Sunday, July 8, 2012

Reports with Plugin Family Analysis

Code:
https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsV4.java
https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTableStatsV2.java

-----

I have been working on building out better charts with metrics divisions that assist in pin pointing problem areas in large networks. This started out with wanting to publish charts with vulns by OS and while I am still working on it, OS is a complicated puzzle.

Its complicated for a number of reasons;

One being OS detection is questionable and when it works some times the data has more detail that needed for simplification of OS based metrics.

Also plugins that fire based on a middle-ware are ponderous as to if you want them bunched in with the underling OS (i.e. Apache on Redhat vs Windows, etc).

So in the mean time I adjusted the Table code I had and Stats code to include the Nessus Plugin Family. This also allows me to push to gnuPlot for a nice management looking chart for vuln by OS. For the most part you can see what jumps out for places to focus on, be that Windows patches, middle-ware / application patching, web code, etc.

The one glitch type thing is Nessus uses the categories Misc and General that can be confusing and in need of some clarification.

cheer

JSN

No comments:

Post a Comment