Hi Joris,
No comments on this ?
Regards,On Fri, 2017-12-08 at 22:00 +0100, tatooin wrote:
> Hi Joris,
>
> I face the same challenge than you do; as my stakeholders regularly
> ask me for delta reports which can highlight the efforts made to
> solve vulnerabilities. People will simply stop fixing vulnerabilities
> if the work done to solve previous ones is not recognized.
> So I completely agree with your statement below.
>
> Alas, it seems out of interest of OpenVAS developers. I have raised
> this topic on this mailing list already, and never received any
> positive answers.
>
> I tried the official way to report delta (because officially, yes,
> this is suppose to work ! Look at command "get_reports", you have the
> arguments @delta_report_id and @delta_states)
>
> Typically, If I do the following command to get the deltas in a csv
> file:
>
> omp -h 127.0.0.1 -u admin -w xxx -iX '
> report_id="MyLastReportID" levels="hm" format_id="c1645568-627a-11e3-
> a660-406186ea4fc5" delta_report_id="MySecondLastReportID"
> delta_states="cgns" />' | xmlstarlet sel -t -v
> get_reports_response/report/text\(\) | base64 -i -d > deltareport.csv
>
> Then my deltareport.csv won't highlight any delta. Do the same with
> format_id=1a60a67e-97d0-4cbf-bc77-f71b08e7043d (PDF) you'll get the
> deltas you are looking at.
>
> But obviously, when you are doing vulnerability management programs
> on a somewhat large scale, PDF reporting is completely useless....
>
> So in a nutshell; it is suppose to work but it doesn't. :-(
>
> Best,
>
> On Thu, 2017-12-07 at 10:12 +0100, Joris wrote:
> > Thanks Thijs!
> >
> > You made me think about past results and not having to care about
> > it: It is true that the tickets will be only generated on current
> > results. On the other hand, does that mean that you create multiple
> > tickets for the same issue if it appears in 2 consecutive scans?
> >
> > We're interested in differential for 2 other reasons:i Jori
> > - from a security culture perspective, it would be interesting to
> > report on reduction on vulnerabilities and create some noise about
> > who is doing well and who is not.
> > - some systems will have issues which cannot be remediated per se.
> > By differential reporting, we can look at new stuff and the report
> > would not be cluttered by old stuff we already knew about /
> > ticketed.
> >
> > Best regards
> > Joris
> >
> >
> > On Thu, Dec 7, 2017 at 10:05 AM, Thijs Stuurman
> > ernedservices.nl> wrote:
> > > You can schedule the scans to repeat them.
> > >
> > > Personally I wasn’t happy with the built in scheduler and
> > > automated one myself using python talking to the gvm-tools API.
> > > (https://github.com/Thijssss/openvas_scheduler which might help
> > > you automate things yourself, gvm-tools also has example scripts:
> > > https://bitbucket.org/greenbone/gvm-tools)
> > >
> > > I am not going for differences really; any finding with a CVSS
> > > score of > 4 will trigger an alert which sends an email to our
> > > ticketing system.
> > > Once a month I start my scheduler which will start any job that
> > > hasn’t run for 3 weeks or so. (I could leave it running in a
> > > screen forever but I still supervise and time it all, when it is
> > > not running I got time to update scan systems)
> > >
> > > If you go to tasks and click on the Reports > Total number you
> > > can see an overview of all the reports and quickly see if things
> > > improved or not.
> > > There is a compare button (underneath Actions, next to ‘delete’
> > > so be careful), click on two and you’ll get a comparison
> > > overview.
> > >
> > > Still, why care about past results; it’s the latest scan result
> > > that counts in my book.
> > >
> > > Thijs Stuurman
> > > Security Operations Center | KPN Internedservices B.V.
> > > [email protected] | [email protected]
> > > T: +31(0)299476185 | M: +31(0)624366778
> > > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
> > > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
> > >
> > > W: https://www.internedservices.nl | L:
> > > https://nl.linkedin.com/in/thijsstuurman
> > >
> > > Van: Openvas-discuss [mailto:[email protected]
> > > ion.org] Namens Joris
> > > Verzonden: donderdag 7 december 2017 09:51
> > > Aan: [email protected]
> > > Onderwerp: [Openvas-discuss] Reporting on delta's between scans
> > > on same host
> > >
> > > Hello list,
> > >
> > > Using the scanner here and are pretty impressed with the results
> > > and the web GUI.
> > >
> > > Our next move is basically to identify differences between
> > > consecutive scans on hosts (was a vulnerability patched? was a
> > > new vulnerability introduced on the system?)
> > >
> > > Based on my understanding, the system does not support this
> > > natively but I can be wrong. How do others solve this issue? Do
> > > you build automation around it ?
> > >
> > > Best regards
> > > Joris
> > >
> > _______________________________________________
> > Openvas-discuss mailing list
> > [email protected]
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-
> > discuss
> _______________________________________________
> Openvas-discuss mailing list
> [email protected]
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-di
> scuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
