Learn how to collect vulnerability management system data. Jungwoo shows what vulnerability management system data looks like and how it can be stored in an XML format.
- [Instructor] Unlike the packet capture and intrusion detection prevention systems which support standards like PCAP, vulnerability management systems and SIEMs tend to have more proprietary output data formats. This has a lot to do with the fact that vulnerability assessment systems and SIEMs are more so a data sink rather than a data source. Being less likely to send their own data to another system these systems are less obligated to make their output data format compatible with any known standards.
For example, Nessus is a leading commercial vulnerability assessment tool. As a result of its vulnerability assessment it generates a report detailing the various weaknesses of a network and its constituents. There is an export option in the Nessus web application. When you export a Nessus report it generates a .Nessus file which is essentially an XML file and contains tags to indicate different parts of a typical Nessus report.
The top level tags are policy and report. The starting and ending policy tags surround configuration information for a Nessus instance which generated the report. The report tag pair holds the details of a Nessus vulnerability report. Although it's file extension i.e. .Nessus is proprietary it is encouraging to see that Nessus is using a standard like XML in its latest version of the .Nessus file format.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization