We have been using ISS Internet scanner and nessus (among other tools), and we would like to start combining, and where appropriate, moving tests from Internet scanner to nessus. We have a large Internet scanner policy, and instead of going through it by hand, I was wondering if anyone had a good correlation of Internet scanner and nessus reports? I tried using the CVE's, but that only gets us so far, we still have over 300 test to try and correlate, and the CVE's do not map to X-Force numbers (and Internet scanner tests) very well.
Also I was looking for a good vulnerability scanner comparison to show to manager types. Most of our managers are for the move to nessus, but some are still reluctant, and I would like to put as many nails in ISS's coffin as possible.
Thanks, David Sayre Los Alamos National Labs
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
