csalt
1
How to find the QoD value for an application from the XML file results?
There are some CPEs that are missing some information like version and vendor.
When I am trying to import an XML report inside OpenVAS, it asks if we want to add assets with QoD >=70%:
The question is how to find the QoD for all the applications inside the XML file? Do you suggest to not considering applications with QoD < 70%?
Example parts from an XML file:
<detail>
<name>App</name>
<value>cpe:/a:portmap:portmap</value>
<detail>
<name>OS</name>
<value>cpe:/o:debian:debian_linux</value>
<detail>
<name>OS</name>
<value>cpe:/o:linux:kernel</value>
<detail>
<name>App</name>
<value>cpe:/a:postfix:postfix</value>
TreAtW
2
You can find the QoD for results in the XML, not for applications. There can be multiple results for the same application with different QoDs.
Result XML nodes look like this:
<result id="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">
<name>Vuln name goes here</name>
...
<severity>6.9</severity>
<qod> <----------------------------- QoD part
<value>70</value> |
<type/> |
</qod> <---------------|
<description>
(Description goes here)
</description>
<original_threat>Medium</original_threat>
<original_severity>6.9</original_severity>
</result>
Personally, I consider a QoD of 70% a sane default. Here’s the part in the documentation that describes what each QoD percentage means, so you can decide for yourself which QoDs you want to include.
1 Like
