OpenVAS Connector

OpenVAS is the scanner component of Greenbone Vulnerability Manager, a software framework of several services and tools offering vulnerability scanning and vulnerability management. All Greenbone Vulnerability Manager products are free software, and most components are licensed under the GNU General Public License.


To import your data to Cisco Vulnerability Management, you will need to use the OpenVAS Connector under the Vulnerability Management section of the Cisco Vulnerability Management UI. The OpenVAS connector is a file-based connector. To learn more about the difference in connectors (API vs File-based) see the information here.

Prerequisites

You must be a Cisco Vulnerability Management administrator.

Configuring your Connector in Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. in the Vulnerability Management section, click OpenVAS.

OpenVas.png

 

4. On the OpenVAS XML page, enter the following information:

OpenVAS-Connector-2.png

  • Name: Enter a name for the connector, or leave it as "OpenVas".

  • Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. recommends 2-3 times the scan cadence of your connector scans).

5. Click Save and Verify.

What OpenVas Items does Cisco Vulnerability Management Import?

OpenVAS Field

Cisco Vulnerability Management Field

Notes

name

Name

 

source_vulnerability > identifier

Identifier (Vulnerability)

 

Description

Description

 

-N/A-

scanner_score

Not Imported

-N/A-

Closed

Vulnerability status is by default ‘Open’ as it is reported in the Scan Report. Once it is no longer present in the Scan Report (scanner no longer finds the vuln) we will auto-close the vulnerability.

cves

CVE

 

host_detail > host_ip

ip_address

 

host_detail > OS + best_OS_test + os_detection

Operating System

 

host_detail > ports + tcp_ports

Ports

 

-N/A-

Created

Date the vuln was first imported to Cisco Vulnerability Management. Not mapped to a OpenVAS field.

 

The Connector does not import the following:

  • Custom Fields

  • Tags

Optional Settings

The following settings can be enabled on the backend for OpenVAS Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.

Exclude Informationals

When you enable this option, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

Ignore Scanner Last Seen Time

Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

Custom Ordered Locators

Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.

Common Reasons forOpenVas Connector Run Failures

  • If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.

Additional Assistance:

Contact Support if you require any additional assistance with the OpenVas Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.