Feature: Manage False Positives



Similar documents
Vulnerability Assessment. A. Open Vulnerability Assessment (OpenVAS)

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

ESISS Security Scanner

How to send s triggered by events

4. Getting started: Performing an audit

PCI Compliance. Network Scanning. Getting Started Guide

Cisco IPS Tuning Overview

ONE POS User Manual. A brief hand guide for ONE ERP POS SYSTEM MYIT SOLUTION. Latest update on: 03/09/12

How To Use Allnet Configuration Utility On A Pc Or Mac Or Ipad (Powerline) With A Powerline (Powerbook) With Powerline 2.5 (Powerbee) With An Ipad Or Powerplug (Powerplug) With

Vulnerability Assessment Lab

IBM Security QRadar Vulnerability Manager Version User Guide

Assets, Groups & Networks

M2M Series Routers. Port Forwarding / DMZ Setup

Managing Qualys Scanners

**Web mail users: Web mail provides you with the ability to access your via a browser using a "Hotmail-like" or "Outlook 2003 like" interface.

MOBILE ALERT MONITORING SERVICE TUTORIAL

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

UBIqube: guide de démarrage. UBIqube : starter guide. Setting up a vulnerability assessment profile. April / 7

SlimDrivers User Manual

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Comodo Endpoint Security Manager SME Software Version 2.1

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

Remote Access VPN SSL VPN Access via Internet Explorer

Hyperoo 2.0 A (Very) Quick Start

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

Select Correct USB Driver

Software Vulnerability Assessment

How to FTP (How to upload files on a web-server)

Encrypted Users Guide. Revised 6/8/2015

IBM Security QRadar Vulnerability Manager Version User Guide IBM

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

HOWTO SAP SECURITY OPTIMIZATION WITH SAP SOLUTION MANAGER

Release Notes for Websense Security v7.2

ESET Mobile Security Business Edition for Windows Mobile

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Contents. VPN Instructions. VPN Instructions... 1

Windows: File Management. Lesson Notes Author: Pamela Schmidt

Integration Guide. LogicNow MAXfocus

Knowledge Base Articles

AV Management Dashboard

Installing the LotusLive TM Package for Salesforce.com

Kramer Electronics, Ltd. Site-CTRL and Web Access Online User Guide (Documentation Revision 2)

Setting up VMware Server v1 for 2X VirtualDesktopServer Manual

Image and Document Manager. Pontem Software. User s Guide Version /01/2013. Pontem Fund Accounting Software Suite

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Sophos Endpoint Security and Control standalone startup guide

Initial Setup of Microsoft Outlook with Google Apps Sync for Windows 7. Initial Setup of Microsoft Outlook with Google Apps Sync for Windows 7

vcenter Support Assistant User's Guide

Malwarebytes Anti-Malware 1.42

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Proofpoint Anti-SPAM Quarantine System

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Importing and Using your Personal Authentication Certificate with Mozilla SeaMonkey Client (PC)

Advanced Event Viewer Manual

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

Manipulating Microsoft SQL Server Using SQL Injection

Citrix XenServer 5.6 OpenSource Xen 2.6 on RHEL 5 OpenSource Xen 3.2 on Debian 5.0(Lenny)

Using the University s Spam and Virus Filtering Service

Avira Professional Security Migration to Avira Professional Security version HowTo

a partition (drive letter) has been deleted or is missing (and a Fast Format Recover did not work);

Lab Configuring Access Policies and DMZ Settings

Super Anti-spyware Free Edition User Guide

Knowledgebase Article

Security Analytics Engine 1.0. Help Desk User Guide

ScriptLogic File System Auditor User Guide

Vulnerability Scanning and Patch Management

How to access your from WORK & HOME

IBM Security QRadar SIEM Version MR1. Administration Guide

This guide provides step by step instructions for using the IMF elibrary Data - My Data area. In this guide, you ll learn how to:

1 Disabling Access to USB Mass Storage Devices

Microsoft Outlook 2000 Configuration Creation of a SPAM Filter

4.6 - Insurance Manager

Quick Start Guide FLIR Firmware Update Tool

How To Use Syntheticys User Management On A Pc Or Mac Or Macbook Powerbook (For Mac) On A Computer Or Mac (For Pc Or Pc) On Your Computer Or Ipa (For Ipa) On An Pc Or Ipad

Remote Desktop access via Faculty Terminal Server Using Internet Explorer (versions 5.x-7.x)

Western University Spam Firewall User s Guide

Contents. McAfee Internet Security 3

How to recover IE Client

Administration Quick Start

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008

FreeFlow Accxes Print Server V15.0 August P Xerox FreeFlow Accxes Print Server Drivers and Client Tools Software Installation Guide

CNW Re-Tooling Exercises

Setting up Hyper-V for 2X VirtualDesktopServer Manual

avast! Small Office Administration Console Small Office Administration Console User Guide

BusinessObjects Enterprise XI Release 2

MultiClient Software Quick Guide

S ERV I S I O N A P P L I C A T I O N M U L T I C L I E N T. Copyright Copyright 2011 SerVision Inc. All Rights Reserved.

Information Security Office

DiamondStream Data Security Policy Summary

AppMetrics for Transactions SCOM Management Pack Users Guide

Product Guide. McAfee Endpoint Security 10

Using WhatsUp IP Address Manager 1.0

Novell ZENworks Asset Management 7.5

Write & Print Checks

Microsoft Outlook 2003 : Creating an Spam/Junk Mail Filter

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

Discovery Guide. Secret Server. Table of Contents

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

Transcription:

Feature: Manage False Positives Content Marking a result as False Positive Advanced use of overrides Override management Introduction A False Positive is a alert although the reported problem does actually not exist. Copyright 2009-2015 Greenbone Networks GmbH Origin and current version of this document: www.greenbone.net/learningcenter/false_positives.html The vulnerability scanner is often confronted with indicators on a security problem instead of a clear proof. Reporting about the indiciators might produce a False Positive. Not reporting about it might produce the opposite, a False Negative. A False Negative is a missing alert where actually a problem does indeed exist. While False Positives are managable, False Negatives, as a matter of fact, are not. Tolerating False Negatives in order to keep False Postives low therefore means to have no authoritative scan results and vulnerability assessments. Example for a False Positive: A service running on a target system may identify itself as version "1.3.11" during a remote scan which is known to be a vulnerable version. Without further knowledge of the system, the vulnerability scanner has reason to believe that a vulnerability exists and will include this in its reports. However, a human administrator of the target system may know that this service has already been security-fixed to "1.3.11-1", but still the service identifies itself as its original version. Marking a result as False Positive Marking a result as a False Positive means to create a override rule. To do this, simply click on the icon. The following steps provide an example for marking a result as a False Positive. A scan of a remote target system has resulted in a security issue classified as "Medium" regarding the SSH service running on the machine: Feature: Manage False Positives 10/13/2015 1/8

We happen to know that the target system is running Debian GNU/Linux "Lenny" 5.0 with the latest security updates installed and suspect that this message is a False Positive. While checking the vendors advisory page we discover that the system does indeed contain OpenSSH in the version 5.1p1-5 but we also see that the issue has already been fixed. Thus, the vulnerability does not not exist in the service which is running on the target system, meaning we have found a False Positive. We mark the result as a False Positive by clicking the icon. Feature: Manage False Positives 10/13/2015 2/8

In this dialog, we can either use the defaults, which will mark the result for the combination of host and port for all scans in this task as a False Positive or we can generalize the override, for example by applying it to any task which scans this target. In either case it is a good idea to include a descriptive text explaining why this result is considered a False Positive. Once this is done, click the "Create override" button. Feature: Manage False Positives 10/13/2015 3/8

The override is applied immediately, the scan result now contains no "Medium" issue any more and the result which we marked as False Positive is not displayed by default. To see it, add issues marked as False Positive to your filter by checking the appropriate box. Feature: Manage False Positives 10/13/2015 4/8

Within the report browser any override can be deleted directly ( ), edited ( ) or reviewed in detail ( ). Because some results can be very long there is an indicator icon at the top of the result ( to directly jump to the override at the bottom. ) that can be clicked Feature: Manage False Positives 10/13/2015 5/8

Advanced use of overrides When marking the result as a False Positive, you probably noticed that the "New threat" option is set to "False Positive" by default for new overrides. However, you can set it to an arbitrary threat level instead. This can be useful in situations where the vulnerability scanner classifies an issue as a low or medium threat, but you consider it a high threat because of the circumstances in your network. Override management Once you have created overrides, you can manage them in the Scan Management section. Associations and contents can be reviewed via the details dialog. Feature: Manage False Positives 10/13/2015 6/8

It is possible to directly jump to the respective NVTs. The NVT details dialog lists all overrides associated with this NVT and allows one to manage the overrides directly. Feature: Manage False Positives 10/13/2015 7/8

Feature: Manage False Positives 10/13/2015 8/8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information