You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-- issue 1
The issues around what is credentialed scans has been coming up a lot.
The metrics you mention are incomplete. The issue is really at this point you need to combine many of the other metrics together.
At a high level you need these metrics:
Systems scanned (all supported protocols for the OS Type)
Systems scanned, but the OS has a low confidence level - This is very important as the OS detect determines the credentials used, and if the OS detection is wrong, so will the authentication.
Systems scanned and the OS has a high confidence level - most likely will have the correct creds.
Systems scanned of certain type and the OS detection is high. - The issue here is two systems, for example a Cisco Router and Debian, use SSH, but the creds are not the same. So you will want to separate out those aspects.
Systems scanned where no authentication was attempted - in this use case, the OS was detected and the scanner could have used creds, but for some reason no authentication attempt was made.
Systems scanned where authentication was attempted but the creds are bad - this helps people identify a mis-config or bad creds.
Systems scanned where authentication was good, but not root access - in this case the creds used worked, but did not have privileges to run the needed scan.
Systems scanned where authentication was good, but some checks failed - this could be permissions at the file level, missing files, etc.
Systems scanned where authentication was good, and all checks where completed without errors.
The sub-control should really have metrics for all these instances. And then give examples of various levels at and several common OS's. Listed below are a few links to explain this steps in more detail using Tenable.sc.
-- issue 1
The issues around what is credentialed scans has been coming up a lot.
The metrics you mention are incomplete. The issue is really at this point you need to combine many of the other metrics together.
At a high level you need these metrics:
The sub-control should really have metrics for all these instances. And then give examples of various levels at and several common OS's. Listed below are a few links to explain this steps in more detail using Tenable.sc.
https://www.tenable.com/assurance-report-cards/tracking-debian-ubuntu-and-kali-authentication-scan-results
https://www.tenable.com/assurance-report-cards/tracking-cisco-juniper-and-paloalto-authentication-scan-results
https://www.tenable.com/assurance-report-cards/tracking-solaris-authentication-results
https://www.tenable.com/assurance-report-cards/tracking-red-hatcentos-authentication-scan-results
https://www.tenable.com/assurance-report-cards/tracking-windows-authentication-scan-results
The text was updated successfully, but these errors were encountered: