OpenVAS GLPi plugin for GLPi
This plugin integrates OpenVAS with GLPI.
- Retrieve OpenVAS informations for GLPi assets
- Get severity & threat for assets
- Import vulnerabities (results)
- Create tickets based on vulnerabities data
- Create tasks, request start and stop
The plugin has only been tested on Linux.
You need the followings components:
- GLPI (at least 9.1.1 version)
- OpenVAS manager 8 up and running
- PHP >= 5.5
- openvas-cli package installed to provide omp executable
You need to create a user able to connect and administrate OpenVAS. The use should be able to see all data, and create tasks/request task start & stop
Copy the plugin folder into your glpi/plugins directory. The folder must be named 'openvas' otherwise GLPI framework will fail to initialize the plugin.
Next, go to glpi interface, navigate to the Administatrion > Plugins page. Find the openvas line, click on Install button, and after refresh, click on Enable button.
Once the plugin enabled, you may click on this name or go into Setup > General menu to display the plugin configuration.
You will see this page:
Fill the configuration fields in order to perform the OpenVAS connection :
- Host: IP or hostname of OpenVAS manager
- Manager port: OpenVAS management port (by default 9390)
- Console port: OpenVAS management console port (by default 9392)
- User: user to connect to OpenVAS
- Password: user's password
- Target retention delay: number of days after which target & vulnerabities infos are deleted
- Number of days for searches: value to use for time restriction during OpenVAS queries
- Request source: the request source to use when creating tickets from vulnerabities
- Color palette: colors to represent OpenVAS threat levels
The test button is used to test the connection to OpenVAS manager.
3 automatic actions are added by the plugin:
- openvasSynchronize: used to perform hosts to asset matching and informations retrieval
- openvasSynchronizeVulnerabilities: import vulnerabities (results) from OpenVAS in GLPi. Can also create tickets
- openvasClean : clean not accurate data, based on the creation date
You must start by launching openvasSynchronize, then openvasSynchronizeVulnerabilities.
OpenVAS vulnerabities menu
Vulnerabities can be found at Tools > OpenVAS menu. A small green icon allows user to switch from vulnerabities view to tasks view.
A vulnerabity can be linked to several hosts. If a host is linked to an asset in GLPi, you can access the host directly from the vulnerabity.
OpenVAS asset tab
If a GLPi asset is linked to an OpenVAS host, a new OpenVAS tab is diplayed. The tab lists:
- general informations (name, comment, severity & threat)
- the list of tasks for this host
- vulnerabities linked to the host
OpenVAS vulnerabities rules
A rules engine is available at Administration > Rules. It has 2 actions :
- ignore vulnerabity import
- create a ticket based on a template
To use threat as a criteria, here are the possible values:
To match vulnerabilities having a threat at least equals to Low, you must use a regex: Threat regex checks /Low|Medium|High/