That is what i think too. But its strange that it appears in the free version and in the INSTALL file of the free version it looks like they use the same version but leave some internal components out or maybe they forgot to put it there because it is an feature not used normally by first time users. Anyway it would be nice if someone with the Greenbone paid version could confirm this. > No dia 17/08/2016, às 12:22, Eero Volotinen <eero.voloti...@iki.fi> escreveu: > > I think it's only available on commercial greenbone version. > > So, you should buy greenbone to get connector > > -- > Eero > > 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com > <mailto:fabiogfernan...@gmail.com>>: > Strange. If you go to OpenVAS menu Configurations->Alerts and create a new > Alert you see an option that says Sourcefire Connector and the configuration > fields for it maybe it is not fully implemented. > Another strange thing as i said in the first post is that in the INSTALL file > in the OpenVAS Manager source code it says that it has a Sourcefire Connector > but in order for it to work it needs a program that i cannot find anywhere. > > … > Prerequisites for Sourcefire Connector alert: > * A program in the PATH called greenbone_sourcefire_connector that takes args > IP, port, PKCS12 file and report file in Sourcefire format. > … > > I would like to find this program as i think it is the only thing i need to > get it working. > >> No dia 17/08/2016, às 08:07, Eero Volotinen <eero.voloti...@iki.fi >> <mailto:eero.voloti...@iki.fi>> escreveu: >> >> Well. there is no sourcefire connector for openvas. Only supported format is >> sourcefire report that you can manually import to sourcefire system. >> >> ref: >> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate >> >> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate> >> (source) >> >> Eero >> >> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com >> <mailto:fabiogfernan...@gmail.com>>: >> I think it is supported because it has an specific alert for it and >> Greenbone appliances use the same version that is available. If it was not >> supported why there would be an alert for it and why the connector was >> mentioned in the INSTALL file? >> >> > I think it is not supported on openvas. >> > >> > Eero >> > >> > >> > 16.8.2016 7.59 ip. "Fábio Fernandes" <fabiogfernan...@gmail.com >> > <mailto:fabiogfernan...@gmail.com>> kirjoitti: >> > I have been trying to integrate OpenVAS with Sourcefire for sometime now >> > without success. I have seen in this threads >> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html >> > >> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html>, >> > >> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html >> > >> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html> >> > that when we import the Sourcefire report format from >> > http://greenbone.net/technology/report_formats.de.html >> > <http://greenbone.net/technology/report_formats.de.html> it returns an >> > HTTP 500 error. I have solved this issue by downloading the source code >> > and retrieving the sourcefire report format files and change them to >> > support gpg signatures that OpenVAS 8 uses. Next i generated gpg keys in >> > the OpenVAS homedir and imported the files create_report_import, >> > sourcefire.xsl, and generate to the OpenVAS machine and ran >> > create_report_import. That generated the correct sourcefire.xml that i >> > imported to OpenVAS GSA without error and then i changed the status to >> > active. After that i scanned a target and saved the report in Sourcefire >> > format and it was correct. (I tested this in Ubuntu, Kali, and CentOS >> > versions and for some reason there seems to be a bug in the CentOS version >> > because the report saved is empty with 0KB but it works for the other >> > versions) After that i tested the connection from the OpenVAS machine to >> > the Sourcefire DC 8307 port and it was open, generated the pkcs12 file in >> > the Sourcefire DC for Openvas with the correct IP, created the respective >> > Alert with the Sourcefire IP and the pkcs12 certificate file. Ran a scan >> > and nothing happened, even listening with tcpdump there was no connection >> > made and the OpenVAS Manager log (raised to level 128) presented the >> > following lines : >> > >> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task >> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Requested >> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task >> > b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by admin >> > event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task >> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Running >> > event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task >> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done >> > event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task >> > cyberwatch was triggered (Event: Task status changed to 'Done', Condition: >> > Always) >> > >> > . After that i investigated what happens when an alert is executed and >> > found out this in the INSTALL file in the OpenVAS Manager source code: >> > >> > Prerequisites for Sourcefire Connector alert: >> > * A program in the PATH called greenbone_sourcefire_connector that takes >> > args >> > IP, port, PKCS12 file and report file in Sourcefire format. >> > >> > And then found that the Sourcefire alert script is called by the OpenVAS >> > Manager and this script present in the installation (path: >> > /usr/share/openvas/openvasmd/global_alert_methods/) executes the >> > greenbone_sourcefire_connector program from PATH. >> > I could not find this greenbone_sourcefire_connector program in any of the >> > OpenVAS versions that i installed or even on the Internet. Does someone >> > have this file or it only exists in the Greenbone Appliances as their >> > manual show how to configure this functionality. Can anybody help me with >> > this please? >> > >> > >> > _______________________________________________ >> > Openvas-discuss mailing list >> > Openvas-discuss@wald.intevation.org >> > <mailto:Openvas-discuss@wald.intevation.org> >> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> > <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss> >> >> > >
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
