Unfortunately, my company is also facing a problem similar to this. We definitely like the product, and are very happy with the actual results, but the reports are pretty basic and lacking. Now don't get me wrong, I think it provides most of the information necessary to resolve the problems it detects, but for the less security- and technical-oriented, it's not the most comprehensive or easy to understand document. Anyone know of any tools, utilities, or scripts to make the reports a little better/easier to understand? One thing that would be of great benefit is a simple history document showing the changes (what's been fixed/what's new) from one scan to the next. I've been messing around with some basic scripting to try to do something like that, but unfortunately my scripting abilities are just that - basic. Any suggestions or assistance would be greatly appreciated.
--
Jared
"Ben Vaughn"
<bvaughn@Blackbird To: <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Tech.com> cc:
Sent by: Subject: RE: Report generator?
owner-nessus@list.
nessus.org
06/14/2002 08:49
AM
We use Nessus for most of the Vulnerability assessments that we perform
(unless a customer desires otherwise) and have decided the one feature
that is a drawback for "Nessus vs. ISS" or any other commercially
available vulnerability scanner is the lack of quality from generated
reports. With an ISS scan, the reports are generated in such a way that
very little modification is required to submit as a deliverable, but
with Nessus scan outputs, we usually have to index the worst of the
worst, make our own document, and bundle that with the report itself.
Nessus is definitely ahead of the curve with respect to the technical
aspects of the challenge (determine vulnerabilities quickly and
accurately), but as I've found with lots of other Open Source solutions,
the back-end that is presented to a customer is lacking.
Cheers,
Ben
------
Ben Vaughn
Security Analyst
Blackbird Technologies
703-796-1438 W / 703-868-5258 C
[EMAIL PROTECTED]
------
-----Original Message-----
From: Maria Magnusson [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 14, 2002 8:38 AM
To: [EMAIL PROTECTED]
Subject: Report generator?
Hi,
I am looking for a better interface to generate reports from Nessus.
Would like to select certain types of vulnerabilities etc. Am tired of
manually editing the output files.
Any hints where to find such an interface or do I have to write it
myself? :)
--Maria
(See attached file: Benjamin I Vaughn (Ben Vaughn).vcf)
(See attached file: smime.p7s)
Benjamin I Vaughn (Ben Vaughn).vcf
Description: Binary data
smime.p7s
Description: Binary data
