Mailing List Archive

Hi Chris,


On Oct 1, 2008, at 11:54 AM, Chris Clements wrote:

> Sorry if this has been asked before, but is there a way in the 3.2
> client that I can filter my reports to exclude hosts with no open
> ports?

If you use Nessus 3.2.1 and use the new filtering features (as
described on
http://blog.tenablesecurity.com/2008/05/nessus-321-rele.html), then
you can add the following filter:


Only show vulnerabilities that will match any of the following
criteria :

Port name contains /tcp)
Port name contains /udp)


The closing parenthesis will hide 'general/tcp'.


-- Renaud





_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Chris Clements wrote:
> Sorry if this has been asked before, but is there a way in the 3.2
> client that I can filter my reports to exclude hosts with no open ports?

Hi Chris,

Negative filtering (show me everything that does not match this thing) wasn't
something we were shooting for in the Nessus Client. The filtering is vulnerability
based, not IP/scanned-system based so you can't really turn off an IP if a certain
parameter is or isn't there.

Having said that, if you look for the charcater "(" in your port name fields,
this will match on the text like like "microsoft-ds (445/tcp)". Keep in mind
if you have some generic "general/tcp" or "general/udp" vulns, these will be
filtered out in your report. However, the report will contain all systems which
have open ports.

In the Security Center, there is report filtering, but what is more interesting
is the ability to use the results of any Nessus scan (or passively obtained with
the Passive Vulnerability Scanner) to dynamically create lists of IP addresses
that can then be used for reporting, filtering and even access control.

Ron Gula
Tenable Network Security

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Worked like a charm, thanks guys!


Chris Clements
cclements@flatearth.net



On Oct 1, 2008, at 12:10 PM, Ron Gula wrote:

> Chris Clements wrote:
>> Sorry if this has been asked before, but is there a way in the 3.2
>> client that I can filter my reports to exclude hosts with no open
>> ports?
>
> Hi Chris,
>
> Negative filtering (show me everything that does not match this
> thing) wasn't
> something we were shooting for in the Nessus Client. The filtering
> is vulnerability
> based, not IP/scanned-system based so you can't really turn off an
> IP if a certain
> parameter is or isn't there.
>
> Having said that, if you look for the charcater "(" in your port
> name fields,
> this will match on the text like like "microsoft-ds (445/tcp)". Keep
> in mind
> if you have some generic "general/tcp" or "general/udp" vulns, these
> will be
> filtered out in your report. However, the report will contain all
> systems which
> have open ports.
>
> In the Security Center, there is report filtering, but what is more
> interesting
> is the ability to use the results of any Nessus scan (or passively
> obtained with
> the Passive Vulnerability Scanner) to dynamically create lists of IP
> addresses
> that can then be used for reporting, filtering and even access
> control.
>
> Ron Gula
> Tenable Network Security
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus