I am setting up a system that will be scanning around 130k addresses each week. And am looking for advice on optimising the scanning process to complete it as efficiently as possible, ideally without compromising too much on thoroughness. We’ve previously been using Nessus to accomplish this, but due to their increasing prices we’re moving to OpenVAS for the time being. With Nessus it helped to slice the work into chunks of 100 IP addresses. It’s not at all clear to me whether this is a good strategy to continue with OpenVAS.
I have the option of spreading the load over multiple scanners, which we didn’t have with Nessus due to the licensing model.
It’s also not clear to me how best to tune the parameters of /etc/openvassd.conf for the best performance (in my case optimising for speed).
I’d appreciate getting in touch with someone with greater experience on such matters!
P.S. My scanners are running on VMs running Ubuntu 18.04.1 LTS
OpenVAS Scanner 5.1.2
OpenVAS Manager 7.0.3
Greenbone Security Assistant 7.0.3