by Dave Breslin
June 13, 2012
This report template focuses on vulnerabilities discovered in four of the most popular cross-platform web browsers.
- June 13th 2012, version 1, SecurityCenter 4.4
- Required Tools: PVS
- Download Example - Chrome, Firefox, Opera and Safari (PVS)
- Download Template - Chrome, Firefox, Opera and Safari (PVS)
The template when reporting on host details includes DNS name, NetBIOS name and MAC address information. This information will need to be retrieved using Nessus and may already be provided if Nessus and PVS vulnerability data is being blended together in SecurityCenter. Alternatively the fields with the extra host information can be removed from reporting using the GUI driven SecurityCenter report builder leaving just the host IP address. Internal DNS names and NetBIOS names may not be appropriate when reporting on hosts such as smartphones which is reflected by a couple of the hosts attached to wireless networks in the example report. Also, we may be monitoring business partner connections ensuring partners are patching client and server applications in which case active scanning, generating network packets, with Nessus may not be allowed on partner connections.
The template presents CVSS ranges, severity rating and vulnerabilities with known exploits as three different ways to divide trend data. There are many more ways to filter vulnerabilities including the ability to subdivide by location (asset list) and subnet.
The "Chrome", "Firefox", "Opera" and "Safari" chapters filter on those vulnerabilities known to have exploits. At the time of posting this report template, June 2012, PVS Version 3 unlike Nessus sets the "Exploit Available" flag available in the SecurityCenter vulnerability filters only if there is an exploit available in Canvas, Metasploit or Core Impact. So in general PVS when compared to Nessus will report a smaller subset of vulnerabilities as having exploits available.
Demonstrating daily trending over time is invaluable and necessary when using passive vulnerability detection. The template's graphs trend over the last 7 days, however, it is more probable that remediation will not be as aggressive in a large enterprise and changing the trending timeframe is very easy with the GUI driven SecurityCenter report builder.
When trending using PVS data ensure you understand default settings in regards to PVS like this one in SecurityCenter: