Thanks for the excellent reply! I am pouring over it, and looking into applying this and see if this helps get what I need done.
Jeff JEFF CHAPIN SYSTEM ADMINISTRATOR T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675 This e-mail, including attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential, and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, and then please delete it. Thank you. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, October 22, 2007 12:23 PM To: Jeff Chapin; [email protected] Cc: [EMAIL PROTECTED] Subject: RE: managing scan reports + launching nessus script Hey Jeff, (I've included John Olson regarding a prior email that I didnt' get to -- info on how I use windows nessus and a batch file to ensure all my reports are in a common location -- sounds like a question you had in a nessus 3.0.6 on solaris thread -- hope it helps -- that info after the xsl info) If you use the Windows version (NessusGui.exe), these sound very much like just what you're after: Reports are generated by classification. I'm looking into what else I can do, but also will be looking at the new format and possibilities available based on recent similar threads with Renaud. Changes: Original: Option to view by Host, or by Vulnerability Added: Option to View by Host or Vulnerabilty, and further restrict to Holes & Warnings, Just Holes, Just Warnings, and Just Info This change lets me create just critical, or medium to critical reports, as needed. Info can often be way too much information. Original: Regardless if addresses were entered as hostname or IP, the result shows only the IP Added: info from Plugin ID 12053, so that hostname now shows up in the "View by Host" reports (dependant on Plugin ID 12053 pulling in the info) This resolves my "which host was that again?" questions, as well as resolving DHCP issues by making the hostname readily available. Thanks to cmarshall of webmasterworld.com for helping me through the xsl on the hostname! Extract the following to "C:\Program Files\Tenable\Nessus\report_styles" as the default windows locations. backup beforehand if necessary, they can't coexist. I don't know of any reason why they couldn't also be used on the Linux side but I haven't investigated that yet. (If someone does, let me know -- I need to test that route out too, and soon) There was also a recent thread about the report location issue(by John Olson) -- nessus stores report information under the user accounts, which can be less than helpful. Here's the cheesy batch file we use. In brief: It opens in notepad a file called "Wind.bat" which simply launches windump.exe to packet capture a scan for later analysis in case we have a target host problem. The end user simply gives the files a name/date. It then uses the start command to open the capture in a separate dos window. It then launches nessus. when nessus closes, it copies all the captures to a network location (which I've mapped as X) It then copies the report data to a neutral location. Finally, it copies all the logs to a neutral location. Any client can then import as needed. %username% is a variable for the logged in user's acct name. The file runs from the all users desktop folder so everyone sees it. works like a champ. Pause at the end stops it. @echo off @echo Welcome to the Nessus Scanning batch file @echo. @echo Windump -- Capturing the Scan @echo First, edit the wind.bat file to packet capture, by changing the "<file>" @echo name, currently "c:\capture\<file>". Do NOT change the "capture" @echo directory location, as doing so prevents this batch file from automating @echo capture file backup. Capture files will be located at @echo \\yourserver\yourshare\Vulnerability_Scanning\Captures. @echo. @echo Once you are done editing close the file... @notepad.exe "C:\Documents and Settings\All Users\Desktop\wind.bat" start cmd /k "C:\Documents and Settings\All Users\Desktop\wind.bat" @echo Close Nessus when you are done scanning to begin file copy @"C:\Program Files\Tenable\Nessus\NessusGUI.exe" @echo Copying the packet captures.... @echo. @echo. xcopy /d /e /c /h /y c:\captures\*.* x:\vulnerability_scanning\captures\ @echo Now copying the Nessus Report raw data (can be imported into any Nessus Installation) @echo. @echo. xcopy /d /e /c /h /y "C:\Documents and Settings\%username%\Tenable\Nessus\reports\*.*" x:\vulnerability_scanning\reports\ @echo Now copying the Nessus log repository @echo. @echo. xcopy /d /e /c /h /y "C:\Program Files\Tenable\Nessus\logs\*.*" x:\vulnerability_scanning\logs\ @echo. @echo. @echo Finished! Exiting happens if you pause (note: \\yourserver\yourshare above, is my "x:\" drive, i.e. "net use x: \\yourserver\yourshare) Good luck, hope it helps, Mike "John Scherff" <[EMAIL PROTECTED]> 10/22/2007 09:54 AM To "Jeff Chapin" <[EMAIL PROTECTED]>, <[email protected]> cc <[EMAIL PROTECTED]> Subject RE: managing scan reports Jeff, Mike Vasquez has done some really cool stuff in this area. Search the posts for his email address and you'll find some answers, or shoot him a message. Keep the discussion on the list if you can; questions like yours come up often. John Scherff ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Chapin Sent: Monday, October 22, 2007 9:47 AM To: [email protected] Subject: managing scan reports Hello all, What sort of tools do people use to manage reports generated by Nessus? I used to use NessusWX to filter out what I wanted in the reports, etc, but this tool seems to be discontinued. I would love to be able to report just the critical, and just the medium/etc. Sorting by number of vulrebilities found would also be a plus. Thanks , Jeff JEFF CHAPIN SYSTEM ADMINISTRATOR T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675 This e-mail, including attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential, and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, and then please delete it. Thank you.
<<image001.jpg>>
<<image002.gif>>
<<image003.jpg>>
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
