Tenable Blog

A useful event to know about on any network is when something new happens on a given server for the first time. This is a very simple concept and extremely useful.

Regardless if your event logs are from UNIX systems, router access control violations, wireless access DHCP logs, intrusion detection systems or so on, after a certain period of time, the same events tend to repeat themselves. This is because most of our networks run controlled and automated processes.

Tenable recently added a credentialed Windows check (Nessus ID #23910) to find systems that have been infected by certain viruses. The check considers the contents of the file:

I recently encountered logs from a Buffalo Wireless Access Point. DHCP leases and MAC address associations generate logs like this:

Tenable's CSO, Marcus Ranum, discusses many of the trends, assumptions and misconceptions about computer security facing us today. Mr. Ranum discusses why security mechanisms fail and why it is such a hard state to be "secure". Slides and audio are available below:

If you are performing credentialed patch audits with Nessus, you can also create an inventory of installed software on each of your UNIX and Windows hosts. This blog post will review how Nessus can perform these tasks and what you can do with the results.

Finding Software on UNIX and Windows Systems