Forum Discussion
Use Detected SIDs Setting for Oracle Database Change A new...
Use Detected SIDs Setting for Oracle Database
Change
A new subsection is being introduced to the Assessment section of the scan policy specific to Databases along with a new setting named ‘Use detected SIDs’ for Oracle Database.
When this setting is enabled along with specifying Host credentials and Oracle Database credentials, Nessus will attempt to log on to the scan targets with the Host credentials and retrieve the SIDs locally. These SIDs will then be used to connect to any detected Oracle Net listeners on the scan target using the specified Oracle Database credentials.
Use detected SIDs for Oracle Database setting enabled in Nessus:
Impact
Since this is a new feature, there should be no impact to users unless they enable the feature in their scan policy. If the feature is enabled, users may see additional detections of Oracle Database, potentially resulting in additional vulnerability reports.
Documentation
Nessus: https://docs.tenable.com/nessus/Content/AssessmentSettings.htm#Databases
Tenable.io: https://docs.tenable.com/tenableio/vulnerabilitymanagement/Content/Scans/AssessmentSettings.htm#Databases
Release Dates
Nessus - Released
Tenable.io - Released
Tenable.sc - Q1 2021
------------------------------------------------------------------------------------------------
Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
3 Replies
Is this feature in Tenable.sc yet? I have not been able to find it.
Does this feature come with older versions of Nessus. Just get it from the updates? This is cool!
Hello Heather. This feature should be available if you already have the Update all components option selected in Automatic Updates or choose Update all components in Manual Software Update.
