Consolidating OpenVAS Scan Results and Analyzing Vulnerability Trends in DefectDojo

[Whitehorse2]

Hi everyone,

I’m using Greenbone/OpenVAS to scan multiple network segments (hundreds of sub-networks/tasks) from different perspectives or scanners. My goal is to track vulnerability reduction over time and verify if network security is improving. However, I’m facing a few challenges:

1. Scan Variability: The scan schedules, number of scans, and devices scanned vary significantly. This makes it difficult to compare results across time, especially since new network segments (tasks) are added frequently.

2. DefectDojo Integration Issues:

   • My approach has been to treat an Engagement in DefectDojo as a combination of a sensor and a specific subnet. I do the same for other sensors, which scan the same subnet target.
   • I want to merge scan data from different sensors (e.g., one scans from the internet, another internal Sensors). The same assets are scannt from angles. I can't get a clear overview of resolved vs. remaining vulnerabilities.
   • The "Close old findings" feature closes findings at the import date instead of the next scan report's date, which skews the data.
   • I’m struggling to get metrics that show how many vulnerabilities were newly found or resolved over time from the imported scan data.
   • I can only see verified findings under "all hosts," how can I display all findings, not just the verified ones?

Any advice on how to best import and consolidate XML scan data across sensors, track vulnerability trends, and improve DefectDojo integration would be greatly appreciated!

Thanks in advance!