Ironvas v-0.1.6 is a highly experimental integration of Open Vulnerability Assessment System (OpenVAS).
ironvas is a highly experimental integration of Open Vulnerability Assessment System (OpenVAS) into a MAP-Infrastructure. The integration aims to share security related informations (vulnerabilities detected by OpenVAS) with other network components in the TNC architecture via IF-MAP.
ironvas consists of two elements:
+ One part – the “publisher” – simply fetches the latest scan reports stored in an OpenVAS server, converts them into IF-MAP metadata (currently “event”-metadata) and finally publishes them into a MAP server. ironvas takes care to not flood the MAPS with redundant information, furthermore you can specify a filter (in filter.js) for the vulnerabilities to publish. If a scan report is deleted from the OpenVAS server, ironvas will purge all published metadata, associated with the deleted report, from the MAPS. In other words this means that ironvas always tries to reflect the current/latest knowledge of an OpenVAS server in a MAP server. The event-metadata that ironvas published is filled with the following values from the scan reports:
– the name of the vulnerability
– the time it was discovered
– the id of the discoverer (OpenVAS server)
– the magnitude of the vulnerability
– the significance
– the event-type == CVE
– CVE information
– and the corresponding URIs for the CVE entries
+ The second, more experimental, part of ironvas – the “subscriber” – goes the other way around. It will subscribe for “request-for-investigation”-metadata of a PDP in the MAPS. If the PDP publish those metadata to an IP address, ironvas schedules a new scan task for that IP address in OpenVAS. If the scan produces new vulnerability information they are collected by the “publisher” as described above. If the PDP removes the “request-for-investigation”-metadata from the IP address, ironvas also removes the scan task (and with it the report) from OpenVAS.
OpenJDK Version 1.6 or higher
OpenVAS-4 or higher
MAP server implementation
Maven 3(sudo apt-get install maven)
tar xf v0.1.6.tar.gz
then open browser in https://127.0.0.1:8443 <-(Basic Server)