OpenVAS Scanner Integration
Overview
OpenVAS (Open Vulnerability Assessment Scanner) is an open-source vulnerability scanning framework. KYRA MDR collects OpenVAS scan results for vulnerability management. Supports GVM 21.x and 22.x.
Prerequisites
- A KYRA MDR Collector installed and running
- OpenVAS/GVM installed and configured
- GMP (Greenbone Management Protocol) API access
- Completed vulnerability scans
Configuration
Configure OpenVAS GMP API integration:
- Create an API user:
gvmd --create-user=kyra-mdr --password=<password> --role=Observer- Verify connectivity:
gvm-cli socket --xml '<get_version/>'- Configure the KYRA MDR collector:
sources: - type: openvas host: <gvm-host> port: 9390 username: kyra-mdr password: <password> poll_interval: 3600s- Restart the collector service
Collected Log Types
| Log Type | Description | Security Use |
|---|---|---|
| NVT Results | Network vulnerability test results | Vulnerability detection |
| CVE Matches | CVE identifier matches | Vulnerability tracking |
| Host Summary | Per-host vulnerability summary | Asset risk assessment |
| Severity Scores | CVSS-based severity ratings | Risk prioritization |
| Compliance | SCAP compliance check results | Regulatory compliance |
| Overrides | Manual override annotations | Finding management |
Troubleshooting
GMP connection failed: Verify gvmd is running and listening on port 9390.
No scan results: The collector only retrieves completed scan results.
Feed updates: Verify feeds are current with greenbone-feed-sync.
Contact kyra@seekerslab.com for support.