Last updated at Thu, 29 Aug 2024 20:50:52 GMT
The new version of Reporting Data Model (1.3.1) allows Nexpose users to create CSV reports providing information about credential status of their assets, i.e. whether credentials provided by the user (global or site specific) allowed successful login to the asset during a specific scan.
Credential Status Per Service
The new Reporting Data Model version contains fact_asset_scan_service
enhanced with the new column containing the information about credential status for an asset per service during the particular scan. Credential status information is provided for five services: SNMP (version 1, 2c and 3), SSH, Telnet, CIFS and DCE Endpoint Resolution.
For these services the following credential statuses can be reported:
Credential status | Relevant Services |
---|---|
No credentials supplied | SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution |
Login failed | SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution |
Login successful | SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution |
Allowed elevation of privileges | SSH |
Root | SSH and Telnet |
Login as local admin | CIFS, DCE Endpoint Resolution |
Newly added dimension dim_asset_service_credential
can be used to report on the most recent credential statuses asserted for services on an asset in the last scan performed on this asset.
Both fact_asset_scan_service
and dim_asset_service_credential
can be joined with the newly added dim_credential_status
which provides the above statuses in a human readable form. Examples of queries which can be used to report the credential status per asset per service can be found in the document listed at the bottom.
Credential status across services
Nexpose users can now create reports providing the snapshot of credential statuses for an asset, i.e. information about credential status for an asset aggregated across all services discovered in the scan. The newly enhanced fact_asset
and fact_asset_scan
now report the following statuses:
Credential status | Description |
---|---|
No credentials supplied | At One or more services for which credential status is reported were detected in the scan, but there were no credentials supplied for any of them. |
All credentials failed | At One or more services for which credential status is reported were detected in the scan, and all credentials supplied for these services failed to authenticate. |
Credentials partially successful | At least two of the four services for which credential status is reported were detected in the scan, and for some services the provided credentials failed to authenticate, but for at least one there was a successful authentication. |
All credentials successful | One or more services for which credential status is reported were detected in the scan, and for all of these services for which credentials were supplied authentication with provided credentials was successful. |
N/A | At None of the five applicable services (SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution) were discovered in the scan. |
Both these facts can be joined with the new dim_aggregated_credential_status
which provides the above statuses in a human readable form. For examples of queries please refer to the following document: