Hello fellow IVMer’s ,
I am wondering if anyone out there is struggling to accurately fingerprint devices that show credentialed success?
An example of this would be if you had palo alto firewalls with read-only access to the assets. When a scan engine assesses them it shows up as Linux , or Linux Tomato. I am aware of the requesting a re fingerprint of a device during the next scan being run, but if this is only available for an individual asset at a time? I don’t see that as a very efficient way when you have a bulk of assets like this.
The other challenge is around incorrectly fingerprinted items is some hardware/operating systems are not listed when searching for the vendor/os/version . I do have a RFE in the backlog for adding one that makes up a bulk of my organizations networking fleet.
I guess my ask is for any advice, links to documentation, or helpful things youve done to improve fingerprinting without going the custom route of manually adding them to your paired scan engine.
Cheers.
Hi @brzrkstrk
I have extensive experience with InsigthVM across multiple large networks.
It is correct, you find the best footprinting with authentication. But be mindful of the accounts privileges as you may find that you get better results with a privileged account vs a read-only account. Please test it out to see.
If you still get dubious results when running using a privileged account my recommendation would be as follows.
Run a scan with Enhanced Logging.
Feel free to look through the logs at the commands that were run to see if they were run correctly.
Using SSH, login to the device and run the same commands to make sure they work correctly. Sometime there are different shells and the commands fail.
Raise a Ticket with Rapid7 informing them of the OS and your fingerprint results - attach the logs.
The Customer Relationship Team are very responsive in working with the Engineering Team and submitting your request to update footprinting.
Creating Custom Fingerprints is a different matter but I hope that helps.
Cheers,
Jordan