Pierre-Arnauld,
I believe the answer to this question is "sort of". There are four main
reports that provide information with regards to the use of an account with
administrator credentials which are the "Success" and "Failure" accounts
located in the Internet Scanner local console. However with those reports,
they only indicate this by a host basis sorted by IP or domain name.
What you are describing here specifically is a vuln by vuln indication and you
can get this by running a report such as the "Network Vulnerability Assessment
Report sorted by IP" (I know this is in the local console - not sure apout
SiteProtector) where at the top of each vulnerability that applies, the user is
told if Admin access was reached per vulnerability. This would probably get
you what you are looking for, but it would not be done as quickly as you might
need it to be. There are 3 other ways that I can think of to get this for you
through the product, all being more involved than using the above report.
1. You could do a SQL query right to the database (not ideal, not pretty, but
it would work).
2. You could create a custom report in Crystal Reports that stripped off
everything but the vulns that reported admin status and list them as the vuln
count reports do. Lots of up front work, but useful going forward.
3. You could observe which vulns required access via the report listed above,
then go back to the report selection screen and use one of the counts reports,
filtering by vulnerabilities based on your first report. This would list them,
but it would be some work especially if you had a bunch of vulns. This might
ultimately prove faulty however as if you filter off a vuln, everything (hosts)
that flagged the vuln (independent of access) gets stripped also.
Pierre-Arnauld Lecoeuvre <plecoeuvre@amadeus.net> wrote:
Hi all,
I have performed a scan on several servers with Internet Scanner 7.0 SP2.
I can gather all vulnerabilities on my Site Protector Console 2.0 SP5.
The report "Host Assessment details" gives me lot of information but I
don't know of vulnerabilities require admin privilege or not.
Is there a way to know (and count) quickly how many vulnerabilities with
admin privilege I have detected during my scan ?
Thanks for your help.
-------------------------------------------------
Pierre-Arnauld Lecoeuvre.
DEV/IIS/OAU/NET
Phone : +33 (0)4.97.23.09.62
-------------------------------------------------
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
