Discussion:
[Openvas-devel] Problem with reports filter
Juan José Gago Martínez
2016-02-12 09:37:52 UTC
Permalink
Hello, we are developing a software system based on OpenVAS and we have a
problem with the reports filter. We need a combined report filter against
OpenVAS Manager which has on the one hand the typical search criteria, eg:

task~test

task=Test or status=Done



... and on the other hand a filter by severity, eg the following severity
filter will return all reports which have at least one high result or at
least one medium result:

high>0 or medium>0



We need to combine the two aforementioned filters with an AND, eg:

(task=Test or status=Done) and (high>0 or medium>0)



But taking into account the tests that we have made by using GSA, OpenVAS
does not accept parentheses neither using the keyword "and" and "or"
combined on the same search phrase. What could we do for being able to use
our combined filter?



Thank you. Best regards.
Jan-Oliver Wagner
2016-02-17 16:07:28 UTC
Permalink
Post by Juan José Gago Martínez
Hello, we are developing a software system based on OpenVAS and we have a
problem with the reports filter. We need a combined report filter against
task~test
task=Test or status=Done
... and on the other hand a filter by severity, eg the following severity
filter will return all reports which have at least one high result or at
high>0 or medium>0
(task=Test or status=Done) and (high>0 or medium>0)
But taking into account the tests that we have made by using GSA, OpenVAS
does not accept parentheses neither using the keyword "and" and "or"
combined on the same search phrase. What could we do for being able to use
our combined filter?
I guess you can solve this particular case quite easily because
"high>0 or medium>0" is essentially identical to "severity>3.9" if you use
the NVD severity classes (the default).
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Juan José Gago Martínez
2016-02-18 12:27:52 UTC
Permalink
You suggested to use a filter like:

severity>3.9

instead of

high>0 or medium>0

But what if we need to filter by this?

high>0 or low>0

or also:

medium>0 or log>0

Our filter needs to be able to select or unselect any of the severities and
to skip severities, for example as I explained before we need to be able to
select the high and the low but not the medium.

How can we do that?

Thank you.
Best regards.
Jan-Oliver Wagner
2016-03-02 13:25:57 UTC
Permalink
Post by Jan-Oliver Wagner
severity>3.9
instead of
high>0 or medium>0
But what if we need to filter by this?
high>0 or low>0
I tried this for the Reports and it worked.
Post by Jan-Oliver Wagner
Our filter needs to be able to select or unselect any of the severities and
to skip severities, for example as I explained before we need to be able to
select the high and the low but not the medium.
How can we do that?
Well, I am not sure what you are actually after.
However, you always have the option to improve the source code and add the
feature you are missing.
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Continue reading on narkive:
Loading...