[Openvas-discuss] Email on threat count increase

Brandon Perry bperry.volatile at gmail.com
Sat May 12 16:23:36 CEST 2012

You could always roll your own report diffing mechanism. Have your base
report be diffed with the new report (you can automate omp easily), then
use sendmail or something to email the diff to whomever is responsible.
On May 12, 2012 9:10 AM, "Russell Jones" <rjones at eggycrew.com> wrote:

>  Thanks for your help!
> I suppose that leads to my next question then. I need to be able to find a
> way of emailing only when new ports are discovered as open. Something I
> noticed is the "Risk Factor" of the Nmap (NASL Wrapper) scanner says it has
> a Risk of "High", yet when it discovers new ports they are placed as either
> Log or Low threat level. I think I may be misunderstanding what the Risk
> column represents in the Scan Config.
> If I could get the ports that OpenVAS to actually be something higher than
> Log or Low, I could possibly override them to be Low after I have verified
> they are fine, and that would have the added benefit of making the Threat
> Level increase, and kicking off an email.
>    - What does the Risk column mean in the "Scan Config Family Details"?
>    I see in the help it says "Shows the risk factor of a NVT. Any NVT has a
>    value." I would expect that to mean then when something is detected as
>    problem under that NVT it would carry a "High" threat level, yet that
>    doesn't seem to be the case.
>    - Is there a way of increasing all ports that are discovered as open
>    from Log/Low to be Medium or higher for Nmap? I've been all through GSA and
>    haven't been able to find a way of doing that.
>  Thanks again for your help!
> On 5/12/2012 3:56 AM, Matthew Mundell wrote:
>  Is it possible to have an alert email sent when the Threat Count has
> increased and not necessarily the Threat Level along with it? Basically
> I am trying to get an email sent out when a new open port is discovered
> by the "Nmap NASL Wrapper" port scanner regardless of if it has
> increased the Threat Level as a result.
> No, this is not currently possible.  The only conditions at the moment are
> the three that appear in the GSA.
> --
> Greenbone Networks GmbH
> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20120512/0ab48fca/attachment.html>

More information about the Openvas-discuss mailing list