Thanks! Will check this out as an option.
Re-poking anyone that may know the answer to these two questions:
- What does the Risk column mean in the "Scan Config Family
Details"? I see in the help it says "Shows the risk factor of a
NVT. Any NVT has a value." I would expect that to mean then when
something is detected as problem under that NVT it would carry a
"High" threat level, yet that doesn't seem to be the case.
- Is there a way of increasing all ports that are discovered as
open from Log/Low to be Medium or higher for Nmap? I've been all
through GSA and haven't been able to find a way of doing that.
On 5/12/2012 9:23 AM, Brandon Perry wrote:
You could always roll your own report diffing mechanism. Have
your base report be diffed with the new report (you can automate
omp easily), then use sendmail or something to email the diff to
whomever is responsible.
On May 12, 2012 9:10 AM, "Russell Jones"
< [email protected]>
wrote:
Thanks for your help!
I suppose that leads to my next question then. I need to be
able to find a way of emailing only when new ports are
discovered as open. Something I noticed is the "Risk Factor"
of the Nmap (NASL Wrapper) scanner says it has a Risk of
"High", yet when it discovers new ports they are placed as
either Log or Low threat level. I think I may be
misunderstanding what the Risk column represents in the Scan
Config.
If I could get the ports that OpenVAS to actually be
something higher than Log or Low, I could possibly override
them to be Low after I have verified they are fine, and that
would have the added benefit of making the Threat Level
increase, and kicking off an email.
- What does the Risk column mean in the "Scan Config
Family Details"? I see in the help it says "Shows the
risk factor of a NVT. Any NVT has a value." I would
expect that to mean then when something is detected as
problem under that NVT it would carry a "High" threat
level, yet that doesn't seem to be the case.
- Is there a way of increasing all ports that are
discovered as open from Log/Low to be Medium or higher
for Nmap? I've been all through GSA and haven't been
able to find a way of doing that.
Thanks again for your help!
On 5/12/2012 3:56 AM, Matthew Mundell wrote:
Is it possible to have an alert email sent when the Threat Count has
increased and not necessarily the Threat Level along with it? Basically
I am trying to get an email sent out when a new open port is discovered
by the "Nmap NASL Wrapper" port scanner regardless of if it has
increased the Threat Level as a result.
No, this is not currently possible. The only conditions at the moment are
the three that appear in the GSA.
--
Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
|
_______________________________________________
Openvas-discuss mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
