OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. ( https://docs.greenbone.net/GSM-Manual/gos-3.1/en/scanning.html )
OpenVAS Product Configurations
The following are the most popular OpenVAS configurations provided by ZeroNorth:
- Openvas-full-and-very-deep (Configuration: 708f25c4-7489-11df-8094-002264764cea) - This configuration differs from the Full and Fast configuration in the results of the port scan not having an impact on the selection of the NVTs. Therefore, NVTs will be used that will have to wait for a timeout. This scan is very slow.
- Openvas-full-and-very-deep-ultimate (Configuration: 74db13d6-7489-11df-91b9-002264764cea) - This configuration adds the dangerous NVTs that could cause possible service or system disruptions to the Full and very deep configuration.
Activating an OpenVAS Scenario (ZeroNorth-hosted)
To use OpenVAS via ZeroNorth, you must first “activate” an OpenVAS Scenario. As an open-source tool, the use of OpenVAS via the ZeroNorth platform has no added cost, and requires no special server installation.
To activate an OpenVAS Scenario:
- Sign in to the ZeroNorth web UI at https://fabric.zeronorth.io .
- Go to zn ADM > Scenarios .
- Locate the Product "OpenVAS ".
- Click on the +Add Scenario button to the bottom right of the Product.
- In the subsenquent Scenario details panel, select the desire Product Configuration (e.g. one of the ones described above).
- Provide or edit the Name of the Scenario.
- Click Save .
The OpenVAS Scenario is now ready for use in a Policy.
Activating an OpenVAS Scenario (using your own OpenVAS server)
If you have your own OpenVAS server, you must supply the host and the credentials during Scenario activation. Follow steps 1 through 5 from the above, then:
- Enter the OpevVAS server’s Host (not the URL). This should be in the form “openvas.my.com”.
- Enter the admin Username .
- Enter the admin Password .
- Click Save .
In most cases, your own OpenVAS server will be accessible only from within your own intranet. Since ZeroNorth can’t connect to it, you will likely need to use the ZeroNorth on-prem “Orchestrator” in order to scan you internal scan Targets with your own OpenVAS server. Refer to the article ZeroNorth Integration-Orchestrator for details.