Add compatibility for Openvas 10

[jrcrnp]

Request to add compatibility with Openvas 10 where the OMP command is deprecated.

[qmontal]

This is not something in the current roadmap as we are working on a heavy refactoring to make the project modular and easy to integrate for other developers, but will be something very easily implementable when we get this priority goals done. Sorry for not being that much help on the short term with the issue.

[willemdh]

Any news on this? Installing OpenVAS on CentOS now installs by default:

openvas-scanner-6.0.0-6930.el7.art.x86_64 greenbone-vulnerability-manager-10.0.0-6947.el7.art.noarch greenbone-security-assistant-8.0.0-6932.el7.art.x86_64 openvas-smb-1.0.5-6923.el7.art.x86_64

I'm a bit confused about the versioning used and how Greenbone versions relate to OpenVAS versions. But it seems like I'm using greenbone vulnerability manager 10, which is OpenVAS 10? SO I guess Vulnwhisperer will not wor for now then?

[qmontal]

Hi @willemdh,

Don't get me wrong, but last comment I did was 9 days ago, and things haven't really changed since then. Greenbone is indeed confusing with the versions by the way they manage, but I guess it GVM 10 is the equivalent of OpenVAS 10 as you mentioned.

As the OpenVAS integration is already done for older versions, it shouldn't be very complicated to fix the issue that broke with the update to the major version, so in case you are interested on checking the code and fixing it for yourself, feel free to do a PR so that others can also enjoy it :)

Cheers!

[willemdh]

@qmontal Thanks for the answer and sorry for bothering you. I only recently started using GVM 10 and have close to zero vulnerabilty management experience. I do have a lot of Elastic experience. Depending on how things go with my PoC GVM 10 deployment, I might some day take a look at your code, but I can't make any promises.

[qmontal]

@willemdh well, its great that you have a lot of Elastic experience because I am missing all of it! I believe that Nessus does have a free version of the scanner that you could use to get familiar with it, and it is better integrated with VulnWhisperer and ELK as it was the kickstart of this project, so if you don't care about the scanner itself to get some experience in VM I would recommend you trying it out.

Sorry I can't help much more with the OpenVAS side at the moment!

[willemdh]

@qmontal Well I tried Nessus Essentials (limited to 16 ip's) at home and already got an Elastic Stack running at home.

But Nessus Pro has a limited free trial of 7 days. I was planning to wait before activating the trial at work untill I understand how vulnwhisperer works and if it it worth it.

The problem is that my employer's budget is not very large, so I started exploring GVM.

Give me a few weeks to further investigate. In the meantime if you have an Elastic question, feel free to drop me an email (check my profile for address)

[willemdh]

@qmontal Just noticed your Slack channel, but when I click the link, I get "This invite link is no longer active."

[qmontal]

Hi @willemdh,

This link should work :)

[ghost]

Any updates on this? I looked in the slack channel and wasn't able to find any.