1. Subnet Based Scanning for Large Networks ( ideal where lots of rogue hosts are not accountable on physical/system inventories )
2. System Based Scanning grouping Hosts together for Asset based scan, good for groups such as DC's, Exchange, SQL, Web, and other types of servers. These can be reoccurring jobs or as needed for accreditation or general security review.
3. Subnet Based Scanning in conjunction with Manual Jobs / etc. Will automatically populate the Host table to enable the Host tracker for all systems where FQDN names can be resolved.
4. merge_kkline branch goes to great lengths to resolve names, it will check /etc/hosts, Nessus results, DNS, per /etc/resolv.conf, and falls back to a comma separated list of DNS servers per inprotect_settings where settingName = 'nameservers', this allows you to specify all the name servers used example in my environment with multiple domains not in the same forest, and which do not forward lookups to the correct domain for a hostname obtained from plugin 10150 or the IP alone. Gives you a much higher rate of success in those environments.
5. Incident Tracker ( table to track all Critical/Highs as a cumulative tracker that will show life timer from date discovered until date closed.
6. Executive Summary for Reporting Based on Subnet Scans
7. Incident Reporting ( a bunch of Reporting on Critical/Highs per Incident data
8. Vulnerability Management ( currently implementing ) Vulnerability Management. Current Plans is to report on open Incident results associated with ISVM ( Information Systems Vulnerability Management Reports ) which require compliance on various CVE'S per a governing body/agency. This allow you to monitor compliance, and quickly identify Host Ip's, their Site Facility, Date Last Scanned per the canned interface reporting design.
9. Dashboard Views ( Summary of Running Scans / Network Health / Network Hosts / Network Systems )
10. Auditng merge_kkline branch takes auditing very serious ( track user actions and changes made / reports viewed / scanned run / admin functions /etc )
11. Self Service ( Provide Self Service to your It Security Specialist to empower them to proactive and become more security aware. ). Self service allows you to control / restrict access to / data / profiles / zones they can scan / etc. People often will be more open to doing thing themselves where they might not have asked to have a system audited otherwise ( maybe fear of who see the report / criticisms / etc )

Why not do what other can do in 10 scripts in one?

Have spent over a year perfecting the back end scanner script. I have over 60 builds that have brought me to my current version.

Very stable, should never have a scan that fails, in such a way you have to do a reset

  nessusCron_1.60.pl -r yes # nice huh ( this script does nearly all functions ).

  Monitors for failed subnets scans and can re queue them should nessus client - server hang up occurs, or other
  problems such as ssl error connecting to server.

  Worked through problem where a select nessus scanner node running on solaris would not accept connections from 
  nessus client every so often.  Scans would fail it would keep being the server that could take the next job, it
  would fail about every job in the queue over time.  code implemented to detect such an issue and take offending 
  server offline ( flag it as disabled, set max scans to zero in the db, requeue subnet, another node should pick 
  up the job so long as the offline server was not set as the target ( designated ) server for the job.

Back end nessusCron provides various functionally to perform tasks : run jobs | inprotect reset | queue all subnets for scanning | import manual scans

[root@fs1 sbin]# ./nessusCron_1.60.pl

NESSUSCRON     ::    Inprotect Job Manager for Nessus    ::    VERSION: 1.64

————————————————————————————-

      USAGE: ./nessusCron.pl [-cdij:k:l:no:qr:st:u:v:w:h?]

1. d :: Enable Full Debug to Log and Leave Temp Files in Place after scan
2. c :: Process Work in Queue via Nessus Client Mode
3. s :: Process Work in Queue via ScanLite Mode
4. r :: Reset Kill all jobs (REQUIRES ARGUMENT 'yes')

EX: ./nessusCron.pl -r yes

1. i :: Import Scan Report in nbe format
   1. t : TargetFile /Path/Name
   2. o : OutFile /Path/Name
   3. j : JobType [C|M|R|S] (Cron/Manual/Request/Scheduler)
   4. k : JobName

EX: ./nessusCron.pl -i -t /tmp/targets -o /tmp/nessus_test.out -j C -k “My Server Farm”

1. q :: Queue Subnets for Scanning !!Warning: (gun owners) this is nessus full-auto equiv!!
   1. l : [ORG|AUDIT] list available ORG/AUDIT names
   2. t : [now|20070101000000] (queue all subnets not scanned since [TIME]
   3. o : [ORG] - additional filter subnets queued to only selectED [ORG]
   4. n : override default [enabled] scan notifications to [DISABLED]
   5. u : [CREDID] - override default credential id for scanning
   6. v : [VSET] - override defaultVSET for Queue
   7. w : [WINAUDIT] /PATH/NAME of Windows Compliance Audit to Run

if ( ! $winaudit =~ /^ ) { $winaudit = “$config{winAuditDir)/$winaudit”; } EX: ./nessusCron.pl -q -o Finance -t now EX: ./nessusCron.pl -q -t now -n -u 31 -v 3 -w FDCC_v90_v2.audit -h :: Get This Help Nessus Cron is the backend interface to managing scans. nessus cron will provide a number of inprotect functions. By default, this should be implemented in scanlite in the following format: */1 * * * * /usr/bin/perl /var/www/Eprotect/sbin/nessusCron_1.00.pl -s > /dev/null 2>&1 Additional Tasks include: Queueing all or individual subnet zones based on dt last scanned Inprotect Reset Import Reports (Typically due to exceeding long scans failed jobs etc )