With GOS 20.08, all default scan configurations, report formats, port lists and compliance policies by Greenbone Networks (hereafter referred to as “objects”) will be distributed via the Greenbone Security Feed.
Use Cases
- This feature allows for the publication and distribution of scan configurations for current, hot NVTs, for policies, and port lists. Previously, these objects as XML had to be published for manual download on the Greenbone download website, and users had to import them on their own – which was often regarded too complicated for a quick application of a new scan configuration, and it left room for errors as we were not able to track the objects’ versions very well.
- Furthermore, the feature is designed so that Greenbone Networks can also distribute report format plug-ins. This will also make bug-fixing much easier and quicker for the customer: objects can be updated and fixed for all setups with a single feed update.
Background Information
All current, default objects of these types will no longer be included in GOS. A feed update is necessary to obtain them. The default objects are no longer global objects but must be owned by a user, the “Feed Import Owner”.
New GSM orders are shipped with a feed (and the objects) present already. After a factory reset, a feed update is necessary to obtain the objects again. When upgrading from GOS 6, the old objects are used until the user runs the first successful feed update with GOS 20.08.
There will be no way to obtain the old objects again, they are intended to be replaced by the new objects.
Object Permissions
Only the Feed Import Owner, a super administrator and users who obtained respective rights are able to delete objects. If objects are deleted, they will be downloaded again during the next feed update.
If no objects should be downloaded, the Feed Import Owner must be unset.
The Feed Import Owner, a super administrator and an administrator who currently has permissions for the objects may also grant additional permissions for the objects to other users.
Normally, this only applies to the default roles. Custom roles have to be granted permissions manually first.
The objects are not editable , not even by the Feed Import Owner. This is by design to ensure that the objects function as intended by Greenbone Networks.
Status of Objects
The objects’ status is now also displayed on the page Feed Status on the web interface (see GOS 20.08: Changes to the Web Interface Page "Feed Status" - Upcoming Features (Greenbone Professional Ed) - Greenbone Community Forum).
Changing the Feed Import Owner
The Feed Import Owner is set when upgrading vom GOS 6 to GOS 20.08. A corresponding message will be displayed.
When setting up a new GSM with GOS 20.08 already installed, the first created web administrator becomes the Feed Import Owner automatically.
However, the Feed Import Owner can be changed at a later time as described here.
Setting the Access Roles
By default, the roles User , Admin and Super Admin have read access to the objects, i.e., they can see and use them on the web interface.
However, the roles that should have read access to the objects can be selected as described here.