Thanks for the note; I will give it a try as it looks promising.
However, that still doesn't explain why such an important native
feature of OpenVAS just don't work. On Thu, 2017-12-14 at 11:34 +0200,
ArkanoiD wrote:
> (jumping in with a blatant ad)
> Try Seccubus! https://www.seccubus.com/
>
> It specifically designed to handle vulnerability state changes over
> time.
>
> On Thu, Dec 14, 2017 at 11:31 AM, Joris <djm...@gmail.com> wrote:
> > Hi Tatooin,
> >
> > Thanks for the detailed information, I will test it out. No
> > comments yet :)
> >
> > best regards
> > joris
> >
> > On Tue, Dec 12, 2017 at 9:58 PM, tatooin <tato...@free.fr> wrote:
> > > Hi Joris,
> > >
> > > No comments on this ?
> > >
> > > Regards,
> > >
> > > On Fri, 2017-12-08 at 22:00 +0100, tatooin wrote:
> > > > Hi Joris,
> > > >
> > > > I face the same challenge than you do; as my stakeholders
> > > > regularly ask me for delta reports which can highlight the
> > > > efforts made to solve vulnerabilities. People will simply stop
> > > > fixing vulnerabilities if the work done to solve previous ones
> > > > is not recognized.
> > > > So I completely agree with your statement below.
> > > >
> > > > Alas, it seems out of interest of OpenVAS developers. I have
> > > > raised this topic on this mailing list already, and never
> > > > received any positive answers.
> > > >
> > > > I tried the official way to report delta (because officially,
> > > > yes, this is suppose to work ! Look at command "get_reports",
> > > > you have the arguments @delta_report_id and @delta_states)
> > > >
> > > > Typically, If I do the following command to get the deltas in a
> > > > csv file:
> > > >
> > > > omp -h 127.0.0.1 -u admin -w xxx -iX '
> > > > report_id="MyLastReportID" levels="hm" format_id="c1645568-
> > > > 627a-11e3-a660-406186ea4fc5"
> > > > delta_report_id="MySecondLastReportID" delta_states="cgns" />'
> > > > | xmlstarlet sel -t -v get_reports_response/report/text\(\) |
> > > > base64 -i -d > deltareport.csv
> > > >
> > > > Then my deltareport.csv won't highlight any delta. Do the same
> > > > with format_id=1a60a67e-97d0-4cbf-bc77-f71b08e7043d (PDF)
> > > > you'll get the deltas you are looking at.
> > > >
> > > > But obviously, when you are doing vulnerability management
> > > > programs on a somewhat large scale, PDF reporting is completely
> > > > useless....
> > > >
> > > > So in a nutshell; it is suppose to work but it doesn't. :-(
> > > >
> > > > Best,
> > > >
> > > > On Thu, 2017-12-07 at 10:12 +0100, Joris wrote:
> > > > > Thanks Thijs!
> > > > >
> > > > > You made me think about past results and not having to care
> > > > > about it: It is true that the tickets will be only generated
> > > > > on current results. On the other hand, does that mean that
> > > > > you create multiple tickets for the same issue if it appears
> > > > > in 2 consecutive scans?
> > > > >
> > > > > We're interested in differential for 2 other reasons:i Jori
> > > > > - from a security culture perspective, it would be
> > > > > interesting to report on reduction on vulnerabilities and
> > > > > create some noise about who is doing well and who is not.
> > > > > - some systems will have issues which cannot be remediated
> > > > > per se. By differential reporting, we can look at new stuff
> > > > > and the report would not be cluttered by old stuff we already
> > > > > knew about / ticketed.
> > > > >
> > > > > Best regards
> > > > > Joris
> > > > >
> > > > >
> > > > > On Thu, Dec 7, 2017 at 10:05 AM, Thijs Stuurman
> > > > > a...@internedservices.nl> wrote:
> > > > > > You can schedule the scans to repeat them.
> > > > > >
> > > > > > Personally I wasn’t happy with the built in scheduler and
> > > > > > automated one myself using python talking to the gvm-tools
> > > > > > API.
> > > > > > (https://github.com/Thijssss/openvas_scheduler which might
> > > > > > help you automate things yourself, gvm-tools also has
> > > > > > example scripts: https://bitbucket.org/greenbone/gvm-tools)
> > > > > >
> > > > > > I am not going for differences really; any finding with a
> > > > > > CVSS score of > 4 will trigger an alert which sends an
> > > > > > email to our ticketing system.
> > > > > > Once a month I start my scheduler which will start any job
> > > > > > that hasn’t run for 3 weeks or so. (I could leave it
> > > > > > running in a screen forever but I still supervise and time
> > > > > > it all, when it is not running I got time to update scan
> > > > > > systems)
> > > > > >
> > > > > > If you go to tasks and click on the Reports > Total number
> > > > > > you can see an overview of all the reports and quickly see
> > > > > > if things improved or not.
> > > > > > There is a compare button (underneath Actions, next to
> > > > > > ‘delete’ so be careful), click on two and you’ll get a
> > > > > > comparison overview.
> > > > > >
> > > > > > Still, why care about past results; it’s the latest scan
> > > > > > result that counts in my book.
> > > > > >
> > > > > > Thijs Stuurman
> > > > > > Security Operations Center | KPN Internedservices B.V.
> > > > > > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com
> > > > > > T: +31(0)299476185 | M: +31(0)624366778
> > > > > > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
> > > > > > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD
> > > > > > C048
> > > > > >
> > > > > > W: https://www.internedservices.nl | L:
> > > > > > https://nl.linkedin.com/in/thijsstuurman
> > > > > >
> > > > > > Van: Openvas-discuss [mailto:openvas-discuss-bounces@wald.i
> > > > > > ntevation.org] Namens Joris
> > > > > > Verzonden: donderdag 7 december 2017 09:51
> > > > > > Aan: openvas-discuss@wald.intevation.org
> > > > > > Onderwerp: [Openvas-discuss] Reporting on delta's between
> > > > > > scans on same host
> > > > > >
> > > > > > Hello list,
> > > > > >
> > > > > > Using the scanner here and are pretty impressed with the
> > > > > > results and the web GUI.
> > > > > >
> > > > > > Our next move is basically to identify differences between
> > > > > > consecutive scans on hosts (was a vulnerability patched?
> > > > > > was a new vulnerability introduced on the system?)
> > > > > >
> > > > > > Based on my understanding, the system does not support this
> > > > > > natively but I can be wrong. How do others solve this
> > > > > > issue? Do you build automation around it ?
> > > > > >
> > > > > > Best regards
> > > > > > Joris
> > > > > >
> > > > > _______________________________________________
> > > > > Openvas-discuss mailing list
> > > > > Openvas-discuss@wald.intevation.org
> > > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/op
> > > > > envas-discuss
> > > > _______________________________________________
> > > > Openvas-discuss mailing list
> > > > Openvas-discuss@wald.intevation.org
> > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/open
> > > > vas-discuss
> >
> > _______________________________________________
> > Openvas-discuss mailing list
> > Openvas-discuss@wald.intevation.org
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-
> > discuss
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-di
> scuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
