Solved: Nessus on MARS

francisco del cura ferreira · ‎02-19-2008

Hi:

I am reading the User Guide for the appliance and I've a doubt. In the User Guide appears the next:

"When a signature fires on an IDS and it is reported to MARS, MARS can either launch a targeted scan using Nessus".

Is Nessus implemented in the appliance?, MARS automatically does the Nessus?, Where can I see the results of the Nessus, in a query, an incident?.

Sorry, last doubt, I want to change a Standalone in Local Controller. I imagine I can do that acquiring a new license, right?

Many thanks,

Regards

mhellman · ‎02-20-2008

FWIW, my understanding is that the MARS doesn't do a full on Nessus vulnerability scan..it's mostly trying to identify the version and patch levels and the OS and network services.

View solution in original post

mhellman · ‎02-19-2008

Yes, Nessus is integrated. You don't have a lot of visibility into its workings though. You can't configure it, update it, or view its output (in the traditional sense).

"Sorry, last doubt, I want to change a Standalone in Local Controller. I imagine I can do that acquiring a new license, right? "

I'm not sure what you mean. There are local controllers and there are global controllers. Are you asking about upgrading a local controller to a global controller?

francisco del cura ferreira · ‎02-20-2008

Ok, but if I cannot view the results of Nessus, how can I know if a server, for instance, is vulnerable to an attack?. Is it impossible update Nessus?, not even when upgrade the MARS?.

Regarding Standalone, actually, the customer has an only MARS as Standalone and they are thinking about to acquire another one for other location and a Global Controller in order to manage the two appliance. I imagine we need a new license for the Standalone so, in this manner, to convert it a Local Controller.

Finally, is it possible to upgrade a Local Controller to a Global Controller?, I thought it was impossible. Global Controller are appliances independent, right?.

Many thanks for your help

mhellman · ‎02-20-2008

>>Ok, but if I cannot view the results of Nessus, how can I know if a server, for instance, is vulnerable to an attack

We don't use the functionality because it's so poorly documented. I'm in a large enough environment where allowing a process to willy-nilly scan the network would be irresponsible. Hopefully someone who uses this functionality can provide some details. MARS does support some external vulnerability assessment software too.

>>Finally, is it possible to upgrade a Local Controller to a Global Controller?, I thought it was impossible. Global Controller are appliances independent, right?.

I don't believe it's possible to upgrade a LC to a GC. I've never seen a product number for it when looking at the price lists anyway. You should contact your local Cisco rep to determine this though.

mhellman · ‎02-20-2008

FWIW, my understanding is that the MARS doesn't do a full on Nessus vulnerability scan..it's mostly trying to identify the version and patch levels and the OS and network services.

pplsi · ‎02-21-2008

I agree with mhellman on that nessus I believe only check for OS, version etc. I also agree on not using it.

If you do I wouldn't let it scan your printers. Everytime we had an alert with a printer ip it would scan and mess up the printers.

Our printers are all in their own vlan and I excluded them from being scanned if and alert was found. Now I just am not using it.