Retina Scan Settings

I-Assure Forums

Home

Members

Calendar

Who's On

Welcome Guest ( Login | Register )

Retina Scan Settings

Rate Topic

Display Mode

Topic Options

Author

Message

tcornelius

Posted 9/14/2009 2:29:58 PM

Forum Newbie

Group: Forum Members
Last Login: 9/14/2009 2:25:12 PM
Posts: 1, Visits: 26

What are the best scan settings to use for Retina for DIACAP preparation?

Tom Cornelius

Post #859

Admin

Posted 9/14/2009 2:39:01 PM

Supreme Being

Group: Administrators
Last Login: 8/24/2010 8:37:01 PM
Posts: 292, Visits: 690

None--Retina is horrible Smile

...However, we are forced to use it. Each DoD service is slightly different, but for the most part, the defualt values and the "All Audits" policy is what most people look for. Don't get discouraged on first scan, as there will lots of False Positives. After the scan finishes, most reviewers want the Remediation Report and Executive Summary

Post #860

jksnell

Posted 9/15/2009 6:14:26 AM

Forum Newbie

Group: Forum Members
Last Login: 9/15/2009 5:53:16 AM
Posts: 1, Visits: 2

Hi Tom,

Retina is bad, but you can split your scans into STIG (CAT I/II/III) and IAVM scans for seperate compliance status'. This will help compartmentalize mitigation efforts too. One of the big problems is that Retina has quite a few "checks" which are really statements that mean "check it manually be cause I don't scan for those". Most of those have "Verify" as the first word in the fix action. Unfortunaly, Retina contract is comming up for renewal so Eye is not fixing any of the problems for us. As previously mentioned there are also some false positives, but you can eventually figure out most of those once you see what Retina is actually checking for. We enumberate one of the .xml files which is the Retina vulnerbility database to easily get what Retina looks for i.e. registry, dll version...

What I can remember off the top of my head is you don't need to do hardware enumeration, reverse DNS lookup, software enumeration which all slow down the scans which if you scan 500+ systems it might just choke anyway...

Retina reporting really sucks too, but the .rtd file is really a funky named .mdb. I just use Access queries to get better and faster reports that what Retina has.

John Snell

Post #861

SMBowen

Posted 11/6/2009 3:34:17 PM

Forum Newbie

Group: Forum Members
Last Login: 8/24/2010 10:00:05 AM
Posts: 8, Visits: 62

Hey John,

Would you be willing to share your Access template? I have been trying to find a better way to report useful data from retina in my weekly and monthly reports.

Thanks!
-SM

Post #895

desertrat

Posted 11/9/2009 3:58:56 PM

Forum Newbie

Group: Forum Members
Last Login: 11/9/2009 4:41:36 PM
Posts: 2, Visits: 5

John,

I too would be interested in your Access template if you were willing to share the knowledge? I also have been trying to find a better way to report useful data from Retina in my reports as well.

V/R,

Dave M.

Post #897

desertrat

Posted 11/9/2009 4:07:59 PM

Forum Newbie

Group: Forum Members
Last Login: 11/9/2009 4:41:36 PM
Posts: 2, Visits: 5

John,

I too would be interested in your Access template if you were willing to share the knowledge? I also have been trying to find a better way to report useful data from Retina in my reports as well.

V/R,

Dave M. Smile w00t

Post #898

« Prev Topic | Next Topic »

Permissions

All times are GMT -6:00, Time now is 12:33pm