I am rather new to the Nessus product, having recently migrated over from the SATAN/Saint/Sara line of security scanners. I must say that overall I am quite impressed by the quality of the Nessus product.
The only aspect I find somewhat lacking is the reporting mechanism, although I have really only looked at the GTK client and some of its related reports. I find it difficult to quickly find which hosts have the serious problems, or to find all the hosts with a particular problem, etc., like I was under the SATAN derived products. And despite my reading some stuff that indicates that Nessus may be better at false positive suppression (at least if I run in 'unsafe' mode) than SATAN and its descendents, I expect false positives will still be an issue, and I would like to see some way of flagging alerts that were determined to be false positives so that it will be marked as such when future scans are run. I wrote some patches to Sara to do this, but the maintainer never seemed interested in accepting them (although Saint did, but I can't afford Saint:). Anyway, I was looking at some of the output formats, in particular XML, and thought it should not be too bad to write a custom, interactive analysis/ reporting tool to make the reports more in line with what I wanted. If and when something usable comes out, I will share with the community. First, though, I noticed that the XML save file includes a lot more information than the NBE format. E.g., XML includes a lot of information regarding the plugins (what version, etc.), plus Nessus options (at the time of the scan?) (including which plugins were used), that I do not see any evidence of in the NBE format. This surprised me, because I thought NBE was the "native" format and should encapsulate all information re a scan. But apparently not. I was wondering if anyone knew offhand where the "extra" information in the XML output comes from. Is it from the server-side database/knowledge base? Or is it not really attached to the vulnerability/results data, and just the current settings when the XML report is generated? E.g., if I run a scan today, and save it to scan1.nbe, change some settings, maybe run some more scans, then next week load scan1.nbe and generate the XML report from it, will the Nessus settings in the XML reflect what was in effect at the time of the scan and the plugin info from the time of the scan, or are those taken from the time the XML report is produced? Tom Payerle Dept of Physics [EMAIL PROTECTED] University of Maryland (301) 405-6973 College Park, MD 20742-4111 Fax: (301) 314-9525 _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
