One point I wanted to bring up was with respect to database integration. While that would be nice it isn't that hard to do (it just takes development time) and is dependent on the local environment. For example, my integration scheme uses ten tables. Only two of those are necessitated by nessus itself, the rest come from external scanning controls (two different priority scan queues), host tracking, automatic vulnerability notification controls, and other scan components.
While there are facilities provided by the betas that I am very interested in the client isn't one of them and database integration is so installation/usage dependent that I'm not sure how much value there would be by including it into the nessus scanning application itself. - what is stored in the database? - what will be used to key on systems? - what database solution(s) will be compatible?* - how does it deal with database (lack of) availability? - how will decisions in the above affect scan performance and latency? While I don't doubt the capabilities of Tenable the answers to the above are so dependent on the local environment that a proper integration is far superior to a generic one-size-fits-all approach. Anything more than storing the nessus plugins and scan results based on unique scan ids is dependent on the local environment (and even using unique scan ids has its draw backs though at least it is flexible). * and, no, "SQL compatibility" is unfortunately not sufficient... Nor is "just use a java connector" (or similar generic interface) which is an issue we are dealing with from another product Tim Doty -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula Sent: Monday, September 10, 2007 11:14 AM To: nessus Subject: Re: nessus3 annoyances/wish list Mercer, Jeff C - Raleigh, NC wrote: > I've never found a truely good Nessus client, not even from Tenable. > :( A lot of what you have written about in this email are things we want to do. However, the Nessus user base is split between command line users, UNIX users, Windows users and Mac OS X users. Integrating the many different GUIs into the new Nessus 3 beta client is our focus right now. We will add more features into the client in the future. > NessusWX is the best I've been able to find but it's largely orphaned. > Tenable should have invested time on re-working it instead of > continually re-writing clients from scratch. I'm assuming Tenable > didn't feel like using 3rd party open source software. Which is sad... Actually, Tenable has been maintaining NessusWX for some time. We've not added major new features to it, but have fixed bugs in it and have provided bandwidth/hosting for it. > Anyways, the new Nessus Client 3 beta is a good start but it's missing > a lot of critical pieces. I think some of these are just not done yet: A lot of the features you are asking for are things we'd like to do. Please keep in mind that the Nessus 3 client is cross platform and will look/behave the same for OS X, Windows and Linux users. Right now our focus is the new Nessus 3 client which includes the .nessus report format. We can build many new features on this reporting format which we can't do as easily with the .nsr, .nbe, .etc formats. The .nessus format tracks what was scanned and also what was found, so it becomes much easier to track results over time. The .nsr and .nbe formats only have results. > o Reporting! Yeah yeah, Tenable wants everyone to buy Security > Center. Which is absurd if all you want is a few reports for scans. > There's a HUGE difference between running a full-blown SIM and just > wanting to report on some scans The Security Center is very good for managing scans, scheduling reports, analyzing vuln data and many other things. For 500 servers, it costs less than $20k which is a steal compared to many of the companies below that you are comparing Nessus to. I also don't consider the Security Center a SIM, unless you add in the Log Correlation Engine which then allows you to also look at firewall, syslog, windows events, .etc all in one spot. > I really could go on. Basically, Nessus has grown-up a lot from where > it started but it still lacks MANY features found in Enterprise > scanning solutions from ISS/IBM, Harris, BindView, etc... And frankly, > most of this is due to the simplified clients. I've worked a lot with customers who have replaced those solutions with the Security Center. A big reason most of them made the switch was because of the differences in speed and accuracy between the Nessus 3 engine and their previous solution. Having said that, many of the features you are asking for are things we plan to do with the Nessus client in future releases. Until then, I encourage Nessus users to try the beta and send in feedback. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
