Hello, Is it possible that we look at OVAL metadata schema? Whatever that doesn't fit into the metadata, we can add them as tags. The standard will continue to improve and we can be in-line.
Chandra. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jan-Oliver Wagner Sent: Tuesday, February 07, 2012 3:10 AM To: [email protected] Subject: [Openvas-plugins] Breaking up NVT Description Hello, I am coming back to a discussion from November about breaking up the description part of the NVTs into sensible elements. Sebastien Aucouturier made a analysis on the description content and found a number of keywords (see below). The choice should be condensed to a sensible set. I imagine a solution where the NVTs will break up the description into several tags. The tags can be used by the Manager to assemble better reports (ignoring the old-style description and result block). Scanner would need to make a version check and for <= 5 it should apply traditional description and result and for newer version should only return a result reduced to the very core of result. The disadvantage of this concept is that until OpenVAS-5 is retired, the meta data in the NVTS are doubled. The advantage is to have a smooth transition. If we agree quickly on the elements it might be possible to implement a work-around into OpenVAS-5 to already process the new style as soon as it appears in the NVTs. Which could reduce the waiting time to until OpenVAS-4 retires. Current Keywords in NVTs (Nov 2011): """ Overview Synopsis Description Vulnerability Insight Solution Fix Impact Reference[s?] Workaround Example Affected [Ss]oftware(\/OS)? Risk [fF]actor Impact [lL]evel See [aA]lso CVSS Score( Report)? CVSS Base Score N(OTE|ote) Bug Report Change[Ll]og Other bugs fixed Update Information More [Ii]nformation The following package is affected The following versions are affected The following versions are vulnerable Vulnerable systems Immune systems The issue affects the following """ My first attempt to condense this (any suggestions and proposals welcome to improve this): - Overview (the short summary) - Insight (technical information for experts) - Affected (what products, services, systems are affected) - Immune (which are immunue) - Solution (how to fix the problem) And then "Results" which is what is returned only. Anything else is meta information. CVSS and risk factor are gone to tags already. References could go to xrefs. Some of the information seem to be redundant as they are available 1:1 in the original CVE reports. Any opinions, comments welcome! Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
