Re: Nessus and Sans top 20

[xelerated <xelerated () gmail com>]

I ask for a purely regulatory/auditor stand point.
I realize its out dated, and its not what i focus on, but
with a large org, with to many hands in the pot,
if a sans top 20 issue is out there, i HAVE to clear it up
before an auditor finds it.

Plus, its nice for them to see that we do it, just for
the horse and pony show.




On 4/14/06, Tim <pand0ra.usa () gmail com> wrote:
> May I ask why? In my _opinion_, basing vulnerability scans on the SANS
> Top 20 is a step towards disaster. Keep in mind that the SANS Top 20
> is not updated on a frequent basis, I believe it is done quarterly. If
> (I am not saying this is a certainty) the system is out of date on
> patches the SANS Top 20 will probably not flag all of the issues.
>
> I have seen organizations base their scanning policy on the ST20
> thinking they were covered. When we came in to do an audit the scans
> revealed MANY more issues then they were aware of. At that point we
> had to calm them down and explain why their scans differed so much
> from ours. In my personal opinion I think the ST20 is fun to look at
> but is a disaster waiting to happen.
>
> The only benefit I can see in doing this is to show the
> client/management that only following the ST20 is setting them up for
> a compromise. As for your original question you can manually go
> through the plugins and map those back to the ST20. I don't remember
> if there is some way to search for those.
>
> On 4/14/06, xelerated <xelerated () gmail com> wrote:
> > I have looked pretty heavily for an easy way to generate an Sans Top 20
> > result list from a nessus scan.
> >
> > Be it a filter and doing just a scan for sans top 20's or
> > filtering from an already ran scan.
> >
> > The closest thing I have found was update-nessusrc.
> > So far i cant get it to generate a new rc for the top 20s.
> > It just hangs.
> >
> > Is there any way to get a Top 20 report for nessus?
> >
> >
> > Thanks
> > Chris
>
>
> --
> Tim