Sign in to follow this  
Followers 0
MattX

Microsoft Baseline Security Analyzer

4 posts in this topic

I have just deployed a SUS server and in order to check to see what updates the PCs on the network have been received I run this MS App. There is a nice eye candy side of it but the command line side is better - thus knocking up this:

mbsacli -hf -fh it.txt /sus "http://server01" -f c:\results.txt

Which looks at the it.txt file at the PC names and pumps the relevant info into the results.txt file.

My question is this, before I start trying to strip out the relevant info I want from the large TXT file thats produced - has anyone written anything that does this already ?

I did a search but no luck.....

Share this post


Link to post
Share on other sites



I have just deployed a SUS server and in order to check to see what updates the PCs on the network have been received I run this MS App. There is a nice eye candy side of it but the command line side is better - thus knocking up this:

mbsacli -hf -fh it.txt /sus "http://server01" -f c:\results.txt

Which looks at the it.txt file at the PC names and pumps the relevant info into the results.txt file.

My question is this, before I start trying to strip out the relevant info I want from the large TXT file thats produced - has anyone written anything that does this already ?

I did a search but no luck.....

<{POST_SNAPBACK}>

If you use a "new-style" (not /hf) scan, MBSA output is XML. You can then use an XSL transform (stylesheet) to apply to the XML for the final output. XML data + XSL can generate about any kind of output you want, but it's not trivial to learn how.

Here's a page at MS Technet that talks about this a little:

http://www.microsoft.com/technet/security/...mbsascript.mspx

If you've got a Web swami at your disposal you can try giving them an example of the XML output and see what what kinds of ways they can mangle it for you.


Yes yes yes, there it was. Youth must go, ah yes. But youth is only being in a way like it might be an animal. No, it is not just being an animal so much as being like one of these malenky toys you viddy being sold in the streets, like little chellovecks made out of tin and with a spring inside and then a winding handle on the outside and you wind it up grrr grrr grrr and off it itties, like walking, O my brothers. But it itties in a straight line and bangs straight into things bang bang and it cannot help what it is doing. Being young is like being like one of these malenky machines.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

If you use a "new-style" (not /hf) scan, MBSA output is XML. You can then use an XSL transform (stylesheet) to apply to the XML for the final output. XML data + XSL can generate about any kind of output you want, but it's not trivial to learn how.

  Here's a page at MS Technet that talks about this a little:

http://www.microsoft.com/technet/security/...mbsascript.mspx

  If you've got a Web swami at your disposal you can try giving them an example of the XML output and see what what kinds of ways they can mangle it for you.

<{POST_SNAPBACK}>

I've been playing with this all afternoon [ I have never messed around with XML stuff before etc ] - anyway after a slow start I was starting to get some results - only question I have is when generating a XML using the rollup.js and supplying the relevant check IDs or Bulletin IDs, how can you get it to check every PC on your network / domain ?

cscript  /nologo e:\utils\matt\rollup.js /b MS05-001 MS04-044 MS04-043 MS04-

041 >e:\utils\matt\results.xml

There is no switch for setting a txt file with all the host names or IP addresses in. Does it scan the domain automatically ? When I was scanning it was pretty fast - the network only has just over 100 PCs on it and I was only getting results back from 6. Any advice would be apprecaited Dave. As this is not really part of Autoit I apologise to other members. Edited by MattX

Share this post


Link to post
Share on other sites

I've been playing with this all afternoon [ I have never messed around with XML stuff before etc ] - anyway after a slow start I was starting to get some results - only question I have is when generating a XML using the rollup.js and supplying the relevant check IDs or Bulletin IDs, how can you get it to check every PC on your network / domain ?

There is no switch for setting a txt file with all the host names or IP addresses in. Does it scan the domain automatically ? When I was scanning it was pretty fast - the network only has just over 100 PCs on it and I was only getting results back from 6. Any advice would be apprecaited Dave. As this is not really part of Autoit I apologise to other members.

<{POST_SNAPBACK}>

You must have administrator privileges on the remote machines that you wish to scan and a there are a number of demands for open ports and running services on the machines you wish to scan.

MS KB that talks about it:

http://support.microsoft.com/default.aspx?...b;EN-US;q303215


Yes yes yes, there it was. Youth must go, ah yes. But youth is only being in a way like it might be an animal. No, it is not just being an animal so much as being like one of these malenky toys you viddy being sold in the streets, like little chellovecks made out of tin and with a spring inside and then a winding handle on the outside and you wind it up grrr grrr grrr and off it itties, like walking, O my brothers. But it itties in a straight line and bangs straight into things bang bang and it cannot help what it is doing. Being young is like being like one of these malenky machines.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0