Tag Archives: Tenable

Tracking software versions using Nessus and Splunk

Let’s say you have already exported scan results from Nessus or Tenable SecurityCenter to Splunk using HTTP event connector, or in some other way. And you see that some critical software vulnerability was published. For example, this month Jira critical vulnerability. How to find out, do we have vulnerable servers in our infrastructure or not?

Nessus plus Splunk

Of course we can start a new Nessus scan to detect vulnerable hosts. However, Nessus plugin for this particular vulnerability may be released with a big latency and you will not find this vulnerability in your scans. So, it’s may be faster just to search for detected Jira servers in available scan results using Splunk searching mechanism.

Continue reading

Vulners Subsriptions and Apache Struts RCE

If you work in IT Security Department of any large software developing company, you were probably searching for Apache Struts in your environment on this week.

And it’s all because of CVE-2017-5638:

Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON.
In a blog post published Monday, Cisco’s Threat intelligence firm Talos announced the team observed a number of active attacks against the zero-day vulnerability (CVE-2017-5638) in Apache Struts

This is a good example, that shows the usefulness of the Vulners.com service.

Just open cvelist:CVE-2017-5638 query and you will see all the objects related to this issue. This request works even before this CVE number appear on NVD and Mitre databases!

Vulners Apache Struts2 RCE

Here are: description of the vulnerability from The Hacker News, manual on how to use this vulnerability to gain server access from myhack58, Nessus local windows and remote cgi detection plugins.

Continue reading

Gartner’s view on Vulnerability Management market

Not so long time ago Gartner’s report “Vulnerability Management an essential piece of the security puzzle” has become publicly available. Now you can read it for free by filling out a questionnaire on F-Secure website.

Gartner VM Market Guide

At the bottom of the document there is a reference to Gartner G00294756 from 05 December 2016. This document is quite fresh, especially for not very dynamic VM market ;-), and pretty expensive. Thanks for F-secure, we can read it now for free. If you are wondering why this anti-virus company is sponsoring Gartner VM reports: year ago they have bought Finnish VM vendor nScence, and I even did a small review of this product (F-Secure Radar Vulnerability Management solution, F-Secure Radar basic reporting, F-Secure Radar ticketing, F-Secure API for scanning).

Talking about the document, I would like, firstly, to thank Gartner. Do you know who writes most articles about VM? Of course, VM vendors. And we all understand that their main goal is to promote their own products. Reports of independent consulting firms, primarily IDC, Forrester and Gartner, allow us to get some balanced view from the side. It is very important.

Here I would like to comment some theses of the text.

Continue reading

What’s actually new in Tenable.io VM application

My last post was about the structure of a new Tenable.io cloud platform. Now, let’s see what is actually new in Tenable.io Vulnerability Management application.

Tenable.io VM is obviously based on Nessus Cloud, which in its turn had features similar to Nessus Manager briefly reviewed earlier. So, today I want to concentrate only on new features.

Tenable.io VM

According to the public interface screenshots and Tenable.io datasheets, it will have some new dashboards and reports, free integration with PVS and Nessus deployed on-premise, and something very new in asset management.

Continue reading

Bye-bye Nessus Cloud, hello Tenable.io

Tenable Network Security has announced today a new cloud platform – Tenable.io. Let’s see what it’s all about.

Applications

As you can see on this figure there will be three applications available for the platform: familiar Vulnerability Management (the new name of Nessus Cloud), new Container Security (Tenable bought FlawCheck service last October) and the long-awaited Web Application Security (not available yet).

It’s not clear yet how closely these services will be integrated with each other. But now even  trial versions of Container Security and Vulnerability Management should be requested separately.

Continue reading