Dear All,
Whenever I export a GSM scan to VERINICE via a .vna file, there is no rating of threats and vulnerabilities in them. That is, although there is normal GSM CVSS rating (and GSM Lvl and CVE) imported, the Threat Likelihood and Vulnerability Level are always set to 0. It seems that the CVSS rating DO NOT adjusts the Threat Likelihood and Vulnerability Level into scenario. The consequence of course is that no automatic risk assessment can be conducted, and therefore importing of openvas scans into verinice is not actually useful because ALL the C-I-A calculations are the same for all assets and all scenarios under the same process. Anyone with a hint or solution or better knowledge of the issue? Thank you in advance, Panos Panagiotis Leontios Business Engineer | Project Manager | Consultant BEng, DIC, MSc, MBA, IRCA Lead Auditor M: +30 6977 976269 E: <mailto:[email protected]> [email protected] B: <http://pleontios.wordpress.com/> pleontios.wordpress.com L: <http://www.linkedin.com/in/leontios> www.linkedin.com/in/leontios T: <https://twitter.com/pleontios> @pleontios
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
