Closed emory closed 7 years ago
I am adding host/plugin black listing soon, right now you have to tailor the queries to exclude specific IPs/plugins
i have a script i run on the dataset before i generate reports to do it something like this
downgrade_vulns = [41028, 10264]
#41028 = snmp public
#10264 = snmp default
#
downgrade_vulns.each do |plugin_id|
items = Item.where(:plugin_id => plugin_id).all
items.each do |item|
item.severity = 1
item.save
end
end
for lowering rating on plugins that are poorly reported.
Only solution I have for now, I started work on black listing but it is not done yet. I am waiting for nessus 5 to release the next version.
On Jan 4, 2012, at 10:23 AM, emory wrote:
Ignoring a plugin
Is there a way to ignore a list/array of plugin IDs at report generation or in a template?
Ignoring an ip address
Is there a way to ignore a list/array of IP addresses at report generation or in a template?
Reply to this email directly or view it on GitHub: https://github.com/hammackj/risu/issues/47
I think this is an interesting workaround. I am concerned (as I have the same need) that if I do this then I lose the original severity and my boss and client will want this preserved somehow.
How hard would it be to just add a new column with called "ignore" that can be set to 1 to ignore and defaults to 0? Then the query engines could just add a new "item.ignore = 0" clause.
That's an interesting idea. I will see what I can do to get something usable.
Sent from my Phone
On Jan 9, 2012, at 3:19 PM, ebdavison reply@reply.github.com wrote:
I think this is an interesting workaround. I am concerned (as I have the same need) that if I do this then I lose the original severity and my boss and client will want this preserved somehow.
How hard would it be to just add a new column with called "ignore" that can be set to 1 to ignore and defaults to 0? Then the query engines could just add a new "item.ignore = 0" clause.
Reply to this email directly or view it on GitHub: https://github.com/hammackj/risu/issues/47#issuecomment-3420528
I will be added a more complex filtering option in 1.5, this should take care of these issues.
Two questions I have after using risu for all of 24 hours (I really like it!) Is there a way to ignore a list/array of plugin IDs at report generation or in a template?
and
Is there a way to ignore a list/array of IP addresses at report generation or in a template?