Re: [Openvas-discuss] OPENVAS EXPORT TO VERINICE

2016-11-10 Thread Jan-Oliver Wagner 
Am Sonntag, 23. Oktober 2016, 14:49:10 schrieb Παναγιώτης Λεόντιος:
> Whenever I export a GSM scan to VERINICE via a .vna file, there is no rating
> of threats and vulnerabilities in them.
> 
> That is, although there is normal GSM CVSS rating (and GSM Lvl and CVE)
> imported, the Threat Likelihood and Vulnerability Level are always set to 0.
> 
> It seems that the CVSS rating DO NOT adjusts the Threat Likelihood and
> Vulnerability Level into scenario.
> 
> The consequence of course is that no automatic risk assessment can be
> conducted, and therefore importing of openvas scans into verinice is not
> actually useful because ALL the C-I-A calculations are the same for all
> assets and all scenarios under the same process.
> 
> Anyone with a hint or solution or better knowledge of the issue?

have you had a look at

  http://docs.greenbone.net/GSM-Manual/gos-3.1/en/connecting.html#verinice

?

With non-GSM you don't have the automatic connection with verinice.PRO, but
the logic should be the same when doing the transfer manually.

-- 
Dr. Jan-Oliver Wagner |  +49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] OPENVAS EXPORT TO VERINICE

2016-10-23 Thread Παναγιώτης Λεόντιος 
Dear All,

 

Whenever I export a GSM scan to VERINICE via a .vna file, there is no rating
of threats and vulnerabilities in them.

That is, although there is normal GSM CVSS rating (and GSM Lvl and CVE)
imported, the Threat Likelihood and Vulnerability Level are always set to 0.

It seems that the CVSS rating DO NOT adjusts the Threat Likelihood and
Vulnerability Level into scenario.

The consequence of course is that no automatic risk assessment can be
conducted, and therefore importing of openvas scans into verinice is not
actually useful because ALL the C-I-A calculations are the same for all
assets and all scenarios under the same process.

 

Anyone with a hint or solution or better knowledge of the issue?

 

Thank you in advance,

Panos   

 

Panagiotis Leontios

Business Engineer | Project Manager | Consultant

BEng, DIC, MSc, MBA, IRCA Lead Auditor

 

M: +30 6977 976269

E:   leonti...@ath.forthnet.gr

B:   pleontios.wordpress.com

L:   www.linkedin.com/in/leontios

T:   @pleontios

 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss