Hi Fabrice,
I'd like to try HTTP-GET openvas alert method on a server other than
Packetfence.
So I can read all the data incoming from OpenVas and I could see if there
is also the overall evaluation and in case I can apply a regex to it.
Thanks again
Best Regards
Enrico
Il 09/03/21 03:20, Durand fabrice via PacketFence-users ha scritto:
Hello Enrico,
you can try that:
edit
https://github.com/inverse-inc/packetfence/blob/maintenance/8.3/lib/pf/factory/condition/violation.pm#L45
and replace equals by regex then you will be able to use a regex for
the oid.
Regards
Fabrice
Le 21-03-07 à 02 h 21, Enrico Becchetti via PacketFence-users a écrit :
Dear all,
I have an installation of PF version 8.3 with various backends, three
network profiles, an intrusion detector and
a server to check the compliance of the hosts connecting to the network.
It is an installation made about 3 years ago which is working without
any problems.
Now I need validation from the community on compliance feature. When
configuring a violation,
the manual says that you must specify all the vulnerabilities related
individual OIDs that
must be kept under control. What does this mean ?
Does it mean that PF reacts executing the action specified in the
trigger only following a vulnerability that
I've written in the list ?
If this is true it means that I have to write an extremely long list
of codes in advance, keep it constantly updated
and -even if you can probably put more OIDs with a wildcard character
or simply not specifying the final part of the number (*.)-
with this mechanism I can't manage the level overall vulnerability
but only individual bugs.
I use Greennone / Openvas but from the manual I read that a similar
thing can be done with Nessus.
Cuold you tell me, why does PF read a single OID instead of the
overall result produced by the scanners, which is a number from 0 to 10,
and why does it execute an action only when this value is higher than
a certain level ?
I believe that this possibility, if it is not already present, would
be very welcome to many users.
Lots of thanks !
Best Regards
Enrico
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Skype:enrico_becchetti
Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
