It would be nice that they mentioned what works and what does not on the free version. I spent a lot of time for nothing probably :( . It would be nice if someone with the Greenbone paid version could confirm that the connector exists or the greenbone_sourcefire_connector program.
> No dia 17/08/2016, às 14:03, Eero Volotinen <[email protected]> escreveu: > > I think that is normal way that opensource works. You usually need to pay for > more advanced features like this ;) > > Eero > > 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <[email protected] > <mailto:[email protected]>>: > That is what i think too. But its strange that it appears in the free version > and in the INSTALL file of the free version it looks like they use the same > version but leave some internal components out or maybe they forgot to put it > there because it is an feature not used normally by first time users. Anyway > it would be nice if someone with the Greenbone paid version could confirm > this. > >> No dia 17/08/2016, às 12:22, Eero Volotinen <[email protected] >> <mailto:[email protected]>> escreveu: >> >> I think it's only available on commercial greenbone version. >> >> So, you should buy greenbone to get connector >> >> -- >> Eero >> >> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <[email protected] >> <mailto:[email protected]>>: >> Strange. If you go to OpenVAS menu Configurations->Alerts and create a new >> Alert you see an option that says Sourcefire Connector and the configuration >> fields for it maybe it is not fully implemented. >> Another strange thing as i said in the first post is that in the INSTALL >> file in the OpenVAS Manager source code it says that it has a Sourcefire >> Connector but in order for it to work it needs a program that i cannot find >> anywhere. >> >> … >> Prerequisites for Sourcefire Connector alert: >> * A program in the PATH called greenbone_sourcefire_connector that takes args >> IP, port, PKCS12 file and report file in Sourcefire format. >> … >> >> I would like to find this program as i think it is the only thing i need to >> get it working. >> >>> No dia 17/08/2016, às 08:07, Eero Volotinen <[email protected] >>> <mailto:[email protected]>> escreveu: >>> >>> Well. there is no sourcefire connector for openvas. Only supported format >>> is sourcefire report that you can manually import to sourcefire system. >>> >>> ref: >>> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate >>> >>> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate> >>> (source) >>> >>> Eero >>> >>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <[email protected] >>> <mailto:[email protected]>>: >>> I think it is supported because it has an specific alert for it and >>> Greenbone appliances use the same version that is available. If it was not >>> supported why there would be an alert for it and why the connector was >>> mentioned in the INSTALL file? >>> >>> > I think it is not supported on openvas. >>> > >>> > Eero >>> > >>> > >>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <[email protected] >>> > <mailto:[email protected]>> kirjoitti: >>> > I have been trying to integrate OpenVAS with Sourcefire for sometime now >>> > without success. I have seen in this threads >>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html >>> > >>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html>, >>> > >>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html >>> > >>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html> >>> > that when we import the Sourcefire report format from >>> > http://greenbone.net/technology/report_formats.de.html >>> > <http://greenbone.net/technology/report_formats.de.html> it returns an >>> > HTTP 500 error. I have solved this issue by downloading the source code >>> > and retrieving the sourcefire report format files and change them to >>> > support gpg signatures that OpenVAS 8 uses. Next i generated gpg keys in >>> > the OpenVAS homedir and imported the files create_report_import, >>> > sourcefire.xsl, and generate to the OpenVAS machine and ran >>> > create_report_import. That generated the correct sourcefire.xml that i >>> > imported to OpenVAS GSA without error and then i changed the status to >>> > active. After that i scanned a target and saved the report in Sourcefire >>> > format and it was correct. (I tested this in Ubuntu, Kali, and CentOS >>> > versions and for some reason there seems to be a bug in the CentOS >>> > version because the report saved is empty with 0KB but it works for the >>> > other versions) After that i tested the connection from the OpenVAS >>> > machine to the Sourcefire DC 8307 port and it was open, generated the >>> > pkcs12 file in the Sourcefire DC for Openvas with the correct IP, created >>> > the respective Alert with the Sourcefire IP and the pkcs12 certificate >>> > file. Ran a scan and nothing happened, even listening with tcpdump there >>> > was no connection made and the OpenVAS Manager log (raised to level 128) >>> > presented the following lines : >>> > >>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task >>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Requested >>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task >>> > b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by admin >>> > event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task >>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Running >>> > event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task >>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done >>> > event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task >>> > cyberwatch was triggered (Event: Task status changed to 'Done', >>> > Condition: Always) >>> > >>> > . After that i investigated what happens when an alert is executed and >>> > found out this in the INSTALL file in the OpenVAS Manager source code: >>> > >>> > Prerequisites for Sourcefire Connector alert: >>> > * A program in the PATH called greenbone_sourcefire_connector that takes >>> > args >>> > IP, port, PKCS12 file and report file in Sourcefire format. >>> > >>> > And then found that the Sourcefire alert script is called by the OpenVAS >>> > Manager and this script present in the installation (path: >>> > /usr/share/openvas/openvasmd/global_alert_methods/) executes the >>> > greenbone_sourcefire_connector program from PATH. >>> > I could not find this greenbone_sourcefire_connector program in any of >>> > the OpenVAS versions that i installed or even on the Internet. Does >>> > someone have this file or it only exists in the Greenbone Appliances as >>> > their manual show how to configure this functionality. Can anybody help >>> > me with this please? >>> > >>> > >>> > _______________________________________________ >>> > Openvas-discuss mailing list >>> > [email protected] >>> > <mailto:[email protected]> >>> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>> > >>> > <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss> >>> >>> >> >> > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
