Solved Network Vulnerability Scan with REporting
-
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
What perspective are you scanning from: external; internal, uncredentialed; or internal, trusted? That will affect the tools you use. We used Lynis (https://cisofy.com/lynis/), but that was more about compliance and vulnerability testing from an internal, trusted perspective.
We will be using it internally, and ocassionalky external host but 98% will be internal.
I liked Lynis, but it runs on every device you need to scan rather than performing an external scan. This is more about hardening to protect from an attack instead of simulating a hostile reconnaissance.
So it is agent based, I have used OSSEC and OSSIM for that too.
Yup
-
OpenVAS is a good one.
-
@dafyre said in Network Vulnerability Scan with REporting:
OpenVAS is a good one.
That is what I am using right now, it has great reporting.
-
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
What perspective are you scanning from: external; internal, uncredentialed; or internal, trusted? That will affect the tools you use. We used Lynis (https://cisofy.com/lynis/), but that was more about compliance and vulnerability testing from an internal, trusted perspective.
We will be using it internally, and ocassionalky external host but 98% will be internal.
I liked Lynis, but it runs on every device you need to scan rather than performing an external scan. This is more about hardening to protect from an attack instead of simulating a hostile reconnaissance.
So it is agent based, I have used OSSEC and OSSIM for that too.
OSSIM is good, as I think it has a built in Vulnerability scanner too, but it's more like a Snort / Suricata / IDS log collecter, IIRC.
-
@dafyre said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
What perspective are you scanning from: external; internal, uncredentialed; or internal, trusted? That will affect the tools you use. We used Lynis (https://cisofy.com/lynis/), but that was more about compliance and vulnerability testing from an internal, trusted perspective.
We will be using it internally, and ocassionalky external host but 98% will be internal.
I liked Lynis, but it runs on every device you need to scan rather than performing an external scan. This is more about hardening to protect from an attack instead of simulating a hostile reconnaissance.
So it is agent based, I have used OSSEC and OSSIM for that too.
OSSIM is good, as I think it has a built in Vulnerability scanner too, but it's more like a Snort / Suricata / IDS log collecter, IIRC.
OSSIM is Alien Vault OpenSource and can be more convoluted that OpenVAS as it just has so much information and also can be your Syslog Server as well. It is pretty big.
-
@dbeato said in Network Vulnerability Scan with REporting:
@dafyre said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
What perspective are you scanning from: external; internal, uncredentialed; or internal, trusted? That will affect the tools you use. We used Lynis (https://cisofy.com/lynis/), but that was more about compliance and vulnerability testing from an internal, trusted perspective.
We will be using it internally, and ocassionalky external host but 98% will be internal.
I liked Lynis, but it runs on every device you need to scan rather than performing an external scan. This is more about hardening to protect from an attack instead of simulating a hostile reconnaissance.
So it is agent based, I have used OSSEC and OSSIM for that too.
OSSIM is good, as I think it has a built in Vulnerability scanner too, but it's more like a Snort / Suricata / IDS log collecter, IIRC.
OSSIM is Alien Vault OpenSource and can be more convoluted that OpenVAS as it just has so much information and also can be your Syslog Server as well. It is pretty big.
I forgot to mention this one. Wazuh combines ELK and OSSEC. I played with it a while ago and it wasn't too bad to set up.
-
OpenVAS has been working fine, now I am playing with Wazuh
-
@dbeato said in Network Vulnerability Scan with REporting:
@dafyre said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
What perspective are you scanning from: external; internal, uncredentialed; or internal, trusted? That will affect the tools you use. We used Lynis (https://cisofy.com/lynis/), but that was more about compliance and vulnerability testing from an internal, trusted perspective.
We will be using it internally, and ocassionalky external host but 98% will be internal.
I liked Lynis, but it runs on every device you need to scan rather than performing an external scan. This is more about hardening to protect from an attack instead of simulating a hostile reconnaissance.
So it is agent based, I have used OSSEC and OSSIM for that too.
OSSIM is good, as I think it has a built in Vulnerability scanner too, but it's more like a Snort / Suricata / IDS log collecter, IIRC.
OSSIM is Alien Vault OpenSource and can be more convoluted that OpenVAS as it just has so much information and also can be your Syslog Server as well. It is pretty big.
Alien vault just uses openvas with their gui on top. I've confirmed this with their support.
-
@irj said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@dafyre said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@kelly said in Network Vulnerability Scan with REporting:
What perspective are you scanning from: external; internal, uncredentialed; or internal, trusted? That will affect the tools you use. We used Lynis (https://cisofy.com/lynis/), but that was more about compliance and vulnerability testing from an internal, trusted perspective.
We will be using it internally, and ocassionalky external host but 98% will be internal.
I liked Lynis, but it runs on every device you need to scan rather than performing an external scan. This is more about hardening to protect from an attack instead of simulating a hostile reconnaissance.
So it is agent based, I have used OSSEC and OSSIM for that too.
OSSIM is good, as I think it has a built in Vulnerability scanner too, but it's more like a Snort / Suricata / IDS log collecter, IIRC.
OSSIM is Alien Vault OpenSource and can be more convoluted that OpenVAS as it just has so much information and also can be your Syslog Server as well. It is pretty big.
Alien vault just uses openvas with their gui on top. I've confirmed this with their support.
YEs, just too many things in one system.
-
We're using InsightVM (product of Rapid7).
-
I really like OpenVAS and never noticed it being slow... it scans, and reports it's findings in an excellent way. Very intuitive and useful. It is worth spinning one up.
-
@obsolesce said in Network Vulnerability Scan with REporting:
I really like OpenVAS and never noticed it being slow... it scans, and reports it's findings in an excellent way. Very intuitive and useful. It is worth spinning one up.
It is slow to start the tasks
-
@dbeato said in Network Vulnerability Scan with REporting:
@obsolesce said in Network Vulnerability Scan with REporting:
I really like OpenVAS and never noticed it being slow... it scans, and reports it's findings in an excellent way. Very intuitive and useful. It is worth spinning one up.
It is slow to start the tasks
Definitely.
Nessus is so much faster. In a big environment, OpenVas just isn't usable. It isn't bad for smaller environments, though.
-
What does everything OpenVAS does, and giving you the same info such as fixes/resolutions, but is faster for larger environments?
-
@irj said in Network Vulnerability Scan with REporting:
@dbeato said in Network Vulnerability Scan with REporting:
@obsolesce said in Network Vulnerability Scan with REporting:
I really like OpenVAS and never noticed it being slow... it scans, and reports it's findings in an excellent way. Very intuitive and useful. It is worth spinning one up.
It is slow to start the tasks
Definitely.
Nessus is so much faster. In a big environment, OpenVas just isn't usable. It isn't bad for smaller environments, though.
Yes, that is expensive.
-
@obsolesce said in Network Vulnerability Scan with REporting:
What does everything OpenVAS does, and giving you the same info such as fixes/resolutions, but is faster for larger environments?
Yeah, but OpenVas is a resource pig, and the reporting isnt very good when you are reporting against thousands of systems, and you need to break them up into smaller groups. Also it isnt ideal for enterprise as permissions are a nightmare when you only want certain people to see certain assets.
It is actually much more expensive for a large company to try to use OpenVas
-
@irj said in Network Vulnerability Scan with REporting:
@obsolesce said in Network Vulnerability Scan with REporting:
What does everything OpenVAS does, and giving you the same info such as fixes/resolutions, but is faster for larger environments?
Yeah, but OpenVas is a resource pig, and the reporting isnt very good when you are reporting against thousands of systems, and you need to break them up into smaller groups. Also it isnt ideal for enterprise as permissions are a nightmare when you only want certain people to see certain assets.
It is actually much more expensive for a large company to try to use OpenVas
I'm not using it for thousands of systems at once, and permissions are not an issue. At most a scan is against a hundred or two devices at once. Maybe that's why I haven't noticed any slow or clunkyness.
But for in the future, I am curious of what to use that compares to OpenVAS, but is better with speed and permissions?