I think it's only available on commercial greenbone version. So, you should buy greenbone to get connector
-- Eero 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <[email protected]>: > Strange. If you go to OpenVAS menu Configurations->Alerts and create a new > Alert you see an option that says Sourcefire Connector and the > configuration fields for it maybe it is not fully implemented. > Another strange thing as i said in the first post is that in the INSTALL > file in the OpenVAS Manager source code it says that it has a Sourcefire > Connector but in order for it to work it needs a program that i cannot find > anywhere. > > … > Prerequisites for Sourcefire Connector alert: > * A program in the PATH called greenbone_sourcefire_connector that takes > args > IP, port, PKCS12 file and report file in Sourcefire format. > … > > I would like to find this program as i think it is the only thing i need > to get it working. > > No dia 17/08/2016, às 08:07, Eero Volotinen <[email protected]> > escreveu: > > Well. there is no sourcefire connector for openvas. Only supported format > is sourcefire report that you can manually import to sourcefire system. > > ref: https://svn.wald.intevation.org/svn/openvas/trunk/openvas- > manager/report_formats/sourcefire/generate (source) > > Eero > > 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <[email protected]>: > >> I think it is supported because it has an specific alert for it and >> Greenbone appliances use the same version that is available. If it was not >> supported why there would be an alert for it and why the connector was >> mentioned in the INSTALL file? >> >> > I think it is not supported on openvas. >> > >> > Eero >> > >> > >> > 16.8.2016 7.59 ip. "Fábio Fernandes" <[email protected]> >> kirjoitti: >> > I have been trying to integrate OpenVAS with Sourcefire for sometime >> now without success. I have seen in this threads >> http://lists.wald.intevation.org/pipermail/openvas-discuss/2 >> 012-October/004602.html, http://lists.wald.intevation.o >> rg/pipermail/openvas-discuss/2012-December/004771.html that when we >> import the Sourcefire report format from http://greenbone.net/technolog >> y/report_formats.de.html it returns an HTTP 500 error. I have solved >> this issue by downloading the source code and retrieving the sourcefire >> report format files and change them to support gpg signatures that OpenVAS >> 8 uses. Next i generated gpg keys in the OpenVAS homedir and imported the >> files create_report_import, sourcefire.xsl, and generate to the OpenVAS >> machine and ran create_report_import. That generated the correct >> sourcefire.xml that i imported to OpenVAS GSA without error and then i >> changed the status to active. After that i scanned a target and saved the >> report in Sourcefire format and it was correct. (I tested this in Ubuntu, >> Kali, and CentOS versions and for some reason there seems to be a bug in >> the CentOS version because the report saved is empty with 0KB but it works >> for the other versions) After that i tested the connection from the OpenVAS >> machine to the Sourcefire DC 8307 port and it was open, generated the >> pkcs12 file in the Sourcefire DC for Openvas with the correct IP, created >> the respective Alert with the Sourcefire IP and the pkcs12 certificate >> file. Ran a scan and nothing happened, even listening with tcpdump there >> was no connection made and the OpenVAS Manager log (raised to level 128) >> presented the following lines : >> > >> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task >> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >> Requested >> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task >> b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by admin >> > event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task >> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Running >> > event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task >> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done >> > event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task >> cyberwatch was triggered (Event: Task status changed to 'Done', Condition: >> Always) >> > >> > . After that i investigated what happens when an alert is executed and >> found out this in the INSTALL file in the OpenVAS Manager source code: >> > >> > Prerequisites for Sourcefire Connector alert: >> > * A program in the PATH called greenbone_sourcefire_connector that >> takes args >> > IP, port, PKCS12 file and report file in Sourcefire format. >> > >> > And then found that the Sourcefire alert script is called by the >> OpenVAS Manager and this script present in the installation (path: >> /usr/share/openvas/openvasmd/global_alert_methods/) executes the >> greenbone_sourcefire_connector program from PATH. >> > I could not find this greenbone_sourcefire_connector program in any of >> the OpenVAS versions that i installed or even on the Internet. Does someone >> have this file or it only exists in the Greenbone Appliances as their >> manual show how to configure this functionality. Can anybody help me with >> this please? >> > >> > >> > _______________________________________________ >> > Openvas-discuss mailing list >> > [email protected] >> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >> penvas-discuss >> >> > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
