Greenbone Vulnerability Manager
22.4.0~dev1
|
During a scan various assets are identfied. The findings are by default used to update the asset database. Since assets may already be present in the database or even be present with contradictive properties, a ruleset defines how the asset database is updated upon findings.
When a host is detected, and there is at least one asset host that has the same name and owner as the detected host, and whose identifiers all have the same values as the identifiers of the detected host, then the most recent such asset host is used. Otherwise a new asset host is created. Either way the identifiers are added to the asset host. It does not matter if the asset host has fewer identifiers than detected, as long as the existing identifiers match.
At the beginning of a scan, when a host is first detected, the decision about which asset host to use is made by host_notice. At the end of the scan, if the host has identifiers, then this decision is revised by hosts_set_identifiers to take the identifiers into account.
Host identifiers can be ip, hostname, MAC, OS or ssh-key.
This documentation includes some pseudo-code and tabular definition. Eventually one of them will repalce the other.
Name : The assigned name (usually the IP) IP : The detected IP Hostname: The detected Hostname OS: : The detected OS
If IP And Not Hostname: If Not Assets.Host(id=Name) And Not Assets.Host(attrib=IP, IP): Assets.Host.New(id=Name, ip=IP) If Assets.Host(id=Name) == 1: Assets.Host.Add(id=Name, ip=IP)
This pseudo-code is equivalent to the first two rows of:
Detection | Asset State | Asset Update |
---|---|---|
IP address X. | No host with Name=X or any ip=X. | Create host with Name=X and ip=X. |
IP address X. | Host A with Name=X. | Add ip=X to host A. |
IP address X. | (Host A with Name=X and ip=X) and (Host B with Name=X and ip=X). | Add ip=X to host (Newest(A,B)). |
IP address X with Hostname Y. | Host A with Name=X and ip=X. | Add ip=X and hostname=Y to host A. |
IP address X with Hostname Y. | Host A with Name=X and ip=X and hostname=Y. | Add ip=X and hostname=Y to host A. |
IP address X with Hostname Y. | Host A with Name=X and ip=X and hostname<>Y. | Create host with Name=X, ip=X and hostname=Y. |
IP address X with Hostname Y. | Host A with Name=X and ip=X and hostname=Y and host B with Name=X and ip=X. | Add ip=X and hostname=Y to host (Newst(A,B)). |
Follow up action: If a MAC, OS or ssh-key was detected, then the respective identifiers are added to the asset host selected during asset update.
If OS: If Not Assets.OS(id=OS): Assets.OS.New(id=OS)
This pseudo-code is equivalent to:
Detection | Asset State | Asset Update |
---|---|---|
OS X. | No OS with Name=X. | Create OS with Name=X. |
OS X. | OS with Name=X. | No action. |