|
|
This chapter describes the Scanner Grid Browser, which allows you to dynamically view the results of the session data that the Scanner has gathered. The Grid Browser is a powerful tool, because it allows you to manipulate the display of data in a variety of useful ways. For example, it allows you to quickly find points of minimization and maximization, or "hot spots."
This chapter includes the following sections:
After you have configured, named, and run a session, a folder of that session appears on the Scanner main window. The Result Set subfolder contains all the data from that session. After the message Completed Single Run appears in the Session Status column, you can view the data from this session in the Grid Browser.
The Result Set subfolder contains the following subfolders:
These subfolders are populated as you save charts, grids, and reports.
Inactive, if you chose to perform a nonrecurring session or Scheduled for date, where date is the next scheduled session in a recurring pattern, for example, weekly, or monthly.
The Grid Browser (Figure 7-1) is a resizeable, dynamic, hyperlinked spreadsheet that allows you to change your perspective and the level of detail on the results of a Scanner session. You can change perspectives by swapping information in the X and Y axes. You can see more or less detail about completed sessions by drilling down from the network level to the host level. Each number in the grid represents the number of hosts with an intersection of axes.You can drill down on any cell to view those host-level details. You can create, customize, and save many different kinds of grids and charts in the Grid Browser. These can later be incorporated into your reports.
Together, the features of the Grid Browser help you to manage, organize, and understand network vulnerability data in an intuitive manner. See Chapter 8, "Creating Charts" for more information.
To view session results in the Grid Browser, follow these steps:
Step 1 On the Scanner main window, right-click the Result Set under the desired session.
Step 2 Click View Grid Data on the pop-up menu
or
click View on the toolbar (Figure 7-2).
After the Result Set data is loaded, the Grid Browser opens and you can view the data for your session.
The following sections describe how to change the grid view to reflect different levels of detail and information.
This section includes the following topics:
You can view different perspectives of your network security data in the Grid Browser by using the Scanner's Swap Axis function. This function allows you to swap the X- and Y-axes for any view.
To change the data displayed on either axis, follow these steps:
Step 1 Click Swap Axis on the toolbar
or
right-click in the left axis and click Change Y Axis to>Swap Axis on the pop-up menu (shown in Figure 7-3) or right-click in the right axis and click Change X Axis to>Swap Axis on the pop-up menu.
The Host axis moves to the left side of the grid and the VUL axis moves to the top of the grid (Figure 7-4).
Step 2 Click Swap Axis again to switch the axes back to the default setting
or
right-click in the left again and click Change Y Axis to>Swap Axis on the pop-up menu or right-click in the right axis and click Change X Axis to>Swap Axis on the pop-up menu.
To change an individual axis view, follow these steps:
Step 1 Right-click in any cell in the X- or Y-axis in the grid.
Step 2 If you clicked a cell in the left (Y) axis, click Change Y Axis to on the pop-up menu. If you clicked a cell in the right (X) axis, click Change X Axis to on the pop-up menu.
Step 3 Click one of the following view options on the pop-up menu (Figure 7-5):
A new grid view appears showing the new view (Figure 7-6).
Table 7-1 shows the possible axis combinations.
| Host | Port | Service | OS | VUL | Y2K | Name | |
|---|---|---|---|---|---|---|---|
Host | NO | YES | YES | YES | YES | YES | YES |
Port | YES | NO | YES | YES | YES | YES | YES |
Service | YES | YES | NO | YES | YES | YES | YES |
OS | YES | YES | YES | NO | YES | YES | YES |
VUL | YES | YES | YES | YES | NO | YES | YES |
Y2K | YES | YES | YES | YES | YES | NO | YES |
Name | YES | YES | YES | YES | YES | YES | NO |
To change both axis views, click one of the combinations on the drop-down menu on the toolbar of the Grid Browser, for example, change VUL/Host to OS/Name (Figure 7-7). See Table 7-1 for the various axis combinations.
Figure 7-8 shows the new OS/Name grid view.
The Grid Browser allows you to "drill down" from data cells in the Grid Browser and view host-level information such as IP addresses, services information, and vulnerabilities. You can drill down to view all hosts with a certain attribute. The number shown in each Grid Browser cell corresponds to the number of hosts with a given attribute.
To show host data for any cell on the grid, follow these steps:
Step 1 While in the Grid Browser, select the cell for which you want more detailed information.
Step 2 Right-click in that cell in the grid.
Step 3 Click Hosts on the pop-up menu
or
double-click the cell
or
click Show Hosts on the toolbar (Figure 7-9).
A new grid view appears showing the hosts associated with the data in the cell that you clicked (Figure 7-10).
Step 4 To view all services and vulnerabilities detected for a host, click "+" to the left of the host's IP address.
All of the services and vulnerabilities of that host are displayed (Figure 7-11).
After you drill down to the host level, you can perform "data pivoting," which allows you to view all hosts that share a characteristic, such as a particular vulnerability or service (see Figure 7-12). You can select a vulnerability and find out which other hosts contain that particular vulnerability, or you can go to the NSDB and display information on that particular vulnerability. See Chapter 10, "Network Security Database" for more information about how to use the NSDB.
The data pivoting feature reveals the following host-specific details:
To perform data pivoting, follow these steps:
Step 1 Drill down to the Host IP Address folder by double-clicking the cell in the grid for which you want more information. See "Showing Host Data/Drilling Down."
Figure 7-12 appears on screen.
Step 2 Click "+" next to an IP address to expand the menu to see the services and vulnerabilities associated with that host. Figure 7-13 shows the services associated with the first IP address; the vulnerabilities for that IP address are farther down in the list.
Step 3 To view the hosts that share the same service, click an item under Service.
Step 4 Right-click the item and click Hosts on the pop-up menu
or
click Show Hosts on the toolbar (Figure 7-14).
Another window appears displaying host information for the service (Figure 7-15).
Step 5 To view the vulnerabilities associated with that host, scroll down the list under the IP address that you chose to expand in Step 3 until you see the vulnerabilities list.
Step 6 Highlight a vulnerability, right-click, and then click Hosts on the pop-up menu
or
click Show Hosts on the toolbar (Figure 7-16).
Another window appears displaying the host information for that vulnerability (Figure 7-17).
Step 7 Right-click anywhere in the window and click Close Dialog on the pop-up menu to close any of the windows that you have opened while data pivoting.
You are returned to the Grid Browser.
You can view grid data at different levels of detail by "zooming out" and "zooming in" on the grid axes. The zoom feature enables you to see more or less detail about operating systems, services, and vulnerabilities running on various hosts. For example, you may want to view the number of Microsoft workstations on your network, or you may want to know exactly how many Windows NT 4.0, Windows 95, or Windows 3.1 machines you have. Zooming allows you to quickly access these levels of detail.
This section contains the following topics:
The following procedure details zooming out from left to right in the grid to get less detail. The default grid view VUL/Host with all levels shown is used as an example grid view. See Figure 7-1 to orient yourself to the column names.
To change the level of detail displayed on either axis in the grid, follow these steps:
Step 1 Right-click the VUL (Y) axis and click Zoom Out on the pop-up menu (Figure 7-18).
The following window appears showing less detail (Figure 7-19).
Note that now only the VUL column of the Y-axis along with the Host (X-axis) information (host IP addresses and the number of vulnerabilities that each host has) is shown.
Step 2 Go back to the VUL/Host view by clicking VUL/Host on the drop-down menu.
Step 3 Right-click in the Severity column (severity 1, 2, 3), and click Zoom Out on the pop-up menu (Figure 7-20).
The following window appears, showing less detail (Figure 7-21).
Note that now only the VUL and Severity Levels columns appear on the Y-axis along with the information in the X-axis (the hosts that have those severity levels) is shown.
Step 4 Repeat Step 2.
Step 5 Right-click the Vulnerability Type column and click Zoom Out on the pop-up menu (Figure 7-22).
The following window appears showing less detail (Figure 7-23).
Note that now the VUL, Severity Level, and Vulnerability Type columns appear on the Y-axis along with the Host information on the X-axis (the numbers of those vulnerability types found on each host).
Step 6 Repeat Step 2.
Step 7 Right-click the Vulnerability Name and click Zoom Out on the pop-up menu (Figure 7-24).
A window appears showing less detail (Figure 7-25)
The VUL, Severity Level, Vulnerability Type, and Vulnerability Name columns appear on the Y-axis along with the Host information on the X-axis (the numbers of hosts that have that particular vulnerability).
Step 8 Repeat Step 2.
Step 9 Right-click the Vc/Vp column and click Zoom Out on the pop-up menu (Figure 7-26).
A window appears with all the levels showing except the Port Numbers column (Figure 7-27).
Step 10 Perform the same procedure for the Host (X) axis, except go from top to bottom to zoom out to less detail.
Figure 7-28 shows the menu option.
Figure 7-29 shows the result of zooming out on the top level of the Host (X) axis.
After you have zoomed out on a grid view, you can zoom back in by choosing the column for which you want more detail and clicking the Zoom In option. The following procedure provides an example of zooming back in on the VUL/Host grid view.
To zoom in on a grid view, follow these steps:
Step 1 Start from the left side of the zoomed-out grid on the VUL (Y) axis (Figure 7-30).
Step 2 Right-click the VUL (Y) axis and click one of the following options depending on how many levels you want to see (Figure 7-31):
The distinction between the menu option and the Zoom button is that the button changes the detail one level at a time, while the menu option collapses or expands multiple levels.
 | Tips Use the menu option whenever you want to zoom out four or five levels all at once. |
To use the Zoom button to change the level of detail in a grid:
The Zoom Axis toolbar button changes color as you zoom in and out for more or less detail.
You can show or hide the grid totals, and the row and column percentages by using the following procedures.
This section contains the following topics:
To show the totals of rows and columns, follow these steps:
Step 1 Right-click anywhere in the grid.
Step 2 Click Show>Totals on the pop-up menu
or
click Show Totals on the toolbar (Figure 7-32).
Total bars now appear at the lower and right-hand edges of the grid. The white colored areas sum up the rows or columns (Figure 7-33).
To hide the totals of rows and columns, follow these steps:
Step 1 Right-click anywhere in the grid.
Step 2 Click Show>Totals on the pop-up menu (which is now bold to indicate that the totals in the grid are showing)
or
click Show Totals on the toolbar.
Total bars now disappear from the lower and right-hand edges of the grid. The Show Totals button changes (see the Do Not Show Totals button in Table 5-2).
To show the row or column percentages, follow these steps:
Step 1 Right-click anywhere in the grid.
Step 2 Click Show>Row Oriented Percentages or Show>Column Oriented Percentages on the pop-up menu (Figure 7-34).
The option that you selected is now bolded. The total percentages of the row or column now appear on the grid.
To hide the row or column percentages, follow these steps:
Step 1 Right-click anywhere in the grid.
Step 2 Click Show>Row Oriented Percentages or Show>Column Oriented Percentages on the pop-up menu.
The option that you selected is now unbolded. The total percentages of the row or column now disappear from the grid.
After you have configured the grid display, you can save a snapshot of it for inclusion in a final report.
To save a grid view, follow these steps:
Step 1 Right-click anywhere in the grid (Figure 7-35).
Step 2 Click Save on the pop-up menu or click Save on the toolbar.
Step 3 Type a grid title in the Enter grid title field.
Step 4 Click OK.
The grid now appears in the Grid subfolder under the Session folder.
The Scanner has toolbar buttons and pop-up menu options available for use when you are in the Grid Browser.
This section includes the following topics:
Table 7-2 shows the Grid Browser toolbar options.
| Toolbar Button | Description |
|---|---|
| Create a Chart |
| Save a Grid Snapshot |
| Zoom Axes |
| Swap Grid Axes |
| Access the NSDB |
| Show the Host List |
| Show Totals |
| Do not show Totals |
By clicking the desired Result Set and then right-clicking, you get the following options:
When you highlight a cell in the Grid and right-click, the following pop-up menu options are available:
Posted: Thu Jun 29 14:13:22 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.
