On Feb 2, 2005, at 11:07 AM, McDermott, AS Amanda (5841) @ IS wrote:
A vendor that did a vulnerability assessment on our network said to only select the plugins that specifically affect the operating system of the devices I'm scanning but�how do you know which ones to select?�I am curious at what all of you are doing to aid in false-positive ellimination. Any help is greatly appreciated!
Running all tests all the time, storing a list of plugin ids that are false positives for each host, then using that list on subsequent scans to automatically weed out the false ones. It requires you to write little scripts to do automate the process. Admittedly, it's not a particularly clever solution but it gets the job done well enough I suppose. Hope that helps.
Best regards, Erik Stephens www.edgeos.com Managed Vulnerability Assessment Services
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
