The Inprotect product may suit your needs.
It can provide pretty pictures for management and you can import your previous scan results (nbe files, etc..). You can view results and mark as false positives. The user/admin only needs a browser.
I installed it but found that I had to do a few modifications to suit my needs. (add feature to scan subnet ranges, give certain users access to results of other users' scans, disable screen caching for some of the searching, track successful user authentication, etc...)
http://www.inprotect.com/
----------------------------------------------------
Mike Sleeper CISSP, CCSE, CCFS
Computer & Information Security
803.725.3100
803.725.PAGE (#13146)
----------------------------------------------------
************* DISCLAIMER ***********************************
The above comments are my own and do not
necessarily represent those of my employer or
contractor. Any information or advice provided by
me shall be given under the "caveat emptor" principal.
*****************************************************************
| "net sec" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 04/23/2004 07:48 PM |
|
My plan is to do a periodic scan on our entire infrastructure in order to
provide a report to the IT Director regarding the status of the 'security
holes' in our network. I see that I can feed my scans into a sql or other
database. What I am looking for is some type of historical qualitative
measure saying something to the effect of.... in March we had 14 severe
warnings as compared to April when we only had 8. This represents a
reduction of x%. Probably my best solution would be to provide a
graph(managers love pictures). My thought would be to display a years worth
(12 monthly scans) of data in the report. Are any of you doing this type of
reporting and if so.... what tool/approach works for you?
Also - I really like the ability to mark false positives and eliminate them
from reports as provided in the nessuswx client. I am not finding that
option in the linux native client. Am I just missing it? Can I export my
reports from the native linux client into nessuswx and then remove the false
positives? Method?
Thanks,
Nicole
_________________________________________________________________
Lose those love handles! MSN Fitness shows you two moves to slim your waist.
http://fitness.msn.com/articles/feeds/article.aspx?dept=exercise&article=et_pv_030104_lovehandles
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
