The new version of Reporting Data Model (1.3.1) allows Nexpose users to create CSV reports providing information about credential status of their assets, i.e. whether credentials provided by the user (global or site specific) allowed successful login to the asset during a specific scan.
Credential Status Per Service
The new Reporting Data Model version contains
fact_asset_scan_service enhanced with the new column containing the information about credential status for an asset per service during the particular scan. Credential status information is provided for five services: SNMP (version 1, 2c and 3), SSH, Telnet, CIFS and DCE Endpoint Resolution.
For these services the following credential statuses can be reported:
|Credential status||Relevant Services|
|No credentials supplied||SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution|
|Login failed||SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution|
|Login successful||SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution|
|Allowed elevation of privileges||SSH|
|Root||SSH and Telnet|
|Login as local admin||CIFS, DCE Endpoint Resolution|
Newly added dimension
dim_asset_service_credential can be used to report on the most recent credential statuses asserted for services on an asset in the last scan performed on this asset.
dim_asset_service_credential can be joined with the newly added
dim_credential_status which provides the above statuses in a human readable form. Examples of queries which can be used to report the credential status per asset per service can be found in the document listed at the bottom.
Credential status across services
Nexpose users can now create reports providing the snapshot of credential statuses for an asset, i.e. information about credential status for an asset aggregated across all services discovered in the scan. The newly enhanced
fact_asset_scan now report the following statuses:
|No credentials supplied||At One or more services for which credential status is reported were detected in the scan, but there were no credentials supplied for any of them.|
|All credentials failed||At One or more services for which credential status is reported were detected in the scan, and all credentials supplied for these services failed to authenticate.|
|Credentials partially successful||At least two of the four services for which credential status is reported were detected in the scan, and for some services the provided credentials failed to authenticate, but for at least one there was a successful authentication.|
|All credentials successful||One or more services for which credential status is reported were detected in the scan, and for all of these services for which credentials were supplied authentication with provided credentials was successful.|
|N/A||At None of the five applicable services (SNMP, SSH, Telnet, CIFS, DCE Endpoint Resolution) were discovered in the scan.|
Both these facts can be joined with the new
dim_aggregated_credential_status which provides the above statuses in a human readable form. For examples of queries please refer to the following document: