I imagine this has been answered before, but I can’t seem to pin down an authoritative answer.
We’ve built a system which runs OpenVAS as part of a collection of other tools integrated together with custom code. We’d like to benefit from the “enterprisey” plugins that sets the GSF over the GCF (such as tests for SCADA, etc.), but we’d like to keep the scanner integrated with our other home-built automation software that manages scans and interprets/collates the results according to our needs.
We’re looking for anything along these lines:
Ideally, a way to pay for a subscription to GSF and use it from within OpenVAS
A way to run the full paid Greenbone scanner with GSF, but on our own hardware in our own OS/environment rather than as a virtual machine
As a last resort: a way to run the paid Greenbone scanner with GSF as a VM, but still control it headlessly via some sort of API (as opposed to having to go through Greenbone’s GUI - which is great but requires user interaction, which is not suitable for our purposes).
Anything I haven’t thought of?
Are any of these things possible? Thanks in advance for the guidance.
Please have a look here and follow the PDF linked there:
There is no way to buy a GSF for a homemade GVM setup.
It can be purchased only in combination with a Greenbone-approved/maintained environment,
namely Greenbone OS.
There are commercial virtual appliances offered by Greenbone that do offer the GMP API.
Currently there is GSM ONE, and soon two further virtual products are going to be launched,
one positioned below GSM ONE, and the other positioned above GSM ONE. You can operate all of them headless.
See here for an overview:
Thanks you so much for your update and help, i have tried to access the PDF link but it is not accessible getting error, if there is any other that will be really helpful.
As per comment “It can be purchased only in combination with a Greenbone-approved/maintained environment, namely Greenbone OS.” so want to know what will be the charge for this environment. as we have only 50-100 Servers to be managed , so if we have licensing cost then it will be helpful for us.
Also if we want to go with GCF open source version , so in that alarming of vulnerability is available?