I can tell you one good reason, in my eyes, for improved reporting capabilities for Nessus.
My company uses ISS and Nessus for our vulnerability scans. I've been working to get more free tools in place for our security folks (primarily Snort and Nessus for now). Management has to look at the results from the free tools and compare them to the commercial tools as a way of evaluating whether or not I get approval to use more free tools. With our current ISS setup, reports automagically get sent to users for them to deal with any high or medium priority problems. ISS reports cover fix information well enough for most of our user community to fix, and the help desk has sufficient knowledge to cover most of the remaining questions. Nessus doesn't offer reports that are clear and clean enough to do this. I don't think the Nessus development team needs to spend much time fixing the reporting capabilities, though - I agree that the nuts and bolts are more important. However, I do wish someone with the skills to do it (and I don't have the skills, or I would work on it) would come up with a better reporting tool. Just being able to select what information to print would be a big improvement. I like scanning for everything, but I often want only specific ports/vulnerabilities in reports. So, if anyone has anything or is planning on anything for better reporting, and would like input on it or help testing it, I'll volunteer my time. Randy Graham -- The Internet? Bah! Is that thing still around? -- Homer Simpson Duct tape is kind of like the force - it has a dark side and a light side, and holds the universe together. > -----Original Message----- > From: Tor Houghton [mailto:[EMAIL PROTECTED]] > Sent: Friday, June 14, 2002 10:46 AM > To: Jared Breland > Cc: [EMAIL PROTECTED] > Subject: Re: Report generator? > > > FWIW/IMHO/etc, > > I believe that the nessus team should concentrate on the nuts > and bolts > of the scanner. It is a free tool. Why spend time on > providing a snazzy > report generator so that a third party can make money on what > their teams > should be capable of doing themselves (manually or otherwise). > > Don't get me wrong; I'd love a nice report too, but I'd rather have a > working tool than great graphics. More often than not you > need to check > the results of whatever nessus gives you anyway. What then, > is the point > of a nice looking report, when the information in it is untrue? > > Best regards, > > > Tor Houghton > TBS Security / Nextra UK Ltd >
