(jumping in with a blatant ad) Try Seccubus! https://www.seccubus.com/
It specifically designed to handle vulnerability state changes over time. On Thu, Dec 14, 2017 at 11:31 AM, Joris <[email protected]> wrote: > Hi Tatooin, > > Thanks for the detailed information, I will test it out. No comments yet :) > > best regards > joris > > On Tue, Dec 12, 2017 at 9:58 PM, tatooin <[email protected]> wrote: > >> Hi Joris, >> >> No comments on this ? >> >> Regards, >> >> On Fri, 2017-12-08 at 22:00 +0100, tatooin wrote: >> >> Hi Joris, >> >> I face the same challenge than you do; as my stakeholders regularly ask >> me for delta reports which can highlight the efforts made to solve >> vulnerabilities. People will simply stop fixing vulnerabilities if the work >> done to solve previous ones is not recognized. >> So I completely agree with your statement below. >> >> Alas, it seems out of interest of OpenVAS developers. I have raised this >> topic on this mailing list already, and never received any positive answers. >> >> I tried the official way to report delta (because officially, yes, this >> is suppose to work ! Look at command "*get_reports*", you have the >> arguments @*delta_report_id *and @*delta_states)* >> >> Typically, If I do the following command to get the deltas in a csv file: >> >> *omp -h 127.0.0.1 -u admin -w xxx -iX '<get_reports >> report_id="MyLastReportID" levels="hm" >> format_id="c1645568-627a-11e3-a660-406186ea4fc5" >> delta_report_id="MySecondLastReportID" delta_states="cgns" />' | xmlstarlet >> sel -t -v get_reports_response/report/text\(\) | base64 -i -d > >> deltareport.csv* >> >> Then my deltareport.csv won't highlight any delta. Do the same with >> format_id=1a60a67e-97d0-4cbf-bc77-f71b08e7043d (PDF) you'll get the >> deltas you are looking at. >> >> But obviously, when you are doing vulnerability management programs on a >> somewhat large scale, PDF reporting is completely useless.... >> >> So in a nutshell; it is suppose to work but it doesn't. :-( >> >> Best, >> >> On Thu, 2017-12-07 at 10:12 +0100, Joris wrote: >> >> Thanks Thijs! >> >> You made me think about past results and not having to care about it: It >> is true that the tickets will be only generated on current results. On the >> other hand, does that mean that you create multiple tickets for the same >> issue if it appears in 2 consecutive scans? >> >> We're interested in differential for 2 other reasons:i Jori >> - from a security culture perspective, it would be interesting to report >> on reduction on vulnerabilities and create some noise about who is doing >> well and who is not. >> - some systems will have issues which cannot be remediated per se. By >> differential reporting, we can look at new stuff and the report would not >> be cluttered by old stuff we already knew about / ticketed. >> >> Best regards >> Joris >> >> >> On Thu, Dec 7, 2017 at 10:05 AM, Thijs Stuurman < >> [email protected]> wrote: >> >> You can schedule the scans to repeat them. >> >> >> >> Personally I wasn’t happy with the built in scheduler and automated one >> myself using python talking to the gvm-tools API. >> >> (https://github.com/Thijssss/openvas_scheduler which might help you >> automate things yourself, gvm-tools also has example scripts: >> https://bitbucket.org/greenbone/gvm-tools) >> >> >> >> I am not going for differences really; any finding with a CVSS score of > >> 4 will trigger an alert which sends an email to our ticketing system. >> >> Once a month I start my scheduler which will start any job that hasn’t >> run for 3 weeks or so. (I could leave it running in a screen forever but I >> still supervise and time it all, when it is not running I got time to >> update scan systems) >> >> >> >> If you go to tasks and click on the Reports > Total number you can see an >> overview of all the reports and quickly see if things improved or not. >> >> There is a compare button (underneath Actions, next to ‘delete’ so be >> careful), click on two and you’ll get a comparison overview. >> >> >> >> Still, why care about past results; it’s the latest scan result that >> counts in my book. >> >> >> >> Thijs Stuurman >> >> Security Operations Center | KPN Internedservices B.V. >> >> [email protected] | [email protected] >> >> T: +31(0)299476185 <+31%20299%20476%20185> | M: +31(0)624366778 >> <+31%206%2024366778> >> >> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) >> >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> >> >> W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thi >> jsstuurman >> >> >> >> *Van:* Openvas-discuss [mailto:openvas-discuss-bounce >> [email protected]] *Namens *Joris >> *Verzonden:* donderdag 7 december 2017 09:51 >> *Aan:* [email protected] >> *Onderwerp:* [Openvas-discuss] Reporting on delta's between scans on >> same host >> >> >> >> Hello list, >> >> >> >> Using the scanner here and are pretty impressed with the results and the >> web GUI. >> >> >> >> Our next move is basically to identify differences between consecutive >> scans on hosts (was a vulnerability patched? was a new vulnerability >> introduced on the system?) >> >> >> >> Based on my understanding, the system does not support this natively but >> I can be wrong. How do others solve this issue? Do you build automation >> around it ? >> >> >> >> Best regards >> >> Joris >> >> >> _______________________________________________ >> Openvas-discuss mailing >> [email protected]https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> >> _______________________________________________ >> Openvas-discuss mailing >> [email protected]https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> >> > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
