Mailing List Archive

Philippe wrote:
> High, this is my first message on this mailing list, I hope it is relevant here.

Perhaps -- we get all sort so folks on the list.

> I would like to scan vulnerabilities on a class C network.
> I am evaluating several products (Nessus, Qualys, Rapid7, nCircle, Secunia, eEye, GFI LanGuard, etc.).
> I like the Nessus scanner but I am a bit puzzled with the report part.
> The Tenable Security Center does a lot of things, but the price is too high to manage about a hundred of hosts.

That is interesting pricing feedback. Since you brought this up ....

SC3 for 500 IPs costs $15,570/us

According to SC magazine, Rapid 7 costs $25k for a class C. Considering
their console does not do as much as SC3 and they test for about half
as many CVEs as Nessus does, it might not be as good of a deal. The URL
for this is here: http://www.scmagazineus.com/Rapid7-NeXpose/Review/26/

SC magazine also has Qualys at $5995 for 10 IPs.

nCircle (according to infoword) costs $36k for 250 IPs.

SC magazine also has eEye retina for 128 addresses for $1995 and the
REM product for 500 IPs is cheaper than SC3.

GFi Languard is easily the lowest priced of the bunch, but if you are
looking at Tenable, Qualys, nCircle, .etc, you might not find all of
the features you are looking for there.

> The 2 basic things I am looking for are:
> - generate a report called hereafter "R1" displaying the number of holes/warning/notes for each scanned host, and the details for the holes/warnings only,
> - generate a "trend report" called hereafter "R2": a graphic displaying the time evolution of number of scanned hosts, numbers of holes, numbers of warnings.
>
> I found a XSL file that enabled me to generate R1, but this XSL transformation must be used with the Nessus version 2 XML report file generated by the Nessus 3.0.6 client on Windows.

We are working on a NessusClient which will have XSLT in the reporting so
you can transform your scan results into anything you want. I do not have
an ETA for this yet.

> Is it possible to generate a Nessus version 2 XML report file with a Nessus 3.2.x software ?

No. Not with the existing products. You can use XSLT on the resulting .nessus file
which is XML based.

> What should I use in order to be able to generate R1, using for input the Nessus "version 3" XML file (.nessus file, beginning by <NessusClientData>) generated by the Nessus 3.2.x software (multiplatform) ?

The Nessus Client default report has exactly this -- a summary and then details about each vuln.

> What should I use to generate R2 ? A very basic solution could be to generate the graphic using MS Excel/ OpenOffice Calc by manually entering the figures retrieved from the Nessus report.

For Nessus users who don't want to purchase a managment and reporting tool that
has this sort of reporting built into it, I've seen a wide variety of soluitons,
most of which surround developing code using MySQL/PHP or manual data entry
into a spreadsheet.

> Otherwise, I found Nessconnect, that seems to be interesting for my purpose, but:
> - I do not know if this software is reliable and fully compatible with Nessus 3.2 and future versions,
> - I am not satisfied with the default reports and I do not know yet how to generate custom report,
> - the scan results and reports seems to be save in binary file ("session"), that may be a problem in the future if evolution is required and the software is no longer supported.

The Nessconnect folks are on the list. We don't necessarily certify projects to
be compatible with Nessus 3.2. I suggest you look at the Nessconnect home/project
page and express any features requests or comments to them.

> Do you know other software, preferably open source, able to generate custom reports R1 and R2 with a Nessus 3.2 scanner ?

You might find a few tools that can handle R1, but the issue with your R2 report is
retention of scan results. I'm not familiar with any open/free tools that lett you
take successive Nessus scan results and do a trend report on them.

Ron Gula
Tenable Network Security




_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Hi Ron,

Thank you very much for your detailed answer.
I know that the Nessus scanner is one of the or maybe THE best scanner with a very competitive price.
Tenable Security Center is cheaper than other comparable solutions of competitors, nevertheless the price is still to high to manage 128 hosts, because the price is more interesting for 500 @IP or more (hi Erin ;-))

Do I dare to give a wish list, although I do not know if it is the right place ? I will dare but please tell me if another place is more suitable, and if the 2 following wishes are acceptable, and a very gross "ETA" if possible (one month, several months, never, ...).

* First wish
In the version 2 XML report of Nessus 3.0.x (I hope x=7): add the name of the plugin.
[.in the .nessus report of Nessus 3.2, there is "PluginID" and "PluginName", in the .xml report of Nessus 3.0.6, there is only "id"].
It would be great to have the plugin name in the report.
But maybe the NessusClient 3.0.6 will never evolve.

* Secund wish
With NessusClient 3.2.y (I hope y=2), be able (directly or via XSLT) to generate an HTML report like that:
Summary part:
host1: 1 hole 5 warnings 10 notes 10 open ports
host2: 2 holes 15 warnings 30 notes 12 open ports
host3: 0 hole 1 warning 5 notes 2 open ports
Detailed part:
List of holes of host 1:
...
List of holes of host 2
...
...
List of holes of host 3
List of warnings of host 1
List of warnings of host 2
List of warnings of host 3
List of notes of host 1
List of notes of host 2
List of notes of host 3

The current report with NessusClient 3.2.1 is:
List of hosts:
host1: High severity probleme(s) found
host2: High severity probleme(s) found
host3: Medium severity probleme(s) found
Host1
summary for host1
all problems for host1
Host2
summary for host2
all problems for host2
Host2
summary for host3
all problems for host3

The goal of the secund wish is:
- for the summary part: to have directly the numbers of problems for each kind (high/medium/low) + the number of open ports.
- for the detailed part: to have first the high severity problems, that must be solved first, then after the medium, and finally the low.

Best regards.
Philippe.



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Hi Philippe,

We're not planning any changes to the Nessus 3.0.6 windows client. As I said
in my last email, a future version of the NessusClient will have support for
style sheets so you and any other Nessus user can write and share your own
reports formats.

Ron


Philippe wrote:
> Hi Ron,
>
> Thank you very much for your detailed answer.
> I know that the Nessus scanner is one of the or maybe THE best scanner with a very competitive price.
> Tenable Security Center is cheaper than other comparable solutions of competitors, nevertheless the price is still to high to manage 128 hosts, because the price is more interesting for 500 @IP or more (hi Erin ;-))
>
> Do I dare to give a wish list, although I do not know if it is the right place ? I will dare but please tell me if another place is more suitable, and if the 2 following wishes are acceptable, and a very gross "ETA" if possible (one month, several months, never, ...).
>
> * First wish
> In the version 2 XML report of Nessus 3.0.x (I hope x=7): add the name of the plugin.
> [.in the .nessus report of Nessus 3.2, there is "PluginID" and "PluginName", in the .xml report of Nessus 3.0.6, there is only "id"].
> It would be great to have the plugin name in the report.
> But maybe the NessusClient 3.0.6 will never evolve.
>
> * Secund wish
> With NessusClient 3.2.y (I hope y=2), be able (directly or via XSLT) to generate an HTML report like that:
> Summary part:
> host1: 1 hole 5 warnings 10 notes 10 open ports
> host2: 2 holes 15 warnings 30 notes 12 open ports
> host3: 0 hole 1 warning 5 notes 2 open ports
> Detailed part:
> List of holes of host 1:
> ...
> List of holes of host 2
> ...
> ...
> List of holes of host 3
> List of warnings of host 1
> List of warnings of host 2
> List of warnings of host 3
> List of notes of host 1
> List of notes of host 2
> List of notes of host 3
>
> The current report with NessusClient 3.2.1 is:
> List of hosts:
> host1: High severity probleme(s) found
> host2: High severity probleme(s) found
> host3: Medium severity probleme(s) found
> Host1
> summary for host1
> all problems for host1
> Host2
> summary for host2
> all problems for host2
> Host2
> summary for host3
> all problems for host3
>
> The goal of the secund wish is:
> - for the summary part: to have directly the numbers of problems for each kind (high/medium/low) + the number of open ports.
> - for the detailed part: to have first the high severity problems, that must be solved first, then after the medium, and finally the low.
>
> Best regards.
> Philippe.
>
>
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus