Hello GVM crew,
I’m working on integrating a security solution with GVM that is going to augment discovered host details with specific metadata linked to CPEs detected by the “Product Detection” NVT family in that scan. For instance, if a plugin included in “Product Detection” family detect a camera and sets a CPE using “register_product” or “register_and_report_cpe”, then my scanner should be invoked with that CPE (or host details) of that product and report back some metadata related to the CPE. Therefore, this scanner would be accepting CPE string instead of a target hostname or IP address as it’s the case for the OSP scanners that I have seen so far. There is also the problem of running two scanners (GVM default scanner and this one) in the same scan session which I’m not sure is doable. Therefore, I’d like to know your opinion on the following scenarios:
1- Is it possible to chain multiple scanners in a single scan task from the GVM UI so that results from the first scanner could be fed into the second scanner by vgm itself instead of writing a scan “governor” script that launches scan_1 (with default gvm scanner), waits until completion of scan_1, then parses the results, get CPE from the host details of scan_1 (is there a gvm API for get CPE of discovered hosts in a given scan report?), then launch my osp scanner with those CPEs and create a second report
2- Writing a NVT plugin instead of an OSP scanner that has dependency on "product detection NVT family, so when it’s executed by gvm during the scan session it can look for specific KBs (is there a base KB or plugin function such as get_host_cpe?) and insert the additional metadata into the scan results.
Thank you in advance for your help