Hi Tatooin, Thanks for the detailed information, I will test it out. No comments yet :)
best regards joris On Tue, Dec 12, 2017 at 9:58 PM, tatooin <[email protected]> wrote: > Hi Joris, > > No comments on this ? > > Regards, > > On Fri, 2017-12-08 at 22:00 +0100, tatooin wrote: > > Hi Joris, > > I face the same challenge than you do; as my stakeholders regularly ask me > for delta reports which can highlight the efforts made to solve > vulnerabilities. People will simply stop fixing vulnerabilities if the work > done to solve previous ones is not recognized. > So I completely agree with your statement below. > > Alas, it seems out of interest of OpenVAS developers. I have raised this > topic on this mailing list already, and never received any positive answers. > > I tried the official way to report delta (because officially, yes, this is > suppose to work ! Look at command "*get_reports*", you have the arguments > @*delta_report_id *and @*delta_states)* > > Typically, If I do the following command to get the deltas in a csv file: > > *omp -h 127.0.0.1 -u admin -w xxx -iX '<get_reports > report_id="MyLastReportID" levels="hm" > format_id="c1645568-627a-11e3-a660-406186ea4fc5" > delta_report_id="MySecondLastReportID" delta_states="cgns" />' | xmlstarlet > sel -t -v get_reports_response/report/text\(\) | base64 -i -d > > deltareport.csv* > > Then my deltareport.csv won't highlight any delta. Do the same with > format_id=1a60a67e-97d0-4cbf-bc77-f71b08e7043d (PDF) you'll get the > deltas you are looking at. > > But obviously, when you are doing vulnerability management programs on a > somewhat large scale, PDF reporting is completely useless.... > > So in a nutshell; it is suppose to work but it doesn't. :-( > > Best, > > On Thu, 2017-12-07 at 10:12 +0100, Joris wrote: > > Thanks Thijs! > > You made me think about past results and not having to care about it: It > is true that the tickets will be only generated on current results. On the > other hand, does that mean that you create multiple tickets for the same > issue if it appears in 2 consecutive scans? > > We're interested in differential for 2 other reasons:i Jori > - from a security culture perspective, it would be interesting to report > on reduction on vulnerabilities and create some noise about who is doing > well and who is not. > - some systems will have issues which cannot be remediated per se. By > differential reporting, we can look at new stuff and the report would not > be cluttered by old stuff we already knew about / ticketed. > > Best regards > Joris > > > On Thu, Dec 7, 2017 at 10:05 AM, Thijs Stuurman <Thijs.Stuurman@ > internedservices.nl> wrote: > > You can schedule the scans to repeat them. > > > > Personally I wasn’t happy with the built in scheduler and automated one > myself using python talking to the gvm-tools API. > > (https://github.com/Thijssss/openvas_scheduler which might help you > automate things yourself, gvm-tools also has example scripts: > https://bitbucket.org/greenbone/gvm-tools) > > > > I am not going for differences really; any finding with a CVSS score of > > 4 will trigger an alert which sends an email to our ticketing system. > > Once a month I start my scheduler which will start any job that hasn’t run > for 3 weeks or so. (I could leave it running in a screen forever but I > still supervise and time it all, when it is not running I got time to > update scan systems) > > > > If you go to tasks and click on the Reports > Total number you can see an > overview of all the reports and quickly see if things improved or not. > > There is a compare button (underneath Actions, next to ‘delete’ so be > careful), click on two and you’ll get a comparison overview. > > > > Still, why care about past results; it’s the latest scan result that > counts in my book. > > > > Thijs Stuurman > > Security Operations Center | KPN Internedservices B.V. > > [email protected] | [email protected] > > T: +31(0)299476185 <+31%20299%20476%20185> | M: +31(0)624366778 > <+31%206%2024366778> > > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) > > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > > > W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thi > jsstuurman > > > > *Van:* Openvas-discuss [mailto:[email protected]] > *Namens *Joris > *Verzonden:* donderdag 7 december 2017 09:51 > *Aan:* [email protected] > *Onderwerp:* [Openvas-discuss] Reporting on delta's between scans on same > host > > > > Hello list, > > > > Using the scanner here and are pretty impressed with the results and the > web GUI. > > > > Our next move is basically to identify differences between consecutive > scans on hosts (was a vulnerability patched? was a new vulnerability > introduced on the system?) > > > > Based on my understanding, the system does not support this natively but I > can be wrong. How do others solve this issue? Do you build automation > around it ? > > > > Best regards > > Joris > > > _______________________________________________ > Openvas-discuss mailing > [email protected]https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > _______________________________________________ > Openvas-discuss mailing > [email protected]https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
