mailing list archives
Re: Nessus and Sans top 20
From: xelerated <xelerated () gmail com>
Date: Fri, 14 Apr 2006 20:16:25 -0400
I ask for a purely regulatory/auditor stand point.
I realize its out dated, and its not what i focus on, but
with a large org, with to many hands in the pot,
if a sans top 20 issue is out there, i HAVE to clear it up
before an auditor finds it.
Plus, its nice for them to see that we do it, just for
the horse and pony show.
On 4/14/06, Tim <pand0ra.usa () gmail com> wrote:
May I ask why? In my _opinion_, basing vulnerability scans on the SANS
Top 20 is a step towards disaster. Keep in mind that the SANS Top 20
is not updated on a frequent basis, I believe it is done quarterly. If
(I am not saying this is a certainty) the system is out of date on
patches the SANS Top 20 will probably not flag all of the issues.
I have seen organizations base their scanning policy on the ST20
thinking they were covered. When we came in to do an audit the scans
revealed MANY more issues then they were aware of. At that point we
had to calm them down and explain why their scans differed so much
from ours. In my personal opinion I think the ST20 is fun to look at
but is a disaster waiting to happen.
The only benefit I can see in doing this is to show the
client/management that only following the ST20 is setting them up for
a compromise. As for your original question you can manually go
through the plugins and map those back to the ST20. I don't remember
if there is some way to search for those.
On 4/14/06, xelerated <xelerated () gmail com> wrote:
I have looked pretty heavily for an easy way to generate an Sans Top 20
result list from a nessus scan.
Be it a filter and doing just a scan for sans top 20's or
filtering from an already ran scan.
The closest thing I have found was update-nessusrc.
So far i cant get it to generate a new rc for the top 20s.
It just hangs.
Is there any way to get a Top 20 report for nessus?