[Openvas-plugins] Breaking up NVT Description

Jan-Oliver Wagner Jan-Oliver.Wagner at greenbone.net
Mon Feb 6 22:40:24 CET 2012 

Hello,

I am coming back to a discussion from November
about breaking up the description part of the NVTs into
sensible elements.

Sebastien Aucouturier made a analysis on the description
content and found a number of keywords (see below).
The choice should be condensed to a sensible set.

I imagine a solution where the NVTs will break up the description
into several tags. The tags can be used by the Manager to
assemble better reports (ignoring the old-style description and
result block). Scanner would need to make a version check and
for <= 5 it should apply traditional description and result
and for newer version should only return a result reduced to the very
core of result.
The disadvantage of this concept is that until OpenVAS-5 is retired,
the meta data in the NVTS are doubled. The advantage is to have a
smooth transition.

If we agree quickly on the elements it might be possible to
implement a work-around into OpenVAS-5 to already process the new
style as soon as it appears in the NVTs. Which could reduce
the waiting time to until OpenVAS-4 retires.


Current Keywords in NVTs (Nov 2011):
"""
Overview
Synopsis
Description
Vulnerability Insight
Solution
Fix
Impact
Reference[s?]
Workaround
Example
Affected [Ss]oftware(\/OS)?
Risk [fF]actor
Impact [lL]evel
See [aA]lso
CVSS Score( Report)?
CVSS Base Score
N(OTE|ote)
Bug Report
Change[Ll]og
Other bugs fixed
Update Information
More [Ii]nformation
The following package is affected
The following versions are affected
The following versions are vulnerable
Vulnerable systems
Immune systems
The issue affects the following
"""

My first attempt to condense this (any suggestions
and proposals welcome to improve this):

- Overview (the short summary)
- Insight (technical information for experts)
- Affected (what products, services, systems are affected)
- Immune (which are immunue)
- Solution (how to fix the problem)

And then "Results" which is what is returned only.
Anything else is meta information.

CVSS and risk factor are gone to tags already. References could go
to xrefs. Some of the information seem to be redundant as they are
available 1:1 in the original CVE reports.

Any opinions, comments welcome!

Best

	Jan

-- 
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner

More information about the Openvas-plugins mailing list