Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
4
Helpful
4
Replies

MARS Built-in tools

davidcruise
Level 1
Level 1

‎01-18-2009 10:06 AM

i heared that mars has built-in scanning tools (Nessus, NMAP), but how the steps to enable this tools to work on resulting incidents

Labels:
0 Helpful
4 Replies 4

mohsin.khan
Level 3
Level 3

‎01-19-2009 08:46 PM

Nessus is built-in, hence functional by default. All you got to do is add the devices, use built-in rules which trigger incidents when matched by particualr events/sessions. You don't need to enable/disable these tools as the most recent upgrade of MARS contains most recent signatures/rules for the scanning tools.

regards,

Mohsin

davidcruise
Level 1
Level 1
In response to mohsin.khan

‎01-22-2009 02:13 AM

well , but for any incident how do i know that nessus or nmap has run a scan during this incident & how can i see the output of the scan

0 Helpful

mohsin.khan
Level 3
Level 3
In response to davidcruise

‎01-22-2009 05:12 AM

When you click an incident, on top it will show you the RULE that was matched by the said event/session. And its not that scan is run on events, its just the rule matching process for each and every session (correleted set of events)..

0 Helpful

davidcruise
Level 1
Level 1
In response to mohsin.khan

‎01-22-2009 12:01 PM

you mean that the scan happens in the background but no means to see that scan happened for specific host?

the second issue: if i added third party VA tool like Mcafee founstone , is there any mean to knoe the scans happened & its content & result

0 Helpful
Customers Also Viewed These Support Documents