I looked the source and it looks very simple xml to csv converter & uploader. It might be possible to add basic support to openvas BUT I don't have access to any sourcefire dc for testing..
Eero 18.8.2016 4.04 ip. "Eero Volotinen" <eero.voloti...@iki.fi> kirjoitti: > I think connector might be based on same source. I think it works with > openvas with some modifications, if sourcefire dc api is still same. > (source code is from year 2014?) > > -- > Eero > > 2016-08-18 14:05 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com>: > >> Thanks for the tip. This script seems similar to the one used by Rapid7 >> to integrate Nexpose with Sourcefire. Meanwhile i have contacted Greenbone >> technical sales and they informed me that i should contact Cisco regarding >> the connector. >> >> No dia 17/08/2016, às 16:36, Eero Volotinen <eero.voloti...@iki.fi> >> escreveu: >> >> If your company is willing to pay, it should be simple to port this >> nessus opensource connector to openvas.. >> >> https://supportforums.cisco.com/document/12305426/nessus-rep >> ort-upload-tool-host-input-api >> >> Eero >> >> 2016-08-17 17:18 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com>: >> >>> I think there is no documentation for OpenVAS in the site they advice to >>> use the Greenbone Security Manual. >>> Is the lack of the program greenbone_sourcefire_connector a reason to >>> submit a bug report? >>> >>> No dia 17/08/2016, às 15:15, Eero Volotinen <eero.voloti...@iki.fi> >>> escreveu: >>> >>> You are free to submit fixes to documentation ;) >>> >>> Eero >>> >>> 2016-08-17 16:39 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com>: >>> >>>> It would be nice that they mentioned what works and what does not on >>>> the free version. I spent a lot of time for nothing probably :( . >>>> It would be nice if someone with the Greenbone paid version could >>>> confirm that the connector exists or the greenbone_sourcefire_connector >>>> program. >>>> >>>> No dia 17/08/2016, às 14:03, Eero Volotinen <eero.voloti...@iki.fi> >>>> escreveu: >>>> >>>> I think that is normal way that opensource works. You usually need to >>>> pay for more advanced features like this ;) >>>> >>>> Eero >>>> >>>> 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com>: >>>> >>>>> That is what i think too. But its strange that it appears in the free >>>>> version and in the INSTALL file of the free version it looks like they use >>>>> the same version but leave some internal components out or maybe they >>>>> forgot to put it there because it is an feature not used normally by first >>>>> time users. Anyway it would be nice if someone with the Greenbone paid >>>>> version could confirm this. >>>>> >>>>> No dia 17/08/2016, às 12:22, Eero Volotinen <eero.voloti...@iki.fi> >>>>> escreveu: >>>>> >>>>> I think it's only available on commercial greenbone version. >>>>> >>>>> So, you should buy greenbone to get connector >>>>> >>>>> -- >>>>> Eero >>>>> >>>>> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com> >>>>> : >>>>> >>>>>> Strange. If you go to OpenVAS menu Configurations->Alerts and create >>>>>> a new Alert you see an option that says Sourcefire Connector and the >>>>>> configuration fields for it maybe it is not fully implemented. >>>>>> Another strange thing as i said in the first post is that in the >>>>>> INSTALL file in the OpenVAS Manager source code it says that it has a >>>>>> Sourcefire Connector but in order for it to work it needs a program that >>>>>> i >>>>>> cannot find anywhere. >>>>>> >>>>>> … >>>>>> Prerequisites for Sourcefire Connector alert: >>>>>> * A program in the PATH called greenbone_sourcefire_connector that >>>>>> takes args >>>>>> IP, port, PKCS12 file and report file in Sourcefire format. >>>>>> … >>>>>> >>>>>> I would like to find this program as i think it is the only thing i >>>>>> need to get it working. >>>>>> >>>>>> No dia 17/08/2016, às 08:07, Eero Volotinen <eero.voloti...@iki.fi> >>>>>> escreveu: >>>>>> >>>>>> Well. there is no sourcefire connector for openvas. Only supported >>>>>> format is sourcefire report that you can manually import to sourcefire >>>>>> system. >>>>>> >>>>>> ref: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-ma >>>>>> nager/report_formats/sourcefire/generate (source) >>>>>> >>>>>> Eero >>>>>> >>>>>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com> >>>>>> : >>>>>> >>>>>>> I think it is supported because it has an specific alert for it and >>>>>>> Greenbone appliances use the same version that is available. If it was >>>>>>> not >>>>>>> supported why there would be an alert for it and why the connector was >>>>>>> mentioned in the INSTALL file? >>>>>>> >>>>>>> > I think it is not supported on openvas. >>>>>>> > >>>>>>> > Eero >>>>>>> > >>>>>>> > >>>>>>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <fabiogfernan...@gmail.com> >>>>>>> kirjoitti: >>>>>>> > I have been trying to integrate OpenVAS with Sourcefire for >>>>>>> sometime now without success. I have seen in this threads >>>>>>> http://lists.wald.intevation.org/pipermail/openvas-discuss/2 >>>>>>> 012-October/004602.html, http://lists.wald.intevation.o >>>>>>> rg/pipermail/openvas-discuss/2012-December/004771.html that when we >>>>>>> import the Sourcefire report format from >>>>>>> http://greenbone.net/technology/report_formats.de.html it returns >>>>>>> an HTTP 500 error. I have solved this issue by downloading the source >>>>>>> code >>>>>>> and retrieving the sourcefire report format files and change them to >>>>>>> support gpg signatures that OpenVAS 8 uses. Next i generated gpg keys in >>>>>>> the OpenVAS homedir and imported the files create_report_import, >>>>>>> sourcefire.xsl, and generate to the OpenVAS machine and ran >>>>>>> create_report_import. That generated the correct sourcefire.xml that i >>>>>>> imported to OpenVAS GSA without error and then i changed the status to >>>>>>> active. After that i scanned a target and saved the report in Sourcefire >>>>>>> format and it was correct. (I tested this in Ubuntu, Kali, and CentOS >>>>>>> versions and for some reason there seems to be a bug in the CentOS >>>>>>> version >>>>>>> because the report saved is empty with 0KB but it works for the other >>>>>>> versions) After that i tested the connection from the OpenVAS machine to >>>>>>> the Sourcefire DC 8307 port and it was open, generated the pkcs12 file >>>>>>> in >>>>>>> the Sourcefire DC for Openvas with the correct IP, created the >>>>>>> respective >>>>>>> Alert with the Sourcefire IP and the pkcs12 certificate file. Ran a scan >>>>>>> and nothing happened, even listening with tcpdump there was no >>>>>>> connection >>>>>>> made and the OpenVAS Manager log (raised to level 128) presented the >>>>>>> following lines : >>>>>>> > >>>>>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task >>>>>>> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >>>>>>> Requested >>>>>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task >>>>>>> b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by >>>>>>> admin >>>>>>> > event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task >>>>>>> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >>>>>>> Running >>>>>>> > event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task >>>>>>> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >>>>>>> Done >>>>>>> > event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for >>>>>>> task cyberwatch was triggered (Event: Task status changed to 'Done', >>>>>>> Condition: Always) >>>>>>> > >>>>>>> > . After that i investigated what happens when an alert is executed >>>>>>> and found out this in the INSTALL file in the OpenVAS Manager source >>>>>>> code: >>>>>>> > >>>>>>> > Prerequisites for Sourcefire Connector alert: >>>>>>> > * A program in the PATH called greenbone_sourcefire_connector that >>>>>>> takes args >>>>>>> > IP, port, PKCS12 file and report file in Sourcefire format. >>>>>>> > >>>>>>> > And then found that the Sourcefire alert script is called by the >>>>>>> OpenVAS Manager and this script present in the installation (path: >>>>>>> /usr/share/openvas/openvasmd/global_alert_methods/) executes the >>>>>>> greenbone_sourcefire_connector program from PATH. >>>>>>> > I could not find this greenbone_sourcefire_connector program in >>>>>>> any of the OpenVAS versions that i installed or even on the Internet. >>>>>>> Does >>>>>>> someone have this file or it only exists in the Greenbone Appliances as >>>>>>> their manual show how to configure this functionality. Can anybody help >>>>>>> me >>>>>>> with this please? >>>>>>> > >>>>>>> > >>>>>>> > _______________________________________________ >>>>>>> > Openvas-discuss mailing list >>>>>>> > Openvas-discuss@wald.intevation.org >>>>>>> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>>>>>> penvas-discuss >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> >
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
