F-Secure Radar ticketing

2 Replies

F-Secure Radar ticketing. I personally don’t use ticketing systems integrated in VM solutions. I think it’s hard to explain IT guys why they should use yet another ticketing system for patching tasks only additionally to their main Jira or whatever they use (see “Vulnerability scanners: a view from the vendor and end user side“).

But I assume that for some companies this feature may be useful or even critical.

Anyway, it’s always nice to see how the vendor works with vulnerability data to get some ideas for own ticketing procedures (see “VM Remediation using external task tracking systems“).

In F-Secure Radar you can create tickets at “Vulnerabilities” tabs. Here is the a whole list of detected vulnerabilities (filtered by CVSS > 8 by default).

F-Secure Ticketing

Continue reading →

F-Secure Radar basic reporting

2 Replies

F-Secure Radar basic reporting. In previous post about Radar (“F-Secure Radar Vulnerability Management solution“) I was describing how to use it for authenticated and unauthenticated scanning both inside and outside of your network.

But what about the vulnerability reports?

To get vulnerability report you should open Reporting Tab. As you can see, Radar supports reports for single scan results and summary reports. I don’t actually a big fan of standard vulnerability summary reports, because in practice you will always need to change something in them, and it’s impossible in most cases.

F-Secure Radar reports

I have filtered only Linux OS scans using filter. You can also filter by friendly name (some id, that you can set manually), host name/ip , time of scanning, responsible person, severity level, scan group or even by scan tags.

Radar Filters

Continue reading →

Qualys authenticated scanning

3 Replies

Qualys authenticated scanning. Let’s see how authenticated scanning works in Qualys. Nessus stores scanning credentials in related Scan Policy (see “Tenable Nessus: registration, installation, scanning and reporting“). Iit’s not always convenient. In Qualys you can set up a scanning record and configure for which hosts it will be used.

I downloaded Qualys Virtual Scanning Appliance VirtualBox image and configured it as it was described in “Using Qualys Virtual Scanner Appliance“. The only difference: I configured second network device as VirtualBox “Host Only Adapter” to scan virtual machines on my host. You can see how to configure VirtualBox “Host Only Adapter” in my post here.

Continue reading →

Nessus API for hosts scanning

7 Replies

Nessus API for hosts scanning. When I was writing earlier about Nessus API (“Retrieving scan results through Nessus API“) I have not mentioned how to create a new vulnerability scan task and launch it fully automatically. I assumed that all vulnerability scan entities was already created and scheduled in GUI, how it is often happens in a real life. However, managing the scans via Nessus API (run, pause, resume, stop) may be also useful, for example, when we need to automatically update vulnerability status of some host. Creating scan policy with API will be still out of scope of this post. We assume, that scan policy already exists.

Nessus API for scan management

API Description is still at https://192.168.56.101:8834/api# (where 192.168.56.101 is the IP address of your Nessus host). How to install Nessus read in “Tenable Nessus: registration, installation, scanning and reporting“.

Continue reading →

F-Secure Radar Vulnerability Management solution

6 Replies

F-Secure Radar Vulnerability Management solution. In this blog I am writing mainly about VM market leaders. Most of them are US-based companies. However, there are vulnerability management solutions that are popular only in some particular country or region. About some of them you maybe have not even heard. At the same time, these solutions are rather interesting.

F-Secure Radar Dashboards

Vulnerability Scanner I want to present today, was initially developed by nSence company from Espoo, Finland. It was named “Karhu”, a “bear” in Finnish. In June 2015 antivirus company F-Secure has bought nSense and formed it’s Cyber Security Services department. The scanner was renamed in F-Secure Radar. Not to be confused with IBM QRadar SIEM 😉

Solution structure is similar to Qualys and Nessus Cloud. There is a remote server that provides a web interface: portal.radar.f-secure.com. You can scan your perimeter using the remote scanner. To scan the hosts within the network, you should deploy the Scan Node Agent on a Windows host.

Continue reading →

OpenVAS plugins in Vulners.com

3 Replies

OpenVAS plugins in Vulners.com. Great news! Vulners.com vulnerability search engine now supports OpenVAS detection plugins.

OpenVAS plugins Vulners

Why OpenVAS is important?

OpenVAS is the most advanced open source vulnerability scanner and is the base for many Vulnerability Management products.

Key vendors that produce OpenVAS-based products are Greenbone and Acunetix. There are some local vendors, such as Scaner VS by Russian company NPO Echelon.

“Vanilla” OpenVAS is also widely used when there is no budget for a commercial solution or it’s necessary to solve some specific problems, including developing own plugins for vulnerability detection. OpenVAS is integrated with wide range of information security systems, for example it is a default VM solution for AlienVault SIEM.

OpenVAS is well suited for education purposes as it is well documented and uses only open source code. For OpenVAS it’s always clear how the it works.

Continue reading →

Qualys Option Profiles for Vulnerability Scanning

1 Reply

Qualys Option Profiles for Vulnerability Scanning. When I wrote about vulnerability scanning in Nessus, I described there in detail how Nessus scan profile looks like. And when I wrote about VM scanning in Qualys, I did not mentioned scan profiles at all. But it’s also an interesting topic. In Qualys scan profile you can’t specify which vulnerability check will run during the scan, as in Nessus (Upd. Actually yes you can, but in some different manner; I added how to do it in “Scan” section). However, you can also see some options that can affect the way you do the vulnerability scanning with Qualys.

The main option for me – the lists of scanning ports. By default Qualys does not check all the ports and that could negatively affect host detection during unauthenticated scanning.

Creating new scan profile: Vulnerability Management -> Option Profiles -> New

Qualys option profiles

Title

Setting title and owner of the profile. We can use this profile as a default for launching maps and scans or share it with other Qualys users in our organization ( “Make this a globally available option profile”).

qualys new option profile

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

F-Secure Radar ticketing

F-Secure Radar basic reporting

Qualys authenticated scanning

Nessus API for hosts scanning

F-Secure Radar Vulnerability Management solution

OpenVAS plugins in Vulners.com

Why OpenVAS is important?

Qualys Option Profiles for Vulnerability Scanning

Title