PlexTrac supports importing XML files from OpenVAS. OpenVAS (Open Vulnerability Assessment System) is a network security scanner and vulnerability management solution designed to identify and assess vulnerabilities in network infrastructure and web applications. It performs scans of networks and hosts to identify open ports, running services, and potential vulnerabilities.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac Field | OpenVAS Path | Notes |
---|---|---|
PlexTrac Field | OpenVAS Path |
---|---|
title
<result><nvt><name>
severity
<result><threat>
references
<result><nvt><xref> <result><nvt><certs><cert_ref id=(parse out this id) type=(parse out this type)> <result><nvt><cve> <result><nvt><bid>
A combination of: <xref>: we ignore "NOXREF" if populated in the <xref> element and <cert_ref>: we take the id and type from all cert_ref tags in the <certs> element and
<cve>: we ignore "NOCVE" if populated in the <cve> element and
<bid>: we ignore "NOBID" if populated in the <bid> element
recommendations
<result><nvt><tags>
PlexTrac parses the element into separate items based on the | delimiter that creates an array of key value pairs. Then we evaluate the array to compose description. Description is composed of the following values, if the key exists:
summary
impact
insight
affected
vuldetect
description
<result><nvt><tags>
PlexTrac parses the <tags> element into separate items based on the | delimiter that is used to create an array of key value pairs. Then we evaluate the array and compose recommendations from the following values, if the key exists:
solution
solution_type
If solution is not in the array, we populate the solution with the phrase: "A solution was not provided by the scan source"
score: <cvss>
label: cvss
value
<result><nvt><cvss_base>
calculation
<result><nvt><tags>
PlexTrac parses the element into separate items based on the | delimiter that creates an array of key value pairs. Then we evaluate the array and compose cvss calculation: Calculation is composed of the following values, if the key exists:
cvss_base_vector
asset
<result><host>