Everyone loves a good tip, like using a stick of spaghetti to light a hard to reach candle wick or using Doritos to start a fire. In this session VI users will learn the top tips and tricks for both the GUI and configurations. Along with ingesting router data and using it for attack path identification, users will learn how to quickly use the existing Attack Strategy to first prioritize any immediate critical vulnerabilities, how to setup campaigns for critical assets and tips for report usage and customization. There will also be time for users to share their favorite tips with other attendees. The more we all share, the more value everyone can get from the tool.
2. L E A R N M O R E
Magno Gomes
SE
Manager,
Core
Security
• 15+
Years
as
a
SE
in
Network
&
Security
• 7+
Years
@
Core
Security
• Came
from
the
Core
Security
Acquisition
• IMPACT,
VI
&
NI
Specialist
3. Vulnerability
Insight
Tips
&
Tricks
During
this
Session:
• Live
Walkthrough
of
some
configuration
considerations
• 5-‐10
Minutes
in
each
section
• Q
&
A
after
each
Section
• Final
Q&A
on
general
configuration
or
the
product
in
general
• If
need
we
can
review
particular
areas
4. AGENDA
• Using
the
Analytics
Tab
• Campaign
Tips
• Attack
Path
Review
• Fine
Tuning
Attack
Strategies
• Live
vs.
Manual
Pen
Test
5. Using
the
Analytics
Tab
Subtitle
left
• Creating/Saving
Filters
• Tracking
<daily,
weekly,
monthly
scans>
• How
to
omit
older
data
using
filters
and
apply
to
campaigns
• Attack
Path
viewing
(where
to
begin)
• ***
Adding/changing
the
asset
schema
to
adjust
to
more
fields
to
filter
by
and/or
use
for
dynamic
targets
6. Campaign
Tips
• Review
of
Tagging
and
how
to
use
it
to
properly
show
on
Dashboards
• Rule
of
Thumb
on
when
a
campaign
should
run
after
scan
data
updated
7. Attack
Path
Review
Subtitle
left
• How
to
pinpoint/isolate
the
attack
paths
on
large
network
diagrams
• Where
to
find
info
on
Attack
Path
campaigns
without
generating
a
report
8. Fine
Tuning
Attack
Strategies
Subtitle
left
• Which
options
should
be
used?
• How
many
should
be
created?
• Most
Frequent
settings
used:
• How
to
track/find
a
specific
CVE(s)
• Low
Hanging
Fruit
9. Live
vs
Manual
Pen
Test
Subtitle
left
• What
should
I
use
Live
or
manual
Pentest?
• Quickly
executing
a
PT
and
how
• Things
to
Know