create test data so that Kibana dashboards can be automatically tested

[cybergoof]

If we can build test scripts that generate Nessus, Qualys, etc data, then we could automatically test the kibana dashboards. This might be useful.

It would also be nice to give people a view of the dashboards without downloading and installing the scanner software.

The test data will likely need to have dates updated. But the other parts of the data can be static.

[qmontal]

Created test data of OpenVAS and Nessus scanning a Metasploitable vm; it has not been possible to do it with Qualys products as they are cloud and don't allow a hosted deployment.

We will need to recheck these test data once we have the vulnerability standard and all modules following it.

[kraigu]

Qualys does have on-prem scanners, I have a few. Assuming you don't want the test scripts to run dynamically, I can set up a Metasploitable system and scan it then submit results back here, but what version of Metasploitable am I using, and what format would you like reporting in?

[qmontal]

Hi @kraigu!

Thanks for the offering, that would be awesome :) Are you talking about one of Qualys WAS and VM or both of them?

Regarding the image of Metasploitable, I just downloaded the latest one available from SourceForge, as there is where the image is hosted the official image. It would be greate to have the files that VulnWhisperer downloads and saves in the ./data/qualys folder.

Cheers!

[kraigu]

I only have a VM license, although I could possibly wrangle a trial license for WAS and do both. I'd want to do that in conjunction with a greater trial here (VM's my problem, but web apps are not, that's somebody else).

I can possibly do this some time in the next couple of weeks.

[qmontal]

Sure, don't worry about the WAS side then, and there is no rush to it, so whenever is okay for you. Thanks again for your help :)

[qmontal]

We just integrated mock tests for the Nessus/Tenable/Qualys VM thanks to @pemontto 's PR https://github.com/HASecuritySolutions/VulnWhisperer/pull/164, details for testing it are in https://github.com/HASecuritySolutions/VulnWhisperer/wiki/VulnWhisperer-Mock-Testing.