RE: Results display & mitigation marking tool?

Brian,

Here are a couple of screenshots of the "By Vulnerability" report I've
created.  The standard "By IP" report is basically the same thing Nessus
puts out, although I've cleaned up the Inprotect one as well.

The mitigation report I'm working on is basically going to use the "By
Vuln" report, and there will be check boxes next to the individual IPs,
and you'll be able to reassign criticality based on your company
criteria (for example, Nessus classifies a read/write string of "public"
as 'Info', my mitigation report would allow you to reclassify that as
'Critical').

I also plan to make an "Ignore Plugins" setting for the mitigation
reports, where you can enter plugin ID's to ignore.  If you have a large
report, things like Traceroute results aren't really critical.

My vision is great, my coding... Not so great.  :)  So, it's going to
take a bit to get this working the way I want.

Anyway, screenshots are at:  http://industrial.mu/inprotect

-David

-----Original Message-----
From: Fender, Brian [mailto:Brian.Fender@il.proquest.com] 
Sent: Monday, April 25, 2005 10:09 AM
To: Jones, David H; Javier Fernandez-Sanguino
Cc: nessus@list.nessus.org
Subject: RE: Results display & mitigation marking tool?


David,

        Inprotect looks like it might be exactly what I need, you have
any screenshots of a results view?  The only one I could find online
only showed a single host result.

I attached a shot of what I'm using now.

         

-----Original Message-----
From: Jones, David H [mailto:Jones.David.H@principal.com] 
Sent: Monday, April 25, 2005 10:37 AM
To: Javier Fernandez-Sanguino; Fender, Brian
Cc: nessus@list.nessus.org
Subject: RE: Results display & mitigation marking tool?

I'm currently working on a *ton* of Inprotect enhancements to make it
more "enterprise friendly", including mitigation reporting and tagging.

I've given a lot of my enhancements to the Inprotect developers to put
in the CVS tree, but I don't know what will make it in their next
release or not.  I may just put out my own "release" with all the mods
I've done.

-David

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Javier
Fernandez-Sanguino
Sent: Monday, April 25, 2005 8:58 AM
To: Fender, Brian
Cc: nessus@list.nessus.org
Subject: Re: Results display & mitigation marking tool?


Fender, Brian wrote:

> Basically I'm just looking for a generic web-based, spreadsheet-style
> database interface.  I figure this is a common enough need that 
> someone has written a free one already.  Maybe not?


Even though not spreadsheet based, Inprotect does provide a way to mark
results as "false positives" (which you could use to say "this has been
fixed"). There's a lot to enhance in that tool to get to what you need,
but it might be a starting point...

Regards

Javier
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus


-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable
law.
If you are not the intended recipient, any dissemination, distribution
or copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect@principal.com and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic
signature for purposes of the Uniform Electronic Transactions Act (UETA)
or the Electronic Signatures in Global and National Commerce Act
("E-Sign") unless a specific statement to the contrary is included in
this message.


-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect@principal.com and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus