As far as I know, not directly .. But the .nbe output can easily be parsed
and input into your favorite SQL DB. In fact, our success in vulnerability
assessment comes from the fact that we import multiple bulk vulnerability
scanners directly into a SQL DB and then query it for analysis in order to
obtain a "big picture," as it were.
I'd recommend using perl for .nbe analysis or something like syslog-ng that
can log directly to mysql.
Combining the data from Nessus and other scanners's output together in a DB
allows you to get a good picture of the target hosts, since each scanner has
it's area of expertise ..
Typically each scanner has it's strengths and weaknesses, but once the all
results are in a DB you can query it, and not worry so much about the bias
or fault of a particular scanner. Focus on the Gestalt.
Steve Davies (Director of Spohn Security Consulting) has written an amazing
set of query tools for statistical vulnerability analyses using multiple
scanners for a frontend, and SQL for the backend. I'm not sure if he's
released it to the public domain yet, but it's really good at taking raw
scanner data and making it useful.
Dan Muldoon
Security Consultant
On 9/26/05 2:14 AM, "Josh Zlatin-Amishav" <josh@tkos.co.il> wrote:
On Mon, 26 Sep 2005 saverio.ferraro@fastwebnet.it wrote:
Hi,
I want to know if Nessus 's server (nessusd) can store directly his report
on a database (MySQL or Postgress) without to go through the client
(NessusWX).
The simple asnwer is no. There are a few scripts out there that will
import your NBE formatted file into a MySQL database. One example is
NessQuick
(http://www.atriskonline.com/cgi-bin/downloader/dl.pl?id=nessQuick-v0.05.zip
)
<http://www.atriskonline.com/cgi-bin/downloader/dl.pl?id=nessQuick-v0.05.zip
)>
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
