Hi,
I apologize in advance if this has been asked or answered before, I did try to search for it (both here and using Google) but I couldn't find the information I was looking for here or in the manual.
Scenario: You create a Report, type "Network and host exploit mitigation", Full report, Time range 3 months and the rest is default. In the exported CSV file I see a lot of blocked Nessus scans on ONE day, like "[SID: 30226] Attack: Nessus Vulnerability Scanner Activity attack blocked. Traffic has been blocked for this application: SYSTEM".
For some reason I cannot reproduce a Nessus scan right now and I cannot really trust the SEP Manager 100%, and I'm looking for external verification on the following question:
If a Nessus agent scans an endpoint 1000 times, will it be showed 1 time in the report or 1000 times? If it will only show once, how long time must pass before the Nessus scan shows again in the same report?
Is there a way for me to configure it so that it logs each detected/blocked scan and get that in some report?
Again, I feel that a question like this should be answered in the manual for starters or that other people have asked the same, so almost a bit embarrased to create this thread.. :/
Thanks in advance!