search

hammackj / risu

Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
http://hammackj.github.io/risu
MIT License
63 stars 20 forks source link

ignoring specific plugin IDs (or hosts?) when reporting #47

Closed emory closed 7 years ago

emory commented 12 years ago

Two questions I have after using risu for all of 24 hours (I really like it!) Is there a way to ignore a list/array of plugin IDs at report generation or in a template?

and

Is there a way to ignore a list/array of IP addresses at report generation or in a template?

hammackj commented 12 years ago

I am adding host/plugin black listing soon, right now you have to tailor the queries to exclude specific IPs/plugins

i have a script i run on the dataset before i generate reports to do it something like this

downgrade_vulns = [41028, 10264]
#41028 = snmp public
#10264 = snmp default
#

downgrade_vulns.each do |plugin_id|
    items = Item.where(:plugin_id => plugin_id).all
    items.each do |item|
        item.severity = 1
        item.save
    end 
end

for lowering rating on plugins that are poorly reported.

Only solution I have for now, I started work on black listing but it is not done yet. I am waiting for nessus 5 to release the next version.

On Jan 4, 2012, at 10:23 AM, emory wrote:

Ignoring a plugin

Is there a way to ignore a list/array of plugin IDs at report generation or in a template?

Ignoring an ip address

Is there a way to ignore a list/array of IP addresses at report generation or in a template?

Reply to this email directly or view it on GitHub: https://github.com/hammackj/risu/issues/47

ebdavison commented 12 years ago

I think this is an interesting workaround. I am concerned (as I have the same need) that if I do this then I lose the original severity and my boss and client will want this preserved somehow.

How hard would it be to just add a new column with called "ignore" that can be set to 1 to ignore and defaults to 0? Then the query engines could just add a new "item.ignore = 0" clause.

hammackj commented 12 years ago

That's an interesting idea. I will see what I can do to get something usable.

Sent from my Phone

On Jan 9, 2012, at 3:19 PM, ebdavison reply@reply.github.com wrote:

I think this is an interesting workaround. I am concerned (as I have the same need) that if I do this then I lose the original severity and my boss and client will want this preserved somehow.

How hard would it be to just add a new column with called "ignore" that can be set to 1 to ignore and defaults to 0? Then the query engines could just add a new "item.ignore = 0" clause.

Reply to this email directly or view it on GitHub: https://github.com/hammackj/risu/issues/47#issuecomment-3420528

hammackj commented 12 years ago

I will be added a more complex filtering option in 1.5, this should take care of these issues.