can't risk a DoS?
Run the check that requires admin rights (or don't run the check). Risk is
acceptable? Run the check that actually goes out and *tests* the problem
at hand.
"Stephen Tihor" <[EMAIL PROTECTED]>
01/28/2003 05:19 PM
To: "Peterson, Brent (ISS Atlanta)" <[EMAIL PROTECTED]>
cc: Kyle R. Maxwell/EMPL/TX/Verizon@VZNotes, "Rouland, Chris (ISSAtlanta)"
<[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED], "Stephen
Tihor" <[EMAIL PROTECTED]>, "ISS XForce" <[EMAIL PROTECTED]>
Subject: RE: [ISSForum] ISS Security Brief: Microsoft SQL Slammer Worm
Propagation
That is very good news. Of course that does not help us with all the other
checks which are useless in the non-admin rights world.
What ever happened to my suggestions/request some time back about
includinginformationon how a check gets its results (versions tring test,
actual symptom test, login as admin and read registry, etc?) and some
pointers
on how to validate the many false positives we see?
We have been looking at scanning tools which provide all the info ISS does
plus
give details on what was seen and how it implies the problem and give
specific confirmation tests for each issue raised
still no one with the local annotations into their report files but the
ones
that produce ASCII output are definitely more useful there. Sadly ISS
seems
totally incapable of producing usefully parsable output for the large
site. so
its all ugly and ineffieient hadn work. makes me continue to long for
nessus
or heck ISS on UNIX with its nice ascii output reports.
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
