These are projects posted by the students of Dr. Gove Allen at Brigham Young University. These students have taken one semester-long course on VBA and generally have had no prior programming experience

Friday, December 9, 2011

Vulnerability Report Analyzer

Executive Summary


Security specialists utilize a vast array of tools to perform different scans on companies’ systems.  These tools are utilized to detect potential vulnerabilities that relate to the configuration and patch level of a given server.  Upon performing a vulnerability scan, security specialist analyze the data in order to separate false positive alerts from real system weaknesses.  This analysis process can be tedious and challenging due to the large amount of data produced by the scanning tools.  A factor that largely contributes to the difficulty to analyze data is that not all tools generate reports that can be easily exported to a spread sheet.  One of such tools is Tenable’s Nessus Scanner.   


The Nessus scanner is widely used by security professionals to analyze the vulnerability level of a given company.  However, Nessus’s reports are only made available on an HTML format.  While the reports have greatly improved since the initial launch of Nessus, it is still difficult to summarize data to present it to management in a meaningful way.  


The Vulnerability Report Analyzer is a program that imports Nessus’ scan results and creates a report table where management can easily sort through each finding.  The program can generate a summary of the top ten servers with the most critical vulnerabilities as well as a comparative graph that indicates the type of vulnerabilities per server.  Users are able to create multiple reports within the spreadsheet.  The program is flexible to allow users to append results of scans performed at a later date to original reports.  This feature is useful to generate a single monthly scan report while weekly scans are performed.  The program automatically generates pivot tables for each report in order to assist management in filtering different field.  Graphs are also generated from pivot tables that can be filtered by hosts and vulnerability risk levels.  This tool is particularly useful for environments that host hundreds of systems and where multiple vulnerability scans are performed.  


Given than Nessus has several HTML report outputs, it is important to mention that this program currently works only with the “Detailed HTML Report (by finding)”.  Further functionality could include:
·          Addition of other Nessus report outputs;
·         Import of .csv files from other scanning tools such as McAfee’s Foundstone;  and
·         Trend analysis to detect those servers that continually present the same vulnerabilities. 

Overall, the program is a useful tool that can be utilized to gain meaningful information on the status of systems.  As far as implementation of VBA concepts, the program makes use of virtually every topic discussed during the semester, from ranges, to forms and from arrays to pivot tables.  I am confident that you will find this tool very useful in your analysis of vulnerability reports.

Links:
http://files.gove.net/shares/files/11w/au22/VulnerabilityReportAnalyzer_-_AntonioUriarte.pdf
http://files.gove.net/shares/files/11w/au22/VulnerabilityReportAnalyzer_-_Antonio_Uriarte.xlsm
http://files.gove.net/shares/files/11w/au22/VulnerabilityAnalyzer-NessusFiles.zip

No comments:

Post a Comment

Blog Archive