01-18-2009 10:06 AM
i heared that mars has built-in scanning tools (Nessus, NMAP), but how the steps to enable this tools to work on resulting incidents
01-19-2009 08:46 PM
Nessus is built-in, hence functional by default. All you got to do is add the devices, use built-in rules which trigger incidents when matched by particualr events/sessions. You don't need to enable/disable these tools as the most recent upgrade of MARS contains most recent signatures/rules for the scanning tools.
regards,
Mohsin
01-22-2009 02:13 AM
well , but for any incident how do i know that nessus or nmap has run a scan during this incident & how can i see the output of the scan
01-22-2009 05:12 AM
When you click an incident, on top it will show you the RULE that was matched by the said event/session. And its not that scan is run on events, its just the rule matching process for each and every session (correleted set of events)..
01-22-2009 12:01 PM
you mean that the scan happens in the background but no means to see that scan happened for specific host?
the second issue: if i added third party VA tool like Mcafee founstone , is there any mean to knoe the scans happened & its content & result
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide