ServerNotFound
asked on
Nessus scan - TLS/SSL errors on servers
We have Nessus scans running against all servers as part of security and compliance.
This is causing a lot of TLS/SSL errors on the servers every week.
More info on the setting in Nessus causing this: https://discussions.nessus.org/message/24142#24142
Is there any way to add the Nessus servers to a 'safe list' so that they will not flood the event logs of servers every week when these scans are run?
This is causing a lot of TLS/SSL errors on the servers every week.
More info on the setting in Nessus causing this: https://discussions.nessus.org/message/24142#24142
Is there any way to add the Nessus servers to a 'safe list' so that they will not flood the event logs of servers every week when these scans are run?
ASKER
Unfortunately we cannot disable any of the plugins. We actually are not using most of the ones listed. We cannot disable the SSL cipher scanning as this is part of a security compliance definition.
You should silence SSL server log by masking out particular scan error (making sure you are not vulnerable)
If that is the case, then the server end has to be not "noisy" then. You can try this then
If you see also DCOM error with Schannel errors, then can try in Group Policy Editor (run: gpedit.msc), went to Computer Configuration > Administrative Templates > System > Distributed COM > Application Compatibility and enabled "allow local activation security check exemptions"
Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentCon trolSet\Co ntrol\Secu rityProvid ers\SCHANN EL
On the Edit menu, click Add Value, and then add the following registry value:
Value Name: EventLogging
Data Type: REG_DWORD
Note After you add this property, you must give it a value. See the table in the "Logging options" section to obtain the appropriate value for the kind of events that you want to log.
Value Description
0x0000 Do not log
0x0001 Log error messages
0x0002 Log warnings
0x0004 Log informational and success events
If you see also DCOM error with Schannel errors, then can try in Group Policy Editor (run: gpedit.msc), went to Computer Configuration > Administrative Templates > System > Distributed COM > Application Compatibility and enabled "allow local activation security check exemptions"
ASKER
These options would disable ALL errors of this kind.
We would still want to have errors when the source was something other than the the Nessus servers.
We would still want to have errors when the source was something other than the the Nessus servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yp if you install snare or sort of log agent to pipe the event over to log server for aggregation. from windows perspective, the event log will likely still be available even with log piped though unlikely probably the norm network device etc. I maybe wrong though but the intent for log server is correlate and for some storage for a longer term
Maybe it ie better than to disable the plugin (see from forum) instead trigger all these alert since it expected and should not be that of high risk and other vulnerability is more important and safeguarding the servers as not to DoS them inadvertently.