[unisog] Automating scan processing was Re: Outsourcing security scanning (internal and external)

Russell Fulton r.fulton at auckland.ac.nz
Sat Oct 8 04:02:37 GMT 2005



Isac Balder wrote:
>
>>From my expierence the majority of the work involved
> in proper scanning and the subsequent follow-up
> (verification of vulnerabilities, remediation of
> vulnerabilities, verification of remediation, insert X
> political hurdles) is going to fall on your lap as the
> asset owner at the end of the day. 

Yes, this is my assessment too. The scanning is the easy bit. The main
reason I don't do more automated vulnerability assessment is simply
because I don't have the resources to do all the follow up work.  One of
my long term projects is to automate 'cleaning' of the vulnerability
reports (eliminating stuff we don't care about or have decided that we
have to live with) and delivering this information to faculty IT
managers in a form that they find useful.  Even if the outsourcing
handles this satisfactorily you still need to make sure that stuff gets
delivered to those responsible for the systems and that things get fixed
or it is a total waste of money.  Both of these are non trivial im my
experience.

We do do vulnerability assessments of new systems as they go into
service and this takes several hours, most of that time is spent taking
the raw results of the scan and massaging it into a form that is useful
for the system admins.

On this note has an one written anything for post processing results
from nessus scans?  I'm aware of various perl modules for processing
output -- what I was thinking of is something that works at a higher
level, e.g. reads the xml eliminates specified 'alerts' and builds
tables of systems on one axis and vulnerabilitys in columns.

I'm also interested in what nessus plugins people are using for large
scale scanning and for scanning machines as they appear on the network
(especially the wireless network ;)

Russell.

Russell


More information about the unisog mailing list