Kvasir Security Management
-
This looks like a cool open source tool that is meant for tracking security vulnerabilities among customers. Since there quite a few MSPs on here, I figure somebody may already be using it.
Is anyone using it?
-
Don't know it, but will look into it.
-
Interesting. Have you had a chance to play with it yet? @IRJ
-
@Reid-Cooper said in Kvasir Security Management:
Interesting. Have you had a chance to play with it yet? @IRJ
I am thinking I might spin up a VM and try it.
-
I set it up. I ran into some issues as the installation instructions weren't the best, but it is up and running.
Now I am trying to automatically connect my vulnerability scanners.
-
I'd be interested in hearing if it works with things like OpenVAS and such. The site & github lists a lot of commercial offerings like Nessus and Metasploit pro.
-
@dafyre said in Kvasir Security Management:
I'd be interested in hearing if it works with things like OpenVAS and such. The site & github lists a lot of commercial offerings like Nessus and Metasploit pro.
No OpenVas support as of now, but I hear that and Qualys are coming down the pipe.
-
Ok, I got scan information imported into Kvasir. It is a cool tool, but will not serve my purposes of vulnerability tracking.
Kvasir is really just a way to share scan with a customer instead of giving them 30k page PDFs. So for that purpose the tool is really useful. The customer you are sharing the data with can take notes on each vulnerability, see solutions, see affected IPs, etc.
It also organizes vulnerabilities by categories, hosts, and provides various statistics. You can also perform metasploit attacks straight from Kvasir.