As far as I know, not directly .. But the .nbe output can easily be parsed and input into your favorite SQL DB. In fact, our success in vulnerability assessment comes from the fact that we import multiple bulk vulnerability scanners directly into a SQL DB and then query it for analysis in order to obtain a "big picture," as it were.
I'd recommend using perl for .nbe analysis or something like syslog-ng that can log directly to mysql. Combining the data from Nessus and other scanners's output together in a DB allows you to get a good picture of the target hosts, since each scanner has it's area of expertise .. Typically each scanner has it's strengths and weaknesses, but once the all results are in a DB you can query it, and not worry so much about the bias or fault of a particular scanner. Focus on the Gestalt. Steve Davies (Director of Spohn Security Consulting) has written an amazing set of query tools for statistical vulnerability analyses using multiple scanners for a frontend, and SQL for the backend. I'm not sure if he's released it to the public domain yet, but it's really good at taking raw scanner data and making it useful. Dan Muldoon Security Consultant On 9/26/05 2:14 AM, "Josh Zlatin-Amishav" <[EMAIL PROTECTED]> wrote: On Mon, 26 Sep 2005 [EMAIL PROTECTED] wrote: > > > > Hi, > > I want to know if Nessus 's server (nessusd) can store directly his report > on a database (MySQL or Postgress) without to go through the client (NessusWX). The simple asnwer is no. There are a few scripts out there that will import your NBE formatted file into a MySQL database. One example is NessQuick (http://www.atriskonline.com/cgi-bin/downloader/dl.pl?id=nessQuick-v0.05.zip ) <http://www.atriskonline.com/cgi-bin/downloader/dl.pl?id=nessQuick-v0.05.zip )> _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
