Am Sonntag, 23. Oktober 2016, 14:49:10 schrieb Παναγιώτης Λεόντιος: > Whenever I export a GSM scan to VERINICE via a .vna file, there is no rating > of threats and vulnerabilities in them. > > That is, although there is normal GSM CVSS rating (and GSM Lvl and CVE) > imported, the Threat Likelihood and Vulnerability Level are always set to 0. > > It seems that the CVSS rating DO NOT adjusts the Threat Likelihood and > Vulnerability Level into scenario. > > The consequence of course is that no automatic risk assessment can be > conducted, and therefore importing of openvas scans into verinice is not > actually useful because ALL the C-I-A calculations are the same for all > assets and all scenarios under the same process. > > Anyone with a hint or solution or better knowledge of the issue?
have you had a look at http://docs.greenbone.net/GSM-Manual/gos-3.1/en/connecting.html#verinice ? With non-GSM you don't have the automatic connection with verinice.PRO, but the logic should be the same when doing the transfer manually. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
