Hi Mike,
I've written a set of scripts that do the following:
1) Discover new and existing routed internal networks and insert them into a database.
2) Perform a weekly Nessus scan on the discovered networks and output to NBE format.
3) NBE output is parsed and inserted into the database where weekly HTML formated email reports are generated. The reports are broken down by vulnerability, vulnerable hosts, location. Each host is also assigned a color. Gray represents a newly discovered vulnerable host, Yellow indicates the host is known to have been vulnerable for 2 weeks. Red indicates the host has been vulnerable for 3 or more weeks.
4) A business owner is identified for each network scanned and is emailed a report detailing only the vulnerabilities identified on the network for which they are responsible.
The process is almost completely automated, only requiring a manual effort to update and/or include approved Nessus plugins. It has been extremely successful in reducing administrative overhead while helping to significantly reduce High/Critical OS and application vulnerabilities in large organizations. I feel it's great alternative or compliment to other enterprise solutions like eEye REM.
You can see a small screen shot at: http://www.obtuse.net/report-example.gif
Let me know if you have any questions.
Darren Bounds Intrusense, LLC.
On Feb 9, 2005, at 12:08 PM, Mike Mentges wrote:
Does anyone know of a method/Have scripts they use to convert Nessus data (whether that be xml or nbe) to HTML output. While the xsl method works it is a bit clunky to try and edit for someone without 10 years of xml/xsl coding experience.
On the xsl note are there any open projects/personal projects anyone has been working on that allow someone a better method of controlling how the data is displayed in a report?
Any help and examples would be great! Thanks!
Mike Mentges
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
