OpenVAS is the scanner component of Greenbone Vulnerability Manager, a software framework of several services and tools offering vulnerability scanning and vulnerability management. All Greenbone Vulnerability Manager products are free software, and most components are licensed under the GNU General Public License.
To import your data to the Kenna.VM module, you will need to leverage the OpenVas Connector under ‘Vulnerability Management’ tools. The OpenVAS connector is a file-based connector. To learn more about the difference in connectors (API vs File-based) click here.
Configuring your Connector in Kenna
To set up the Connector, navigate to the Connectors tab in your Kenna deployment (you must be a Kenna Administrator to do so). On the Connectors page, select OpenVAS.
Once you select the OpenVas Connector a secondary screen will appear in which you may:
-
Enter a name for the connector, or leave it as “OpenVas” if you wish.
-
Click Save and Verify.
-
If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later. (We recommend 2-3x the scan cadence of your <scanner name> Scans).
What OpenVas Items does Kenna Import?
openVAS Field |
Kenna Field |
Notes |
---|---|---|
name |
Name |
|
source_vulnerability > identifier |
Identifier (Vulnerability) |
|
Description |
Description |
|
-N/A- |
scanner_score |
Not Imported |
-N/A- |
Closed |
Vulnerability status is by default ‘Open’ as it is reported in the Scan Report. Once it is no longer present in the Scan Report (scanner no longer finds the vuln) we will auto-close the vulnerability. |
cves |
CVE |
|
host_detail > host_ip |
ip_address |
|
host_detail > OS + best_OS_test + os_detection |
Operating System |
|
host_detail > ports + tcp_ports |
Ports |
|
-N/A- |
Created |
Date the vuln was first imported to Kenna. Not mapped to a OpenVAS field. |
The Kenna Connector does not pull in the following:
-
Custom Fields
-
Tags
Optional Settings
The following settings can be enabled on the backend for <Scanner Name> Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
-
Exclude Informationals
-
When this option is enabled, Kenna will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.
-
-
Ignore Scanner Last Seen Time
-
If you do not want the asset last seen time in Kenna to be the scanner reported last seen time.
-
-
Custom Ordered Locators
-
Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.
-
Common Reasons forOpenVas Connector Run Failures
-
Unexpected data returned
-
If Kenna receives data that is not in the expected format and we are unable to process it, the connector will fail.
-
-
If more than 1% of connector payloads fail to import cleanly, Kenna will auto-fail the Connector Run
Additional Assistance:
Please contact Kenna Support should you require any additional assistance with the OpenVas Connector(s).
Comments
Please sign in to leave a comment.