Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

New Advanced Dynamic Scan Policy Template in Nessus 8

0
0

According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let’s say we found out that some Nessus plugins crash our target systems. This happens rarely, but it happens. So, we decided to disable these plugins in the scan policy:


New Advanced Dynamic Scan Policy Template in Nessus 8

Ok, problem is solved. But here is the question: what will happen with the new NASL plugins that will be added by Tenable in the same group, for example Misc. ?

The answer is quite sad: Nessus doesn’t know if they should enabled of disabled, so they will be disabled in the scan policy by default. And this can lead to some False-Negatives. For example, on this screenshot you can see a fresh plugin “Xen Project Guest p2m Page Removal Error Handling DoS (XSA-277)” Published: December 13, 2018 was automatically disabled.

Previously, it was necessary to monitor this situation and add these plugins to Enabled manually or via API. But now with a new Dynamic Scan Policy template, this might be changed.

A new universal template looks like this:


New Advanced Dynamic Scan Policy Template in Nessus 8

And it’s pretty much like the Advanced Policy Template, but there is no Compliance section (I don’t know why) and the Plugins (Dynamic Plugins) tab looks differently:


New Advanced Dynamic Scan Policy Template in Nessus 8

In fact, these are the same filters that we can use in the scan results. We can combine them by AND or OR:


New Advanced Dynamic Scan Policy Template in Nessus 8

We can use any properties of the plugin:


New Advanced Dynamic Scan Policy Template in Nessus 8

And set the conditions:


New Advanced Dynamic Scan Policy Template in Nessus 8

Thus, we can exclude the following plugins from the scan policy:


New Advanced Dynamic Scan Policy Template in Nessus 8

As a nice bonus, we can also choose some interesting groups of plugins, for example, only the plugins with a link to Metasploit and preview these plugins in each plugin group:


New Advanced Dynamic Scan Policy Template in Nessus 8

It seems to me that there may potentially be problems with some linked plugins, but I hope Tenable already thought about it.

In conclusion

A pretty convenient feature, but there are some drawbacks:

It will be necessary to create new policies using this new template Advanced grouping of conditions cannot be done; you will have to create multiple policies and this can be tricky, given the difficulties in storing scan credentials inside of Nessus scan policies For some reasons it is impossible to set Compliance checks in the policy

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images