Thanks Thijs, I am conducting an internal scan, and testing openvas.
I was confused because we have Nessus and there is a policy related to PCI DSS and thought I could find the same in openVAS Best Regards, Ahmad Al Talafha From: Thijs Stuurman [mailto:[email protected]] Sent: Thursday, August 24, 2017 12:11 PM To: Ahmad Al-Talafha <[email protected]>; Eero Volotinen <[email protected]> Cc: [email protected] Subject: RE: [Openvas-discuss] DSS PCI NVT family missing I suppose the default scan config “Full and fast” would suffice. Personally I do not use OpenVAS for PCI environments and opted for a Nessus VM which has a PCI internal vulnerability scan option. The only reason for that is because the PCI auditors (and our customers) know and trust Nessus and it clearly shows it is a PCI internal scan which was performed. It just makes the audits easier. If in any doubt, contact your PCI auditor to verify what he thinks is acceptable. Thijs Stuurman Security Operations Center | KPN Internedservices [email protected]<mailto:[email protected]> | [email protected]<mailto:[email protected]> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:[email protected]] Namens Ahmad Al-Talafha Verzonden: donderdag 24 augustus 2017 11:02 Aan: Eero Volotinen <[email protected]<mailto:[email protected]>> CC: [email protected]<mailto:[email protected]> Onderwerp: Re: [Openvas-discuss] DSS PCI NVT family missing Hi Eero, Please can you tell me in this case which NVT family to choose, and how I can check if all plugins are enabled Best Regards, Ahmad Al Talafha From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Eero Volotinen Sent: Thursday, August 24, 2017 10:32 AM To: Ahmad Al-Talafha <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [Openvas-discuss] DSS PCI NVT family missing There is no such as PCI family in openvas. For internal PCI scanning you need to enable all plugins and scan all tcp ports. Eero 2017-08-24 10:07 GMT+03:00 Ahmad Al-Talafha <[email protected]<mailto:[email protected]>>: Dears, Hope this mail finds you well I am using openvas Version 7.0.2, and I am trying to run a PCI compliance scan but I cant find PCI family in the NVTs. My NVTs status shows “Too old (14 days) - Please check the automatic synchronization of your system” Please advise on this case, what I am missing Best Regards, Ahmad Al Talafha _______________________________________________ Openvas-discuss mailing list [email protected]<mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
