Parsing Nessus v2 XML reports with python.Upd. This is an updated post from 2017. The original script worked pretty well for me until the most recent moment when I needed to get compliance data from Nessus scan reports, and it failed. So I researched how this information is stored in a file, changed my script a bit, and now I want to share it with you.
Previous post about Nessus v2 reports I was writing mainly about the format itself. Now let’s see how you can parse them with Python.
Please don’t work with XML documents the same way you process text files. I adore bash scripting and awk, but that’s an awful idea to use it for XML parsing. In Python you can do it much easier and the script will work much faster. I will use lxml library for this.
My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”. On February 12 IDC published new report about Security and Vulnerability Management market. You can buy it on the official website for $4500. Or you can simply download free extract on Qualys website (Thanks, Qualys!). I’ve read it and now I want to share my impressions.
I think it’s better start reading this report from the end, from “MARKET DEFINITION” section. First of all, IDC believe that there is a “Security and Vulnerability Management” (SVM) market. It consists of two separate “symbiotic markets”: security management and vulnerability assessment (VA).
New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it). It’s an epic and really sad news. 🙁
When people asked me about the cost-effective solution for Vulnerability Management I usually answered: “Nessus Professional with some additional automation through Nessus API”.
With just a couple of Nessus Professional scanning nodes it was possible to scan all the infrastructure and network perimeter (see “Vulnerability Management for Network Perimeter“). Price for each node was fixed and reasonable. And you could make your any reports from the raw scan data, as you like it.
Nessus Pro was still were best choice even when Tenable:
Cut off master/slave functionality in Nessus and created “Nessus Manager”.
Changed API completely during the update from 5 to 6 version.
Gradually increased the price from $1,5k to $2,7k per scanning node per year.
But unfortunately it’s not anymore. End of an era.
And what is even more sad is that Tenable does not mention disabling the API and multi-user function in the main Nessus 7 marketing, as it never was, as if it’s not very important. Just look at “Announcing Nessus Professional v7” – not a word about “API” or users. Only in additional link:
Only there, in the text (not a video) there is an information about removed features.
The nice little things like “Easily transferable license” and “Emailed scan reports and custom report name / logo” do not make it any better.
Study Vulnerability Assessment in Tenable University for free. Not so long ago, Tenable presented renewed online training platform – Tenable University. It is publicly available even for non-customers, for example, for Nessus Home users. However, not all courses are available in this case.
I decided to check it out, registering as non-customer.
ISACA Moscow Vulnerability Management Meetup 2017. Last Thursday, I attended a very interesting event entirely dedicated to Vulnerability Management – open ISACA Moscow meetup. Me and my former colleague from Mail.Ru Group Dmitry Chernobaj presented there our joint report “Enterprise Vulnerability Management: fancy marketing brochures and the real-life troubles”.
The number of registered participants totaled 120. As I can tell looking at the photo below, there were about 80 people in the hall after the second presentation. For a highly focused local information security event, it’s a lot. According to the organizers, it was the largest ISACA Moscow meetup. Thanks to everyone who came!
I would like to mention a well-structured agenda. There were 4 presentations arranged in order: from the most theoretical / methodical to the most practical. And our presentation was the last one.
Oleg Boyko started the event. He was talking about the place of Vulnerability Management in COBIT 5 framework. I don’t know COBIT good enough to comment on this. The main thing I’ve noticed is that among the 37 COBIT 5 processes, there is no a process for managing the vulnerabilities, such as Manage Assets or Manage Configurations.
PHDays VII: To Vulnerability Database and beyond. Last Tuesday and Wednesday, May 23-24, I attended PHDays VII conference in Moscow. I was talking there about vulnerability databases and the evolution process of vulnerability assessment tools, as far as I understand it.
But first of all, a few words about the conference itself. I can tell that since the last year the event got even better. I’ve seen lot of new faces. Some people I didn’t know, but they knew me by my blog and accounts in social networks. What a strange, strange time we live in! I was very pleased to see and to talk with you all, guys! 🙂
PHDays is one of the few events that truly brings all Russian community of security professionals together. I’ve seen people I have studied with in university, colleagues from the all places where I have been worked, and nearly all researchers and security practitioners that I follow. Big thanks for the organizers, Positive Technologies, for such an amazing opportunity!
It is also a truly international event. You can see speakers from all over the world. And all information is available both in Russian and English. Almost all slides are in English. Three parallel streams of reports, workshops and panel discussions were dubbed by professional simultaneous interpreters, like it is a United Nations sessions or something, recorded and broadcast live by the team of operators and directors. Final result looks really great.
Video of my presentation:
I was talking too fast and used some expressions that was hard to translate. The translator, however, did an awesome job. He is my hero! 🙂 If you didn’t understand something on video, I made a transcript bellow.
A version without translation for Russian-speakers is here.
Slides:
Unfortunately gif animation is not working in the Slideshare viewer.
Today I would like to discuss vulnerability databases and how vulnerability assessment systems has been evolving. Prior to discussing vulnerability databases I need to say that any vulnerability is just a software error, a bug, that allowing hacker to do some cool things. Software developers and vendors post information about such vulnerabilities on their websites. And there are tons and tones of vendors, and websites, and software products, and vulnerabilities.
Of course we can start a new Nessus scan to detect vulnerable hosts. However, Nessus plugin for this particular vulnerability may be released with a big latency and you will not find this vulnerability in your scans. So, it’s may be faster just to search for detected Jira servers in available scan results using Splunk searching mechanism.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.
