My plan is to do a periodic scan on our entire infrastructure in order to
provide a report to the IT Director regarding the status of the 'security
holes' in our network. I see that I can feed my scans into a sql or other
database. What I am looking for is some type of historical qualitative
measure saying something to the effect of.... in March we had 14 severe
warnings as compared to April when we only had 8. This represents a
reduction of x%. Probably my best solution would be to provide a
graph(managers love pictures). My thought would be to display a years worth
(12 monthly scans) of data in the report. Are any of you doing this type of
reporting and if so.... what tool/approach works for you?
Also - I really like the ability to mark false positives and eliminate them
from reports as provided in the nessuswx client. I am not finding that
option in the linux native client. Am I just missing it? Can I export my
reports from the native linux client into nessuswx and then remove the false
positives? Method?
Thanks,
Nicole
_________________________________________________________________
Lose those love handles! MSN Fitness shows you two moves to slim your waist.
http://fitness.msn.com/articles/feeds/article.aspx?dept=exercise&article=et_pv_030104_lovehandles
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
