nessus scan evidence (what was scanned and when)

would a nessus scan include details of which devices/IP were scanned? We need to provide assurances that all servers joined to our domain are scanned at least every 14 days, and the only evidence we would have is the actual report. I am unsure having not used the product how the initial scan/scope is configured, but it would be interesting if you have to manually enter a list of IP's/server names, or if it integrated with AD etc, any feedback on what evidence could be used from within nesses for validating what scans they have run would be most useful. Would the scan results also include a time/date when it was run, and can the results be exported/provided by the admin and viewed on a machine without nessus installed?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
1. You should set for active scan. And focus on setting the policy to schedule a scan for “Now”, “Once”, “Daily”, “Weekly”, “Monthly”, “On Demand”, or “Dependent”. The “On Demand” selection provides the ability to create a scan template that may be launched manually at any time. The “Dependent” selection enables the scan to be scheduled after the completion of a scan selected. Also set the “Target Type” dropdown accordingly - it contains three options: Assets, IP / DNS Name, and Mixed. When Assets is selected, a list of available assets is displayed and one or more may be selected.

2. The "Nessus Network Scan Summary" chapter gives you summary counts based on resent scan times. This is to basically show you if you have been scanning everything.
the only sections that would populated is the 15 to 30 or in the Executive Summary where count of systems that are scanned within the last 14 fact, "Nessus Network Scan Summary" which contains 3 tables: Nessus Network Scan Summary - Last Scanned Observed between 15 to 30 Days Nessus Network Scan Summary - Last Scanned Observed between 31 to 90 Days Nessus Network Scan Summary - Last Scanned Observed Over 90 Days Days

3. Possible script available - E.g. sample Python/ Powershell code to get the Scan start date and Duration for specific list of 5000 IP's. "Vulnerability Detail List" gives the Scan Start Date and duration ...
just replace the login and instance info at the top with your info. You will also need to modify the query on lines 24-26 so that it only pulls plugin 19506 for the 5000 IPs that you are looking for...pulling the data out of the 'Nesus Scan Information (19506)' plugin, and doing some string parsing on the plugin output. Keep in mind that this will only work for active scans done with nessus ; Script (Python)
This module is designed to attempt to make interfacing with Security Center's API easier to use and more manageable. A lot of effort has been put into making queries into the API as painless and manageable as possible.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
For consideration
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.