Solaris Software Enumeration with Nessus
Tenable's research group has released several hundred new plugins for Nessus in the last few days. One of them in particular is very useful for Solaris environments.
Plugin #29217 enumerates all installed software packages on Solaris operating systems. It leverages SSH credentialed scanning to obtain these results.
Previously we have blogged about how enterprise software discovery can be performed with Nessus network scans, credentials scans and continuous passive network analysis with the Passive Vulnerability Scanner.
A key point of these blogs is to be able to use products like the Security Center to automatically classify your systems into unique asset groups based on the software installed on them. For example, the Security Center can use the output from this Solaris plugin to classify Solaris systems that do or don't have a certain Tivoli agent installed on them. This allows complex enterprise networks to be simplified so the process of patch auditing, configuration auditing and event/log analysis can be performed much easier.