An easy way to filter particular findings out of the Nessus report is to
have nessus write its findings to an NBE file (one finding per line) and
then filter out the findings you don't want. For example:
If you don't want informational messages, use
grep -v '|Security Note|' original_report.nbe > new_report.nbe
If you don't want findings associated with Nessus ID 10264 (SNMP
community strings), use
grep -v '|10264|' original_report.nbe > new_report.nbe
If you don't want findings for a host named abc123.example.com, use
grep -v '|abc123.example.com|' original_report.nbe > new_report.nbe
(Be careful on that last one... your input file and your name resolution
options will affect how the name appears in the report.)
Note that the pipe symbols in the search expression are important - they
are field delimiters. If you omit them, you will filter out ANY record
that contains the expression - even if it appears in the (sometimes
lengthy) detailed description field.
When you have filtered out all the stuff you don't want, you can use the
"new" nbe file to create a report:
nessus -i new_report.nbe -o new_report.html.
This method gets a little messy if you're trying to filter out many
things at once. (Using multiple chained grep expressions will obviously
create a major performance hit.) For my environment, I wrote a perl
script that reads filters in from text files (e.g., low-severity
filters, false-positive filters, risk-accepted findings, etc.), removes
them from my nessus report files, generates HTML reports from the
"cleaned-up" nbe files, and then emails the reports to me.
I don't use either GUI; I automate all my scans using the command-line
version. The ease-of-use isn't there, but all the functionality is - if
you look hard enough.
R/ John Scherff
IT Security Analyst
24 Hour Fitness
-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of net sec
Sent: Monday, August 22, 2005 1:50 PM
To: nessus@list.nessus.org
Subject: NessusWX v GTK client
I am trying to get more proficient in Linux so have forced myself to
rely on the GTK native client rather than use the NessusWX. Maybe it is
the nature of those that have relied on Windows based products to want
an easy point and click solution but some of the features that I see in
NessusWX are missing in the GTK client that I believe would be very
useful.
Examples: Exporting reports/results directly to a mySQL database and
ability to filter/sort reports based on severity level or host vs.
vulnerabilty.
Question: Is this readily available on the purely Linux side and I am
missing something or do most GTK users have the wherewithall to write
their own solutions using Perl etc.? (I don't yet) Does anyone have
suggestions on relatively simple solutions to getting Nessus reports
into mySQL? What I really want to do is produce flexible output that
can include reports sorted by vulnerabilty, only contain High Severity
items or do not include summaries.
Suggestions are appreciated and flaming somewhat expected :-)
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
