Overview
OpenVAS is compatible with the Greenbone Security Feed.
The Open Vulnerability Assessment System (OpenVAS) is the most widespread Open Source solution for vulnerability scanning and vulnerability management. It is used and improved world wide by people ranging from security experts to private users.
Compatibility
This plugin is compatible with Openvas-3.2 version.
File Format
Greenbone security is capable of producing machine readable XML files.This section is a first glance of the XML file. Mapping Rules are below.
Field | Description | Example |
|---|---|---|
host | Container for scanned host | <host>192.168.0.113</host> |
| scan_start | The date the scan was executed | <scan_start>Tue Feb 14 14:02:22 2012</scan_start> |
| port | TCP port | <port>http-alt (8080/tcp)</port> |
| severity | The threat level of vulnerability | <risk_factor>Low</risk_factor> |
| cve | CVE of vulnerability | <cve>CAN-1999-0621</cve> |
| bid | Bugtraq ID | <bid>40013</bid> |
| cvss_base | The CVSS Base Score | <cvss_base>7.5</cvss_base> |
| description | Description of the vulnerability | <description> |
Mapping Rules
Vulnerability
The following rules define how to derive Vulnerability objects from the input file.
Physical Name | Logical Name | Mapping Rule |
|---|---|---|
vulnerability | Vulnerability | Create one new Vulnerability for each <result> element in the report. |
vulnerability.createdTs | Creation Date | Current system date. |
vulnerability.discoveredDate | Discovered Date | Parse the date from the <scan_start>Tue Feb 14 14:02:22 2012</scan_start> element of the XML schema. |
vulnerability.closedTs | Closed Date | NULL |
vulnerability.status | Vulnerability Status | "OPEN" |
vulnerability.description | Vulnerability Description | Set to the value of the <description> element |
vulnerability.recommendation | Recommendation | NULL |
vulnerability.threat | Threat Description | Set to the value of the <name> element |
vulnerability.threatLevel | Threat Level | Set to the value of the <risk_factor> element |
vulnerability.cvssBaseScore | CVSS Base Score | Set to the value of the <cvss_base> element |
vulnerability.cvssVector | CVSS Vector | NULL |
vulnerability.Asset | Asset | Use an existing asset if it is found, or create a new asset if necessary |
vulnerability.CreatedBy | Created By User | Set to the current logged in user. |
vulnerability.Cves | CVE's | Set to the value of the <cve> element |
vulnerability.Bugtraqs | Bugtraq's | Set to the value of the <bid> element |
vulnerability.Xrefs | Xref's | NULL |
vulnerability.Resolutions | Resolutions | NULL |
Asset
The following rules define how to derive Asset objects from the input file, if new Asset objects need to be created.
Physical Name | Logical Name | Mapping Rule |
|---|---|---|
asset | Asset | Check to see if a corresponding asset already exists by comparing the Network, IP Address, and Port of this asset to all existing assets. If the asset exists, then do not modify it and do not create a new one. |
asset.createdTs | Creation Timestamp | Current system date. |
asset.modifiedTs | Creation Timestamp | Current system date. |
asset.name | Asset Name | Concatenate IP address, ":", and TCP Port, e.g. "192.168.0.113:80" |
asset.source | Source | Constant: 'SCAN' |
asset.addressIp | IP Address | Set to the value of the <host> element |
asset.addressPort | TCP Port | Set to the value of the <port> element |
asset.Product | Product | NULL |
asset.Organization | Product | NULL |
asset.Network | Network | <Set by the user immediately before uploading> |
Product
The following rules define how to derive Product objects from the input file, if new Product objects need to be created.
product | Product Vendor | The Greenbone Security plugin never creates new Product objects. |
product.vendor | Product Vendor | NULL |
product.name | Product Name | NULL |
product.version | Product Version | NULL |
product.cpeName | Produce CPE | NULL |