Grouping Assets using Targets

Getting Started
1

I regularly use Nexpose but I’m now exploring the switch to an open-source scanner. In Nexpose, the “Sites” feature allows me to group assets based on their departments. For instance, I can create a Core Site and include all the assets from the Core department within it. The advantage is that I can perform a collective scan of all the assets in this site and generate a consolidated report.

Now, with OpenVAS, I believe the equivalent of “Sites” in Nexpose is the “Target” option. Is this correct? If so, it seems that the “Target” option is more limited compared to “Sites” in Nexpose. In Nexpose, I can easily add or remove assets within the same site, whereas in OpenVAS, modifying assets within a target requires creating a new target and deleting the old one first.

Could someone please guide me on an alternative to “Sites” in OpenVAS?

2

I think the best place to start is from the documentation “Managing Assets” section.

Essentially, you have Host assets and Target assets. Hosts are essentially just a list of assets, while targets are used to configure scan tasks. Tags can be used to group hosts or targets into asset classes or groups to filter results, create reports, etc.

Hosts are limited to a single IP, while targets can be

  • an IP range (dash-separated, or with CIDR notation)
  • comma-separated IP addresses, FQDNs
  • created from a host file
  • be configured with accept-list / block-list for granularly removing IPs

If you use the Wizard to create a task you can just enter the target IP/IP range as mentioned above, and the target and hosts will be created automatically.

If not using the wizard, you can skip directly to creating a target and hosts will be created when creating a target.

Otherwise, when conducting host discovery scans, any discovered hosts will be automatically created as items in your host list and can be added to targets / used to create new targets.

  • Host assets can be found in from the Assets->Hosts in the top menu bar
  • Target assets can be found in the Configuration->Targets in the top menu bar

You said:

In Nexpose, I can easily add or remove assets within the same site, whereas in OpenVAS, modifying assets within a target requires creating a new target and deleting the old one first.

Its true that if a Target is assigned to an existing task you cannot modify the target, but you can clone it and modify the clone, or else you can delete all the tasks that it is connected to and then the target can be modified. Unfortunately, when you delete the task, you also delete the reports and results that were tied to the task. It would be nice if those were kept.

However, better than trying to use a single tasks or single target to organize assets into groups, you can use tags (see documentation here) and then configure filters with those tags to isolate say, a department of a company, or another type of asset class.

There are other options for other type of grouping assets, and filtering results, or reports, etc. One way would be to use tags/keywords in the target/host comments and filter by those later. It’s a fairly flexible way of managing the scan information once you have completed scans.