GREENBONE MANAGEMENT PROTOCOL (GMP)
Version 9.0 – Greenbone OS 6.0
Contents
- Summary of Data Types
- Summary of Elements
- Summary of Commands
- RNC Preamble
- Data Type Details
- Element Details
- Command Details
- Compatibility Changes in Version 9.0
1 Summary of Data Types
alive_test | An alive test. |
base64 | Base64 encoded data. |
boolean | A true or false value. |
boolean_atoi | A true or false value, after conversion to an integer. |
ctime | A date and time, in the C `ctime' format. |
type_name | A name of a data type. |
integer | An integer. |
iso_time | A date and time, in ISO 8601 format. |
levels | A string that may include the characters h, m, l, g and d. |
name | A name. |
port | A port. |
port_range | A comma separated list of port ranges, prefixed with "T:" for TCP and "U:" for UDP, allowing whitespace. |
user_list | A space separated list of users. |
oid | An Object Identifier (OID). |
severity | A severity score. |
sort_order | A string describing an order for sorting. |
status | The success or failure status of a command. |
task_status | A task run status. |
task_trend | The trend of results for a task. |
ticket_status | A ticket status. |
threat | A threat level. |
time_unit | A unit of time. |
timezone | A timezone. |
uuid | A Universally Unique Identifier (UUID). |
uuid_or_empty | A Universally Unique Identifier (UUID), or the empty string. |
2 Summary of Elements
c | A reference to a command. |
e | A reference to an element. |
r | A reference to a response. |
o | An optional pattern item. |
g | A group of pattern items. |
any | Pattern item indicating "any number of". |
pattern | The pattern element of a command or command descendant. |
command_definition | Definition of a command in GMP describing HELP command. |
filter_keywords | A group of filter keywords usable in an attribute or element text. |
certificate_info | Info about a certificate. |
note | A note. |
override | An override. |
result | A result. |
report | Actually attributes and either base64 or a report. |
3 Summary of Commands
authenticate | Authenticate with the manager. |
commands | Run a list of commands. |
create_agent | Create an agent. |
create_alert | Create an alert. |
create_asset | Create an asset. |
create_config | Create a config. |
create_credential | Create a credential. |
create_filter | Create a filter. |
create_group | Create a group. |
create_note | Create a note. |
create_override | Create an override. |
create_permission | Create a permission. |
create_port_list | Create a port list. |
create_port_range | Create a port range. |
create_report | Create a report. |
create_report_format | Create a report format. |
create_role | Create a role. |
create_scanner | Create a scanner. |
create_schedule | Create a schedule. |
create_tag | Create a tag. |
create_target | Create a target. |
create_task | Create a task. |
create_ticket | Create a ticket. |
create_tls_certificate | Create a TLS certificate. |
create_user | Create a user. |
delete_agent | Delete an agent. |
delete_asset | Delete an asset. |
delete_config | Delete a config. |
delete_alert | Delete an alert. |
delete_credential | Delete a credential. |
delete_filter | Delete a filter. |
delete_group | Delete a group. |
delete_note | Delete a note. |
delete_override | Delete an override. |
delete_report | Delete a report. |
delete_permission | Delete a permission. |
delete_port_list | Delete a port list. |
delete_port_range | Delete a port range. |
delete_report_format | Delete a report format. |
delete_role | Delete a role. |
delete_scanner | Delete a scanner. |
delete_schedule | Delete a schedule. |
delete_tag | Delete a tag. |
delete_target | Delete a target. |
delete_task | Delete a task. |
delete_ticket | Delete a ticket. |
delete_user | Delete a user. |
describe_auth | Describe authentication methods. |
empty_trashcan | Empty the trashcan. |
get_agents | Get one or many agents. |
get_configs | Get one or many configs. |
get_aggregates | Get aggregates of various resources. |
get_alerts | Get one or many alerts. |
get_assets | Get one or many assets. |
get_credentials | Get one or many credentials. |
get_feeds | Get one or many feeds. |
get_filters | Get one or many filters. |
get_groups | Get one or many groups. |
get_info | Get information for items of given type. |
get_notes | Get one or many notes. |
get_nvts | Get one or many NVTs. |
get_nvt_families | Get a list of all NVT families. |
get_overrides | Get one or many overrides. |
get_permissions | Get one or many permissions. |
get_port_lists | Get one or many port lists. |
get_preferences | Get one or many preferences. |
get_reports | Get one or many reports. |
get_report_formats | Get one or many report formats. |
get_results | Get results. |
get_roles | Get one or many roles. |
get_scanners | Get one or many scanners. |
get_schedules | Get one or many schedules. |
get_settings | Get one or many settings. |
get_system_reports | Get one or many system reports. |
get_tags | Get one or many tags. |
get_targets | Get one or many targets. |
get_tasks | Get one or many tasks. |
get_tickets | Get one or many tickets. |
get_users | Get one or many users. |
get_tls_certificates | Get one or many TLS certificates. |
get_version | Get the Greenbone Management Protocol version. |
get_vulns | Get one or many vulnerabilities. |
help | Get the help text. |
modify_agent | Modify an existing agent. |
modify_alert | Modify an existing alert. |
modify_asset | Modify an existing asset. |
modify_auth | Modify the authentication methods. |
modify_config | Modify an existing config. |
modify_credential | Modify an existing credential. |
modify_filter | Modify an existing filter. |
modify_group | Modify an existing group. |
modify_note | Modify an existing note. |
modify_override | Modify an existing override. |
modify_permission | Modify a permission. |
modify_port_list | Modify an existing port list. |
modify_report | Modify an existing report. |
modify_report_format | Update an existing report format. |
modify_role | Modify an existing role. |
modify_scanner | Modify an existing scanner. |
modify_schedule | Modify an existing schedule. |
modify_setting | Modify an existing setting. |
modify_target | Modify an existing target. |
modify_tag | Modify a tag. |
modify_task | Modify an existing task. |
modify_ticket | Modify an existing ticket. |
modify_tls_certificate | Create a TLS certificate. |
modify_user | Modify an existing user. |
move_task | Moves an existing task to another GMP slave scanner or the master. |
restore | Restore a resource. |
resume_task | Resume a task. |
run_wizard | Run a wizard. |
start_task | Manually start an existing task. |
stop_task | Stop a running task. |
sync_config | Synchronize a config with a scanner. |
test_alert | Run an alert. |
verify_agent | Verify an agent. |
verify_report_format | Verify a report format. |
verify_scanner | Verify a scanner. |
4 RNC Preamble
### Preamble start = command | response command = authenticate | commands | create_agent | create_alert | create_asset | create_config | create_credential | create_filter | create_group | create_note | create_override | create_permission | create_port_list | create_port_range | create_report | create_report_format | create_role | create_scanner | create_schedule | create_tag | create_target | create_task | create_ticket | create_tls_certificate | create_user | delete_agent | delete_asset | delete_config | delete_alert | delete_credential | delete_filter | delete_group | delete_note | delete_override | delete_report | delete_permission | delete_port_list | delete_port_range | delete_report_format | delete_role | delete_scanner | delete_schedule | delete_tag | delete_target | delete_task | delete_ticket | delete_user | describe_auth | empty_trashcan | get_agents | get_configs | get_aggregates | get_alerts | get_assets | get_credentials | get_feeds | get_filters | get_groups | get_info | get_notes | get_nvts | get_nvt_families | get_overrides | get_permissions | get_port_lists | get_preferences | get_reports | get_report_formats | get_results | get_roles | get_scanners | get_schedules | get_settings | get_system_reports | get_tags | get_targets | get_tasks | get_tickets | get_users | get_tls_certificates | get_version | get_vulns | help | modify_agent | modify_alert | modify_asset | modify_auth | modify_config | modify_credential | modify_filter | modify_group | modify_note | modify_override | modify_permission | modify_port_list | modify_report | modify_report_format | modify_role | modify_scanner | modify_schedule | modify_setting | modify_target | modify_tag | modify_task | modify_ticket | modify_tls_certificate | modify_user | move_task | restore | resume_task | run_wizard | start_task | stop_task | sync_config | test_alert | verify_agent | verify_report_format | verify_scanner response = authenticate_response | commands_response | create_agent_response | create_alert_response | create_asset_response | create_config_response | create_credential_response | create_filter_response | create_group_response | create_note_response | create_override_response | create_permission_response | create_port_list_response | create_port_range_response | create_report_response | create_report_format_response | create_role_response | create_scanner_response | create_schedule_response | create_tag_response | create_target_response | create_task_response | create_ticket_response | create_tls_certificate_response | create_user_response | delete_agent_response | delete_asset_response | delete_config_response | delete_alert_response | delete_credential_response | delete_filter_response | delete_group_response | delete_note_response | delete_override_response | delete_report_response | delete_permission_response | delete_port_list_response | delete_port_range_response | delete_report_format_response | delete_role_response | delete_scanner_response | delete_schedule_response | delete_tag_response | delete_target_response | delete_task_response | delete_ticket_response | delete_user_response | describe_auth_response | empty_trashcan_response | get_agents_response | get_configs_response | get_aggregates_response | get_alerts_response | get_assets_response | get_credentials_response | get_feeds_response | get_filters_response | get_groups_response | get_info_response | get_notes_response | get_nvts_response | get_nvt_families_response | get_overrides_response | get_permissions_response | get_port_lists_response | get_preferences_response | get_reports_response | get_report_formats_response | get_results_response | get_roles_response | get_scanners_response | get_schedules_response | get_settings_response | get_system_reports_response | get_tags_response | get_targets_response | get_tasks_response | get_tickets_response | get_users_response | get_tls_certificates_response | get_version_response | get_vulns_response | help_response | modify_agent_response | modify_alert_response | modify_asset_response | modify_auth_response | modify_config_response | modify_credential_response | modify_filter_response | modify_group_response | modify_note_response | modify_override_response | modify_permission_response | modify_port_list_response | modify_report_response | modify_report_format_response | modify_role_response | modify_scanner_response | modify_schedule_response | modify_setting_response | modify_target_response | modify_tag_response | modify_task_response | modify_ticket_response | modify_tls_certificate_response | modify_user_response | move_task_response | restore_response | resume_task_response | run_wizard_response | start_task_response | stop_task_response | sync_config_response | test_alert_response | verify_agent_response | verify_report_format_response | verify_scanner_response
5 Data Type Details
5.1 Data Type alive_test
In short: An alive test.
5.1.1 RNC
alive_test = xsd:token { pattern = "ICMP, TCP Service & ARP Ping|TCP Service & ARP Ping|I↵ CMP & ARP Ping|ICMP & TCP Service Ping|ARP Ping|TCP Service Ping|ICMP Ping|S↵ can Config Default" }
5.2 Data Type base64
In short: Base64 encoded data.
5.2.1 RNC
base64 = xsd:base64Binary
5.3 Data Type boolean
In short: A true or false value.
Zero is false, anything else is true. As a result, the empty string is considered true.
5.3.1 RNC
boolean = text
5.4 Data Type boolean_atoi
In short: A true or false value, after conversion to an integer.
Zero is false, anything else is true. The value is first converted to an integer, as by the C `atoi' routine. This means that an empty string is considered false.
5.4.1 RNC
boolean_atoi = text
5.5 Data Type ctime
In short: A date and time, in the C `ctime' format.
An example string in this format is "Wed Jun 30 21:49:08 1993\n".
5.5.1 RNC
ctime = text
5.6 Data Type type_name
In short: A name of a data type.
5.6.1 RNC
type_name = xsd:Name
5.7 Data Type integer
In short: An integer.
5.7.1 RNC
integer = xsd:integer
5.8 Data Type iso_time
In short: A date and time, in ISO 8601 format.
An example string in this format is "2011-11-08T19:57:06+02:00".
5.8.1 RNC
iso_time = text
5.9 Data Type levels
In short: A string that may include the characters h, m, l, g and d.
5.9.1 RNC
levels = xsd:token { pattern = "h?m?l?g?d?" }
5.10 Data Type name
In short: A name.
Typically this is the name of one of the manager resources, like a task or target.
5.10.1 RNC
name = xsd:string
5.11 Data Type port
In short: A port.
5.11.1 RNC
port = xsd:token { pattern = "[0-9]{1,5}" }
5.12 Data Type port_range
In short: A comma separated list of port ranges, prefixed with "T:" for TCP and "U:" for UDP, allowing whitespace.
5.12.1 RNC
port_range = xsd:token { pattern = "[TU]:[0-9]{1,5}(-[0-9]{1,5})?(,\s*[TU]:[0-9]{1,5}(-[0↵ -9]{1,5})?)*" }
5.13 Data Type user_list
In short: A space separated list of users.
5.13.1 RNC
user_list = text
5.14 Data Type oid
In short: An Object Identifier (OID).
5.14.1 RNC
oid = xsd:token { pattern = "[0-9\.]{1,80}" }
5.15 Data Type severity
In short: A severity score.
A severity score is a decimal number between 0.0 and 10.0 (inclusive) with one digit after the decimal point or a special negative value (-1.0, -2.0 or -3.0). If a single severity score defines a constraint, e.g. on whether an override applies, for values 0.0 and lower the severity must be equal to match while for > 0.0 the compared value must be greater or equal.
5.15.1 RNC
severity = xsd:token { pattern = "-[1-3](\.0)?|[0-9](\.[0-9])?|10(\.0)?" }
5.16 Data Type sort_order
In short: A string describing an order for sorting.
The string "descending" denotes descending order, anything else means ascending.
5.16.1 RNC
sort_order = text
5.17 Data Type status
In short: The success or failure status of a command.
5.17.1 RNC
status = xsd:token { pattern = "200|201|202|400|401|403|404|409|500|503" }
5.18 Data Type task_status
In short: A task run status.
5.18.1 RNC
task_status = xsd:token { pattern = "Delete Requested|Done|New|Requested|Running|Stop Requ↵ ested|Stopped|Interrupted" }
5.19 Data Type task_trend
In short: The trend of results for a task.
5.19.1 RNC
task_trend = xsd:token { pattern = "up|down|more|less|same" }
5.20 Data Type ticket_status
In short: A ticket status.
5.20.1 RNC
ticket_status = xsd:token { pattern = "Open|Fixed|Fix Verified|Closed" }
5.21 Data Type threat
In short: A threat level.
Threat levels are a classification of severity scores only supported for importing reports from OpenVAS-6 and older. The use of these elements is deprecated as they are otherwise replaced by severity elements, which should be used instead.
5.21.1 RNC
threat = xsd:token { pattern = "High|Medium|Low|Alarm|Log|Debug" }
5.22 Data Type time_unit
In short: A unit of time.
5.22.1 RNC
time_unit = xsd:token { pattern = "second|minute|hour|day|week|month|year|decade" }
5.23 Data Type timezone
In short: A timezone.
The format of a timezone is the same as that of the TZ environment variable on GNU/Linux systems. That is, the same value accepted by the tzset C function. There are three versions of the format. Note the lack of spaces in the examples.
"std offset" defines a simple timezone. For example, "FOO+2" defines a timezone FOO which is 2 hours behind UTC.
"std offset dst [offset],start[/time],end[/time]" defines a timezone, including daylight savings time. For example, "NZST-12.00:00NZDT-13:00:00,M10.1.0,M3.3.0".
":[filespec]" refers to a predefined timezone. For example, ":Africa/Johannesburg". Note that the colon is optional. Certain acronyms are predefined, such as GB, NZ and CET.
5.23.1 RNC
timezone = text
5.24 Data Type uuid
In short: A Universally Unique Identifier (UUID).
5.24.1 RNC
uuid = xsd:token { pattern = "[0-9abcdefABCDEF\-]{1,40}" }
5.25 Data Type uuid_or_empty
In short: A Universally Unique Identifier (UUID), or the empty string.
5.25.1 RNC
uuid_or_empty = xsd:token { pattern = "[0-9abcdefABCDEF\-]{0,40}" }
6 Element Details
6.1 Element c
In short: A reference to a command.
6.1.1 Structure
6.1.2 RNC
c = element c { text }
6.2 Element e
In short: A reference to an element.
6.2.1 Structure
6.2.2 RNC
e = element e { text }
6.3 Element r
In short: A reference to a response.
6.3.1 Structure
6.3.2 RNC
r = element r { text }
6.4 Element o
In short: An optional pattern item.
6.4.1 Structure
6.4.2 RNC
o = element o { ( c | e | r | g ) }
6.5 Element g
In short: A group of pattern items.
6.5.1 Structure
6.5.2 RNC
g = element g { c* & e* & r* & o* & any* }
6.6 Element any
In short: Pattern item indicating "any number of".
6.6.1 Structure
6.6.2 RNC
any = element any { ( c | e | r | g ) }
6.7 Element pattern
In short: The pattern element of a command or command descendant.
It's actually either a 't' element, or the word "text", or "".
6.7.1 Structure
-
<attrib>
*An attribute.
-
<name>
-
<type>
-
<required>
-
<filter_keywords>
*Optional description of filter keywords usable in the attribute.
-
<name>
-
<c>
*A reference to a command.
-
<e>
*A reference to an element.
-
<r>
*A reference to a response.
-
<o>
*An optional pattern item.
-
<g>
*A group of pattern items.
-
<any>
*Pattern item indicating "any number of".
-
<t>
?The type of the text of the element.
-
<attrib>
*
6.7.2 RNC
pattern = element pattern { text & pattern_attrib* & c* & e* & r* & o* & g* & any* & pattern_t? } pattern_attrib = element attrib { pattern_attrib_name & pattern_attrib_type & pattern_attrib_required & pattern_attrib_filter_keywords* } pattern_attrib_name = element name { type_name } pattern_attrib_type = element type { type_name } pattern_attrib_required = element required { boolean } pattern_attrib_filter_keywords = element filter_keywords { filter_keywords } pattern_t = element t { type_name }
6.8 Element command_definition
In short: Definition of a command in GMP describing HELP command.
6.8.1 Structure
-
<name>
The name of the command.
-
<summary>
?A summary of the command.
-
<description>
?A description of the command.
-
<p>
*A paragraph.
-
<p>
*
- One of
-
<example>
*
-
<summary>
?
-
<description>
?
-
<request>
Example request.
-
<response>
Response to example request.
-
<summary>
?
-
<name>
6.8.2 RNC
command_definition = element command_definition { command_definition_name & command_definition_summary? & command_definition_description? & ( ( command_definition_pattern & command_definition_response ) | ( command_definition_type & command_definition_ele* ) ) & command_definition_example* } command_definition_name = element name { type_name } command_definition_summary = element summary { text } command_definition_description = element description { text & command_definition_description_p* } command_definition_description_p = element p { text } command_definition_pattern = element pattern # type pattern { text & pattern_attrib* & c* & e* & r* & o* & g* & any* & pattern_t? } command_definition_response = element response # type pattern { text & pattern_attrib* & c* & e* & r* & o* & g* & any* & pattern_t? } command_definition_example = element example { command_definition_example_summary? & command_definition_example_description? & command_definition_example_request & command_definition_example_response } command_definition_example_summary = element summary { text } command_definition_example_description = element description { text } command_definition_example_request = element request { text } command_definition_example_response = element response { text } command_definition_type = element type { text } command_definition_ele = element ele # type command_definition { command_definition_name & command_definition_summary? & command_definition_description? & ( ( command_definition_pattern & command_definition_response ) | ( command_definition_type & command_definition_ele* ) ) & command_definition_example* }
6.9 Element filter_keywords
In short: A group of filter keywords usable in an attribute or element text.
6.9.1 Structure
-
<condition>
?Description of the condition under which the group of keywords applies.
-
<column>
*A column that can be used multiple times with operators and in sorting.
-
<name>
Name of the keyword as used in the filter.
-
<type>
Type of the values the keyword can use.
-
<summary>
Short description of the keyword.
-
<name>
-
<option>
*An option only applied once which cannot be used with operators or in sorting.
-
<name>
Name of the keyword as used in the filter.
-
<type>
Type of the values the keyword can use.
-
<summary>
Short description of the keyword.
-
<name>
-
<condition>
?
6.9.2 RNC
filter_keywords = element filter_keywords { filter_keywords_condition? & filter_keywords_column* & filter_keywords_option* } filter_keywords_condition = element condition { text } filter_keywords_column = element column { filter_keywords_column_name & filter_keywords_column_type & filter_keywords_column_summary } filter_keywords_column_name = element name { name } filter_keywords_column_type = element type { type_name } filter_keywords_column_summary = element summary { text } filter_keywords_option = element option { filter_keywords_option_name & filter_keywords_option_type & filter_keywords_option_summary } filter_keywords_option_name = element name { name } filter_keywords_option_type = element type { type_name } filter_keywords_option_summary = element summary { text }
6.10 Element certificate_info
In short: Info about a certificate.
6.10.1 Structure
-
<time_status>
Whether the certificate is valid, expired or not active yet.
-
<activation_time>
Time before which the certificate is not valid.
-
<expiration_time>
Time after which the certificate is no longer valid.
-
<issuer>
DN of the issuer of the certificate.
-
<md5_fingerprint>
MD5 fingerprint of the certificate.
-
<time_status>
6.10.2 RNC
certificate_info = element certificate_info { certificate_info_time_status & certificate_info_activation_time & certificate_info_expiration_time & certificate_info_issuer & certificate_info_md5_fingerprint } certificate_info_time_status = element time_status { xsd:token { pattern = "expired|inactive|unknown|valid" } } certificate_info_activation_time = element activation_time { text } certificate_info_expiration_time = element expiration_time { text } certificate_info_issuer = element issuer { text } certificate_info_md5_fingerprint = element md5_fingerprint { text }
6.11 Element note
In short: A note.
6.11.1 Structure
- @id (uuid)
-
<permissions>
Permissions that the current user has on the note.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<owner>
Owner of the note.
-
<name>
The name of the owner.
-
<name>
-
<nvt>
- @oid (oid)
-
<name>
-
<type>
The type of the NVT: nvt, cve, ovaldef, ....
-
<text>
The text of the note.
- @excerpt (boolean) Whether the content is an excerpt of the full text.
-
<creation_time>
Date and time the note was created.
-
<modification_time>
Date and time the note was last modified.
-
<writable>
-
<in_use>
-
<active>
Whether the note is active.
-
<orphan>
Whether the note is an orphan.
-
<user_tags>
?Info on tags attached to the note.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
The group?
-
<hosts>
A comma-separated list of hosts.
-
<port>
Port to which note applies.
-
<severity>
Severity to which note applies.
-
<threat>
Threat level to which note applies.
-
<task>
Task to which note applies.
- @id (uuid)
-
<end_time>
?End time of the note in case of limit, else empty.
-
<result>
?Result to which note applies.
- @id (uuid)
-
<host>
-
<asset>
Asset linked to host.
- @asset_id (uuid)
-
<asset>
-
<port>
-
<nvt>
- @oid (oid)
-
<name>
-
<type>
The type of the NVT: nvt, cve, ovaldef, ....
-
<cvss_base>
-
<cve>
?CVE value associated with the NVT.
-
<bid>
?BID associated with the NVT.
-
<severity>
-
<threat>
-
<qod>
The quality of detection (QoD) of the result.
-
<value>
The numeric QoD value.
-
<type>
The QoD type.
-
<value>
-
<description>
-
<hosts>
6.11.2 RNC
note = element note { attribute id { uuid } & note_permissions & note_owner & note_nvt & note_text & note_creation_time & note_modification_time & note_writable & note_in_use & note_active & note_orphan & note_user_tags? & ( note_hosts & note_port & note_severity & note_threat & note_task & note_end_time? & note_result? )? } note_permissions = element permissions { note_permissions_permission* } note_permissions_permission = element permission { note_permissions_permission_name } note_permissions_permission_name = element name { name } note_owner = element owner { note_owner_name } note_owner_name = element name { name } note_nvt = element nvt { attribute oid { oid } & note_nvt_name & note_nvt_type } note_nvt_name = element name { name } note_nvt_type = element type { text } note_creation_time = element creation_time { iso_time } note_modification_time = element modification_time { iso_time } note_writable = element writable { boolean } note_in_use = element in_use { boolean } note_active = element active { boolean } note_text = element text { text & attribute excerpt { boolean } } note_orphan = element orphan { boolean } note_user_tags = element user_tags { note_user_tags_count & note_user_tags_tag* } note_user_tags_count = element count { integer } note_user_tags_tag = element tag { attribute id { uuid } & note_user_tags_tag_name & note_user_tags_tag_value & note_user_tags_tag_comment } note_user_tags_tag_name = element name { text } note_user_tags_tag_value = element value { text } note_user_tags_tag_comment = element comment { text } note_hosts = element hosts { text } note_port = element port { text } note_severity = element severity { severity } note_threat = element threat { threat } note_task = element task { attribute id { uuid } } note_active = element active { integer } note_end_time = element end_time { text } note_result = element result { attribute id { uuid } & note_result_host & note_result_port & note_result_nvt & note_result_severity & note_result_threat & note_result_qod & note_result_description } note_result_host = element host { text & note_result_host_asset } note_result_host_asset = element asset { attribute asset_id { uuid } } note_result_port = element port { text } note_result_nvt = element nvt { attribute oid { oid } & note_result_nvt_name & note_result_nvt_type & note_result_nvt_cvss_base & note_result_nvt_cve? & note_result_nvt_bid? } note_result_nvt_name = element name { name } note_result_nvt_type = element type { text } note_result_nvt_cvss_base = element cvss_base { text } note_result_nvt_cve = element cve { text } note_result_nvt_bid = element bid { integer } note_result_severity = element severity { severity } note_result_threat = element threat { threat } note_result_qod = element qod { note_result_qod_value & note_result_qod_type } note_result_qod_value = element value { integer } note_result_qod_type = element type { text } note_result_description = element description { text }
6.12 Element override
In short: An override.
6.12.1 Structure
- @id (uuid)
-
<permissions>
Permissions that the current user has on the note.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<owner>
Owner of the override.
-
<name>
-
<name>
-
<nvt>
- @oid (oid)
-
<name>
-
<type>
The type of the NVT: nvt, cve, ovaldef, ....
-
<creation_time>
Date and time the override was created.
-
<modification_time>
Date and time the override was last modified.
-
<writable>
-
<in_use>
-
<active>
Whether the override is currently active.
-
<text>
The text of the override.
- @excerpt (boolean) Whether the contents is an excerpt of the full text.
-
<threat>
Threat level to which override applies, derived from severity.
-
<severity>
Severity score to which override applies.
-
<new_threat>
New threat for result.
-
<new_severity>
New severity score for result.
-
<orphan>
Whether the override is an orphan.
-
<permissions>
Permissions that the current user has on the note.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the override.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
The group?
-
<hosts>
A comma-separated list of hosts.
-
<port>
Port to which override applies.
-
<task>
Task to which override applies.
- @id (uuid)
-
<end_time>
?Override end time in case of limit, else empty.
-
<result>
?Result to which override applies.
- @id (uuid)
-
<host>
-
<asset>
Asset linked to host.
- @asset_id (uuid)
-
<asset>
-
<port>
-
<nvt>
- @oid (oid)
-
<name>
-
<type>
The type of the NVT: nvt, cve, ovaldef, ....
-
<cvss_base>
-
<cve>
?CVE value associated with the NVT.
-
<bid>
?BID associated with the NVT.
-
<threat>
-
<severity>
-
<qod>
The quality of detection (QoD) of the result.
-
<value>
The numeric QoD value.
-
<type>
The QoD type.
-
<value>
-
<description>
-
<hosts>
6.12.2 RNC
override = element override { attribute id { uuid } & override_permissions & override_owner & override_nvt & override_creation_time & override_modification_time & override_writable & override_in_use & override_active & override_text & override_threat & override_severity & override_new_threat & override_new_severity & override_orphan & override_permissions & override_user_tags? & ( override_hosts & override_port & override_task & override_end_time? & override_result? )? } override_permissions = element permissions { override_permissions_permission* } override_permissions_permission = element permission { override_permissions_permission_name } override_permissions_permission_name = element name { name } override_owner = element owner { override_owner_name } override_owner_name = element name { name } override_nvt = element nvt { attribute oid { oid } & override_nvt_name & override_nvt_type } override_nvt_name = element name { name } override_nvt_type = element type { text } override_creation_time = element creation_time { iso_time } override_modification_time = element modification_time { iso_time } override_writable = element writable { boolean } override_in_use = element in_use { boolean } override_active = element active { boolean } override_text = element text { text & attribute excerpt { boolean } } override_threat = element threat { threat } override_severity = element severity { severity } override_new_threat = element new_threat { threat } override_new_severity = element new_severity { severity } override_orphan = element orphan { boolean } override_user_tags = element user_tags { override_user_tags_count & override_user_tags_tag* } override_user_tags_count = element count { integer } override_user_tags_tag = element tag { attribute id { uuid } & override_user_tags_tag_name & override_user_tags_tag_value & override_user_tags_tag_comment } override_user_tags_tag_name = element name { text } override_user_tags_tag_value = element value { text } override_user_tags_tag_comment = element comment { text } override_hosts = element hosts { text } override_port = element port { text } override_task = element task { attribute id { uuid } } override_active = element active { integer } override_end_time = element end_time { text } override_result = element result { attribute id { uuid } & override_result_host & override_result_port & override_result_nvt & override_result_threat & override_result_severity & override_result_qod & override_result_description } override_result_host = element host { text & override_result_host_asset } override_result_host_asset = element asset { attribute asset_id { uuid } } override_result_port = element port { text } override_result_nvt = element nvt { attribute oid { oid } & override_result_nvt_name & override_result_nvt_type & override_result_nvt_cvss_base & override_result_nvt_cve? & override_result_nvt_bid? } override_result_nvt_name = element name { name } override_result_nvt_type = element type { text } override_result_nvt_cvss_base = element cvss_base { text } override_result_nvt_cve = element cve { text } override_result_nvt_bid = element bid { integer } override_result_threat = element threat { threat } override_result_severity = element severity { severity } override_result_qod = element qod { override_result_qod_value & override_result_qod_type } override_result_qod_value = element value { integer } override_result_qod_type = element type { text } override_result_description = element description { text }
6.13 Element result
In short: A result.
6.13.1 Structure
- @id (uuid)
-
<name>
The name of the result.
-
<owner>
Owner of the result.
-
<name>
The name of the owner.
-
<name>
-
<comment>
The comment on the result.
-
<creation_time>
Date and time the result was created.
-
<modification_time>
Date and time the result was last modified.
-
<user_tags>
?Info on tags attached to the result (not in delta results).
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<report>
?Report the result belongs to (only when details were requested).
- @id (uuid) UUID of the report the result belongs to.
-
<task>
?Task the result applies to (only when details were requested).
- @id (uuid) UUID of the task the result applies to.
-
<name>
Name of the task the result applies to.
-
<host>
The host the result applies to.
-
<asset>
Asset linked to host.
- @asset_id (uuid)
-
<hostname>
If available, the hostname the result was created for, else the one from host details.
-
<asset>
-
<port>
The port on the host.
-
<nvt>
NVT to which result applies.
- @oid (oid)
-
<name>
The name of the NVT.
-
<type>
The type of the NVT: nvt, cve, ovaldef, ....
-
<family>
The family the NVT is in.
-
<cvss_base>
CVSS base value associated with the NVT.
-
<cpe>
The CPE which produced the CVE (for "cve" results).
-
<tags>
Tags associated with the NVT.
-
<refs>
List of references of various types for this vulnerability test.
-
<ref>
*A reference.
- @id (text) ID of the reference.
- @type (text) Type of the reference, for example "cve", "bid", "dfn-cert", "cert-bund".
-
<ref>
*
-
<scan_nvt_version>
Version of the NVT used in the scan.
-
<threat>
-
<severity>
-
<qod>
The quality of detection (QoD) of the result.
-
<value>
The numeric QoD value.
-
<type>
The QoD type.
-
<value>
-
<original_threat>
?Original threat when overridden.
-
<original_severity>
?Original severity when overridden.
-
<description>
Description of the result.
-
<delta>
?Delta state.
-
<detection>
?Detection details.
-
<result>
Detection result.
- @id (uuid) UUID of the detection result.
-
<details>
-
<detail>
*A detail associated with the detection result.
-
<name>
The name of the detail.
-
<value>
The value of the detail.
-
<name>
-
<detail>
*
-
<result>
-
<notes>
?List of notes on the result.
-
<note>
*(note)
-
<note>
*
-
<overrides>
?List of overrides on the result.
-
<override>
*(override)
-
<override>
*
-
<tickets>
?List of tickets on the result.
-
<ticket>
*
- @id (uuid)
-
<ticket>
*
6.13.2 RNC
result = element result { attribute id { uuid } & result_name & result_owner & result_comment & result_creation_time & result_modification_time & result_user_tags? & result_report? & result_task? & result_host & result_port & result_nvt & result_scan_nvt_version & result_threat & result_severity & result_qod & result_original_threat? & result_original_severity? & result_description & result_delta? & result_detection? & result_notes? & result_overrides? & result_tickets? } result_name = element name { text } result_owner = element owner { result_owner_name } result_owner_name = element name { name } result_comment = element comment { text } result_creation_time = element creation_time { iso_time } result_modification_time = element modification_time { iso_time } result_user_tags = element user_tags { result_user_tags_count & result_user_tags_tag* } result_user_tags_count = element count { integer } result_user_tags_tag = element tag { attribute id { uuid } & result_user_tags_tag_name & result_user_tags_tag_value & result_user_tags_tag_comment } result_user_tags_tag_name = element name { text } result_user_tags_tag_value = element value { text } result_user_tags_tag_comment = element comment { text } result_report = element report { attribute id { uuid } } result_task = element task { attribute id { uuid } & result_task_name } result_task_name = element name { text } result_host = element host { text & result_host_asset & result_host_hostname } result_host_asset = element asset { attribute asset_id { uuid } } result_host_hostname = element hostname { text } result_port = element port { text } result_nvt = element nvt { attribute oid { oid } & result_nvt_name & result_nvt_type & result_nvt_family & result_nvt_cvss_base & result_nvt_cpe & result_nvt_tags & result_nvt_refs } result_nvt_name = element name { name } result_nvt_type = element type { text } result_nvt_family = element family { name } result_nvt_cvss_base = element cvss_base { integer } result_nvt_cpe = element cpe { text } result_nvt_tags = element tags { text } result_nvt_refs = element refs { result_nvt_refs_ref* } result_nvt_refs_ref = element ref { attribute id { text }? & attribute type { text }? } result_scan_nvt_version = element scan_nvt_version { text } result_threat = element threat { threat } result_severity = element severity { severity } result_qod = element qod { result_qod_value & result_qod_type } result_qod_value = element value { integer } result_qod_type = element type { text } result_original_threat = element original_threat { threat } result_original_severity = element original_severity { severity } result_description = element description { text } result_delta = element delta { text & result_delta_result? & result_delta_diff? & result_delta_notes? & result_delta_overrides? } result_delta_result = element result # type result { attribute id { uuid } & result_name & result_owner & result_comment & result_creation_time & result_modification_time & result_user_tags? & result_report? & result_task? & result_host & result_port & result_nvt & result_scan_nvt_version & result_threat & result_severity & result_qod & result_original_threat? & result_original_severity? & result_description & result_delta? & result_detection? & result_notes? & result_overrides? & result_tickets? } result_delta_diff = element diff # type text { } result_delta_notes = element notes { result_delta_notes_note* } result_delta_notes_note = element note # type note { attribute id { uuid } & note_permissions & note_owner & note_nvt & note_text & note_creation_time & note_modification_time & note_writable & note_in_use & note_active & note_orphan & note_user_tags? & ( note_hosts & note_port & note_severity & note_threat & note_task & note_end_time? & note_result? )? } result_delta_overrides = element overrides { result_delta_overrides_override* } result_delta_overrides_override = element override # type override { attribute id { uuid } & override_permissions & override_owner & override_nvt & override_creation_time & override_modification_time & override_writable & override_in_use & override_active & override_text & override_threat & override_severity & override_new_threat & override_new_severity & override_orphan & override_permissions & override_user_tags? & ( override_hosts & override_port & override_task & override_end_time? & override_result? )? } result_detection = element detection { result_detection_result } result_detection_result = element result { attribute id { uuid } & result_detection_result_details } result_detection_result_details = element details { result_detection_result_details_detail* } result_detection_result_details_detail = element detail { result_detection_result_details_detail_name & result_detection_result_details_detail_value } result_detection_result_details_detail_name = element name { text } result_detection_result_details_detail_value = element value { text } result_notes = element notes { result_notes_note* } result_notes_note = element note # type note { attribute id { uuid } & note_permissions & note_owner & note_nvt & note_text & note_creation_time & note_modification_time & note_writable & note_in_use & note_active & note_orphan & note_user_tags? & ( note_hosts & note_port & note_severity & note_threat & note_task & note_end_time? & note_result? )? } result_overrides = element overrides { result_overrides_override* } result_overrides_override = element override # type override { attribute id { uuid } & override_permissions & override_owner & override_nvt & override_creation_time & override_modification_time & override_writable & override_in_use & override_active & override_text & override_threat & override_severity & override_new_threat & override_new_severity & override_orphan & override_permissions & override_user_tags? & ( override_hosts & override_port & override_task & override_end_time? & override_result? )? } result_tickets = element tickets { result_tickets_ticket* } result_tickets_ticket = element ticket { attribute id { uuid } }
6.14 Element report
In short: Actually attributes and either base64 or a report.
6.14.1 Structure
- @id (uuid)
- @format_id (uuid)
- @extension (text)
- @content_type (text)
- @type ("scan" or "assets")
-
<owner>
Owner of the report.
-
<name>
The name of the owner.
-
<name>
-
<name>
Creation time as compatibility placeholder.
-
<comment>
The comment on the report.
-
<creation_time>
Date and time the report was created.
-
<modification_time>
Date and time the report was last modified.
-
<writable>
Whether the report is writable.
-
<in_use>
Whether the report is in use.
-
<task>
The task the report belongs to.
- @id (uuid)
-
<name>
The name of the task.
-
<report_format>
The report format used.
- @id (uuid)
-
<name>
The name of the report format.
-
<report>
- @id (uuid)
- @type ("scan" or "assets")
-
<gmp>
Information of the GMP server.
-
<version>
The GMP version.
-
<version>
-
<report_format>
-
<param>
Report format parameter.
-
<name>
Parameter name.
-
<value>
Parameter value.
-
<name>
-
<param>
-
<sort>
Result sorting information.
-
<field>
Sort field.
-
<order>
Sort order of field.
-
<order>
-
<field>
-
<filters>
Result filtering information.
- @id (uuid) Filter used if any, else 0.
-
<term>
Filter term.
-
<phrase>
Search phrase.
-
<notes>
Whether notes are included.
-
<overrides>
Whether overrides are included.
-
<apply_overrides>
Whether overrides are applied.
-
<result_hosts_only>
Whether only those hosts that have results are included.
-
<min_qod>
Minimum QoD if in effect, else empty string.
-
<autofp>
Whether to trust vendor security updates. 1 full match, 2 partial.
-
<filter>
*Level filter.
-
<delta>
?Delta states.
-
<changed>
Whether changed results are included.
-
<gone>
Whether results that have vanished are included.
-
<new>
Whether new results are included.
-
<same>
Whether results that are equal are included.
-
<changed>
-
<severity_class>
-
<name>
Short severity class name.
-
<full_name>
Full severity class name.
-
<severity_range>
*Severity range.
-
<name>
Name of severity range.
-
<min>
Minimum CVSS value.
-
<max>
Maximum CVSS value.
-
<name>
-
<name>
-
<delta>
?
-
<report>
Second report, for delta reports.
- @id (uuid)
-
<scan_run_status>
Run status of task scan at time of report.
-
<timestamp>
The time the scan was requested.
-
<scan_start>
Start time of scan.
-
<scan_end>
End time of scan.
-
<report>
-
The group?
-
<timezone>
Name of timezone used for dates.
-
<timezone_abbrev>
Abbreviation used for timezone.
-
<permissions>
Permissions that the current user has on the report.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the report.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<scan_run_status>
Run status of task scan at time of report.
-
<result_count>
Counts of results produced by scan.
-
<full>
Total number of results produced by scan.
-
<filtered>
Number of results after filtering.
-
<debug>
Number of "debug" results (threat level Debug).
-
<full>
Total number of results.
-
<filtered>
Number of results after filtering.
-
<full>
-
<hole>
Number of "hole" results (threat level High).
-
<full>
Total number of results.
-
<filtered>
Number of results after filtering.
-
<full>
-
<info>
Number of "info" results (threat level Low).
-
<full>
Total number of results.
-
<filtered>
Number of results after filtering.
-
<full>
-
<log>
Number of "log" results (threat level Log).
-
<full>
Total number of results.
-
<filtered>
Number of results after filtering.
-
<full>
-
<warning>
Number of "warning" results (threat level Medium).
-
<full>
Total number of results.
-
<filtered>
Number of results after filtering.
-
<full>
-
<full>
-
<severity>
-
<full>
Maximum severity of the full report.
-
<filtered>
Maximum severity of the report after filtering.
-
<full>
-
<task>
- @id (uuid)
-
<name>
The name of the task.
-
<comment>
Comment for the task.
-
<target>
The target of the task.
-
<progress>
The percentage of the task that is complete.
-
<user_tags>
?Info on tags attached to the task.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag.
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<scan>
Info from scan time.
-
<task>
-
<slave>
The task slave.
- @id (uuid)
-
<name>
-
<host>
-
<port>
-
<preferences>
Currently only "source_iface".
-
<preference>
*
-
<name>
Full name of preference, suitable for end users.
-
<scanner_name>
Compact name of preference, from scanner.
-
<value>
-
<name>
-
<preference>
*
-
<slave>
-
<task>
- <ports>
- <results>
- <hosts>
-
<closed_cves>
.
-
<count>
The number of closed CVEs.
-
<count>
-
<vulns>
.
-
<count>
The number of Vulnerabilities.
-
<count>
-
<os>
.
-
<count>
The number of operating systems.
-
<count>
-
<apps>
.
-
<count>
The number of Applications.
-
<count>
-
<ssl_certs>
.
-
<count>
The number of SSL certificates.
-
<count>
-
<host>
*
-
<ip>
IP of the host.
-
<asset>
Asset linked to host.
- @asset_id (uuid)
-
<start>
Scan start time for this host.
-
<end>
Scan end time for this host.
-
<port_count>
.
-
<page>
Number of ports of current host on current page.
-
<page>
-
<result_count>
.
-
<page>
Total number of results for current host on current page.
-
<hole>
Number of "hole" results (level "High").
-
<page>
Number of results on current page.
-
<page>
-
<warning>
Number of "warning" results (level "Medium").
-
<page>
Number of results on current page.
-
<page>
-
<info>
Number of "info" results (level "Low").
-
<page>
Number of results on current page.
-
<page>
-
<log>
Number of "log" results.
-
<page>
Number of results on current page.
-
<page>
-
<false_positive>
Number of "false positive" results.
-
<page>
Number of results on current page.
-
<page>
-
<page>
-
<detail>
*A detail associated with the host.
-
<name>
The name of the detail.
-
<value>
The value of the detail.
-
<source>
Where the detail comes from.
-
<type>
The type of the detail source.
-
<name>
The name of the detail source.
-
<description>
A description of the detail source.
-
<type>
-
<extra>
Extra info (NVT CVSS for closed CVE results).
-
<name>
-
<ip>
-
<timestamp>
The time the scan was requested.
-
<scan_start>
Start time of scan.
-
<scan_end>
End time of scan.
-
<errors>
-
<count>
The number of error messages.
-
<error>
*An error message.
-
<host>
The host of the error message.
-
<asset>
Asset linked to host.
- @asset_id (uuid)
-
<asset>
-
<port>
The port of the error message.
-
<description>
The description of the error message.
-
<nvt>
The NVT that generated the error message.
- @oid ()
-
<name>
The name of the NVT.
-
<type>
The type of the NVT: nvt, cve, ovaldef, ....
-
<cvss_base>
The base CVSS score of the NVT.
-
<scan_nvt_version>
The NVT version that generated the error.
-
<severity>
The severity score of the error message.
-
<host>
-
<count>
-
<timezone>
6.14.2 RNC
report = element report { text # RNC limitation: base64 & attribute id { uuid } & attribute format_id { uuid } & attribute extension { text } & attribute content_type { text } & attribute type { xsd:token { pattern = "scan|assets" } }? & report_owner & report_name & report_comment & report_creation_time & report_modification_time & report_writable & report_in_use & report_task & report_report_format & report_report } report_owner = element owner { report_owner_name } report_owner_name = element name { name } report_name = element name { "" } report_comment = element comment { text } report_creation_time = element creation_time { iso_time } report_modification_time = element modification_time { iso_time } report_in_use = element in_use { boolean } report_writable = element writable { boolean } report_task = element task { attribute id { uuid } & report_task_name } report_task_name = element name { name } report_report_format = element report_format { attribute id { uuid } & report_report_format_name } report_report_format_name = element name { name } report_report = element report { attribute id { uuid } & attribute type { xsd:token { pattern = "scan|assets" } }? & report_report_gmp & report_report_report_format & report_report_sort & report_report_filters & report_report_severity_class & report_report_delta? & ( report_report_timezone & report_report_timezone_abbrev & report_report_permissions & report_report_user_tags? & report_report_scan_run_status & report_report_result_count & report_report_severity & report_report_task & report_report_scan & report_report_ports & report_report_results & report_report_hosts & report_report_closed_cves & report_report_vulns & report_report_os & report_report_apps & report_report_ssl_certs & report_report_host* & report_report_timestamp & report_report_scan_start & report_report_scan_end & report_report_errors )? } report_report_gmp = element gmp { report_report_gmp_version } report_report_gmp_version = element version { text } report_report_report_format = element report_format { report_report_report_format_param } report_report_report_format_param = element param { report_report_report_format_param_name & report_report_report_format_param_value } report_report_report_format_param_name = element name { text } report_report_report_format_param_value = element value { text } report_report_delta = element delta { report_report_delta_report } report_report_delta_report = element report { attribute id { uuid } & report_report_delta_report_scan_run_status & report_report_delta_report_timestamp & report_report_delta_report_scan_start & report_report_delta_report_scan_end } report_report_delta_report_scan_run_status = element scan_run_status { task_status } report_report_delta_report_timestamp = element timestamp { iso_time } report_report_delta_report_scan_start = element scan_start { iso_time } report_report_delta_report_scan_end = element scan_end { iso_time } report_report_sort = element sort { report_report_sort_field } report_report_sort_field = element field { text & report_report_sort_field_order } report_report_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } report_report_filters = element filters { text # RNC limitation: levels & attribute id { uuid }? & report_report_filters_term & report_report_filters_phrase & report_report_filters_notes & report_report_filters_overrides & report_report_filters_apply_overrides & report_report_filters_result_hosts_only & report_report_filters_min_qod & report_report_filters_autofp & report_report_filters_filter* & report_report_filters_delta? } report_report_filters_term = element term { text } report_report_filters_phrase = element phrase { text } report_report_filters_notes = element notes { xsd:token { pattern = "0|1" } } report_report_filters_overrides = element overrides { xsd:token { pattern = "0|1" } } report_report_filters_apply_overrides = element apply_overrides { xsd:token { pattern = "0|1" } } report_report_filters_result_hosts_only = element result_hosts_only { xsd:token { pattern = "0|1" } } report_report_filters_min_qod = element min_qod { text } report_report_filters_autofp = element autofp { xsd:token { pattern = "0|1|2" } } report_report_filters_filter = element filter { xsd:token { pattern = "High|Medium|Low|Log|Debug" } } report_report_filters_delta = element delta { text & report_report_filters_delta_changed & report_report_filters_delta_gone & report_report_filters_delta_new & report_report_filters_delta_same } report_report_filters_delta_changed = element changed { boolean } report_report_filters_delta_gone = element gone { boolean } report_report_filters_delta_new = element new { boolean } report_report_filters_delta_same = element same { boolean } report_report_timezone = element timezone { timezone } report_report_timezone_abbrev = element timezone_abbrev { text } report_report_permissions = element permissions { report_report_permissions_permission* } report_report_permissions_permission = element permission { report_report_permissions_permission_name } report_report_permissions_permission_name = element name { name } report_report_user_tags = element user_tags { report_report_user_tags_count & report_report_user_tags_tag* } report_report_user_tags_count = element count { integer } report_report_user_tags_tag = element tag { attribute id { uuid } & report_report_user_tags_tag_name & report_report_user_tags_tag_value & report_report_user_tags_tag_comment } report_report_user_tags_tag_name = element name { text } report_report_user_tags_tag_value = element value { text } report_report_user_tags_tag_comment = element comment { text } report_report_scan_run_status = element scan_run_status { task_status } report_report_result_count = element result_count { text & report_report_result_count_full & report_report_result_count_filtered & report_report_result_count_debug & report_report_result_count_hole & report_report_result_count_info & report_report_result_count_log & report_report_result_count_warning } report_report_result_count_full = element full { integer } report_report_result_count_filtered = element filtered { integer } report_report_result_count_debug = element debug { report_report_result_count_debug_full & report_report_result_count_debug_filtered } report_report_result_count_debug_full = element full { integer } report_report_result_count_debug_filtered = element filtered { integer } report_report_result_count_hole = element hole { report_report_result_count_hole_full & report_report_result_count_hole_filtered } report_report_result_count_hole_full = element full { integer } report_report_result_count_hole_filtered = element filtered { integer } report_report_result_count_info = element info { report_report_result_count_info_full & report_report_result_count_info_filtered } report_report_result_count_info_full = element full { integer } report_report_result_count_info_filtered = element filtered { integer } report_report_result_count_log = element log { report_report_result_count_log_full & report_report_result_count_log_filtered } report_report_result_count_log_full = element full { integer } report_report_result_count_log_filtered = element filtered { integer } report_report_result_count_warning = element warning { report_report_result_count_warning_full & report_report_result_count_warning_filtered } report_report_result_count_warning_full = element full { integer } report_report_result_count_warning_filtered = element filtered { integer } report_report_severity = element severity { report_report_severity_full & report_report_severity_filtered } report_report_severity_full = element full { severity } report_report_severity_filtered = element filtered { severity } report_report_severity_class = element severity_class { report_report_severity_class_name & report_report_severity_class_full_name & report_report_severity_class_severity_range* } report_report_severity_class_name = element name { ERROR } report_report_severity_class_full_name = element full_name { text } report_report_severity_class_severity_range = element severity_range { report_report_severity_class_severity_range_name & report_report_severity_class_severity_range_min & report_report_severity_class_severity_range_max } report_report_severity_class_severity_range_name = element name { name } report_report_severity_class_severity_range_min = element min { integer } report_report_severity_class_severity_range_max = element max { integer } report_report_task = element task { attribute id { uuid } & report_report_task_name & report_report_task_comment & report_report_task_target & report_report_task_progress & report_report_task_user_tags? } report_report_task_name = element name { name } report_report_task_comment = element comment { text } report_report_task_target = element target { attribute id { uuid }? & report_report_task_target_trash & report_report_task_target_name & report_report_task_target_comment } report_report_task_target_trash = element trash # type boolean { } report_report_task_target_name = element name { name } report_report_task_target_comment = element comment { text } report_report_task_progress = element progress { integer } report_report_task_user_tags = element user_tags { report_report_task_user_tags_count & report_report_task_user_tags_tag* } report_report_task_user_tags_count = element count { integer } report_report_task_user_tags_tag = element tag { attribute id { uuid } & report_report_task_user_tags_tag_name & report_report_task_user_tags_tag_value & report_report_task_user_tags_tag_comment } report_report_task_user_tags_tag_name = element name { text } report_report_task_user_tags_tag_value = element value { text } report_report_task_user_tags_tag_comment = element comment { text } report_report_scan = element scan { report_report_scan_task } report_report_scan_task = element task { report_report_scan_task_slave & report_report_scan_task_preferences } report_report_scan_task_slave = element slave { attribute id { uuid } & report_report_scan_task_slave_name & report_report_scan_task_slave_host & report_report_scan_task_slave_port } report_report_scan_task_slave_name = element name { name } report_report_scan_task_slave_host = element host { text } report_report_scan_task_slave_port = element port { text } report_report_scan_task_preferences = element preferences { report_report_scan_task_preferences_preference* } report_report_scan_task_preferences_preference = element preference { report_report_scan_task_preferences_preference_name & report_report_scan_task_preferences_preference_scanner_name & report_report_scan_task_preferences_preference_value } report_report_scan_task_preferences_preference_name = element name { text } report_report_scan_task_preferences_preference_scanner_name = element scanner_name { text } report_report_scan_task_preferences_preference_value = element value { text } report_report_ports = element ports { attribute start { integer } & attribute max { integer } & report_report_ports_port* } report_report_ports_port = element port { text & report_report_ports_port_host & report_report_ports_port_severity & report_report_ports_port_threat } report_report_ports_port_host = element host { text } report_report_ports_port_severity = element severity { severity } report_report_ports_port_threat = element threat { threat } report_report_results = element results { attribute start { integer } & attribute max { integer } & report_report_results_result* } report_report_results_result = element result # type result { attribute id { uuid } & result_name & result_owner & result_comment & result_creation_time & result_modification_time & result_user_tags? & result_report? & result_task? & result_host & result_port & result_nvt & result_scan_nvt_version & result_threat & result_severity & result_qod & result_original_threat? & result_original_severity? & result_description & result_delta? & result_detection? & result_notes? & result_overrides? & result_tickets? } report_report_hosts = element hosts { ( ( attribute start { integer } & attribute max { integer } ) | report_report_hosts_count ) } report_report_hosts_count = element count { } report_report_closed_cves = element closed_cves { report_report_closed_cves_count } report_report_closed_cves_count = element count { } report_report_vulns = element vulns { report_report_vulns_count } report_report_vulns_count = element count { } report_report_os = element os { report_report_os_count } report_report_os_count = element count { } report_report_apps = element apps { report_report_apps_count } report_report_apps_count = element count { } report_report_ssl_certs = element ssl_certs { report_report_ssl_certs_count } report_report_ssl_certs_count = element count { } report_report_host = element host { report_report_host_ip & report_report_host_asset & report_report_host_start & report_report_host_end & report_report_host_port_count & report_report_host_result_count & report_report_host_detail* } report_report_host_ip = element ip { text } report_report_host_asset = element asset { attribute asset_id { uuid } } report_report_host_start = element start { text } report_report_host_end = element end { text } report_report_host_port_count = element port_count { report_report_host_port_count_page } report_report_host_port_count_page = element page { integer } report_report_host_result_count = element result_count { report_report_host_result_count_page & report_report_host_result_count_hole & report_report_host_result_count_warning & report_report_host_result_count_info & report_report_host_result_count_log & report_report_host_result_count_false_positive } report_report_host_result_count_page = element page { integer } report_report_host_result_count_hole = element hole { report_report_host_result_count_hole_page } report_report_host_result_count_hole_page = element page { integer } report_report_host_result_count_warning = element warning { report_report_host_result_count_warning_page } report_report_host_result_count_warning_page = element page { integer } report_report_host_result_count_info = element info { report_report_host_result_count_info_page } report_report_host_result_count_info_page = element page { integer } report_report_host_result_count_log = element log { report_report_host_result_count_log_page } report_report_host_result_count_log_page = element page { integer } report_report_host_result_count_false_positive = element false_positive { report_report_host_result_count_false_positive_page } report_report_host_result_count_false_positive_page = element page { integer } report_report_host_detail = element detail { report_report_host_detail_name & report_report_host_detail_value & report_report_host_detail_source & report_report_host_detail_extra } report_report_host_detail_name = element name { text } report_report_host_detail_value = element value { text } report_report_host_detail_source = element source { report_report_host_detail_source_type & report_report_host_detail_source_name & report_report_host_detail_source_description } report_report_host_detail_source_type = element type { text } report_report_host_detail_source_name = element name { text } report_report_host_detail_source_description = element description { text } report_report_host_detail_extra = element extra { text } report_report_timestamp = element timestamp { iso_time } report_report_scan_start = element scan_start { iso_time } report_report_scan_end = element scan_end { iso_time } report_report_errors = element errors { report_report_errors_count & report_report_errors_error* } report_report_errors_count = element count { } report_report_errors_error = element error { report_report_errors_error_host & report_report_errors_error_port & report_report_errors_error_description & report_report_errors_error_nvt & report_report_errors_error_scan_nvt_version & report_report_errors_error_severity } report_report_errors_error_host = element host { text & report_report_errors_error_host_asset } report_report_errors_error_host_asset = element asset { attribute asset_id { uuid } } report_report_errors_error_port = element port { port } report_report_errors_error_description = element description { text } report_report_errors_error_nvt = element nvt { attribute oid { } & report_report_errors_error_nvt_name & report_report_errors_error_nvt_type & report_report_errors_error_nvt_cvss_base } report_report_errors_error_nvt_name = element name { text } report_report_errors_error_nvt_type = element type { text } report_report_errors_error_nvt_cvss_base = element cvss_base { severity } report_report_errors_error_scan_nvt_version = element scan_nvt_version { text } report_report_errors_error_severity = element severity { severity }
7 Command Details
7.1 Command authenticate
In short: Authenticate with the manager.
The client uses the authenticate command to authenticate with the Manager.
The client normally executes this command at the beginning of each connection. The only commands permitted before authentication are get_version and commands.
7.1.1 Structure
-
Command
-
<credentials>
-
<username>
The login name of the user.
-
<password>
The user's password.
-
<username>
-
<credentials>
-
Response
- @status (status)
- @status_text (text)
-
<role>
("User", "Admin", "Super Admin" or "Observer")The user's role.
-
<timezone>
The user's timezone.
7.1.2 RNC
authenticate = element authenticate { authenticate_credentials } authenticate_credentials = element credentials { authenticate_credentials_username & authenticate_credentials_password } authenticate_credentials_username = element username { text } authenticate_credentials_password = element password { text }
authenticate_response = element authenticate_response { attribute status { status } & attribute status_text { text } & authenticate_response_role & authenticate_response_timezone } authenticate_response_role = element role # type UserAdminSuper AdminObserver { } authenticate_response_timezone = element timezone { timezone }
7.1.3 Example: Authenticate with a good password
<authenticate> <credentials> <username>sally</username> <password>secret</password> </credentials> </authenticate>
<authenticate_response status="200" status_text="OK"> <role>User</role> <timezone>UTC</timezone> </authenticate_response>
7.1.3 Example: Authenticate with a bad password
<authenticate> <credentials> <username>sally</username> <password>secrte</password> </credentials> </authenticate>
<authenticate_response status="400" status_text="Authentication failed"/>
7.2 Command commands
In short: Run a list of commands.
The client uses the commands command to run a list of commands. The elements are executed as GMP commands in the given sequence. The reply contains the result of each command, in the same order as the given commands.
7.2.1 Structure
-
Command
-
One of*
-
<authenticate>authenticate command.
-
<commands>commands command.
-
<create_agent>create_agent command.
-
<create_alert>create_alert command.
-
<create_asset>create_asset command.
-
<create_config>create_config command.
-
<create_credential>create_credential command.
-
<create_filter>create_filter command.
-
<create_group>create_group command.
-
<create_note>create_note command.
-
<create_override>create_override command.
-
<create_permission>create_permission command.
-
<create_port_list>create_port_list command.
-
<create_port_range>create_port_range command.
-
<create_report_format>create_report_format command.
-
<create_role>create_role command.
-
<create_scanner>create_scanner command.
-
<create_schedule>create_schedule command.
-
<create_tag>create_tag command.
-
<create_target>create_target command.
-
<create_task>create_task command.
-
<create_ticket>create_ticket command.
-
<create_tls_certificate>create_tls_certificate command.
-
<create_user>create_user command.
-
<delete_agent>delete_agent command.
-
<delete_alert>delete_alert command.
-
<delete_asset>delete_asset command.
-
<delete_config>delete_config command.
-
<delete_credential>delete_credential command.
-
<delete_filter>delete_filter command.
-
<delete_group>delete_group command.
-
<delete_note>delete_note command.
-
<delete_override>delete_override command.
-
<delete_permission>delete_permission command.
-
<delete_report>delete_report command.
-
<delete_report_format>delete_report_format command.
-
<delete_role>delete_role command.
-
<delete_port_list>delete_port_list command.
-
<delete_port_range>delete_port_range command.
-
<delete_scanner>delete_scanner command.
-
<delete_schedule>delete_schedule command.
-
<delete_tag>delete_tag command.
-
<delete_target>delete_target command.
-
<delete_task>delete_task command.
-
<delete_ticket>delete_ticket command.
-
<delete_user>delete_user command.
-
<describe_auth>describe_auth command.
-
<empty_trashcan>empty_trashcan command.
-
<get_agents>get_agents command.
-
<get_alerts>get_alerts command.
-
<get_assets>get_assets command.
-
<get_configs>get_configs command.
-
<get_credentials>get_credentials command.
-
<get_feeds>get_feeds command.
-
<get_filters>get_filters command.
-
<get_groups>get_groups command.
-
<get_info>get_info command.
-
<get_notes>get_notes command.
-
<get_nvts>get_nvts command.
-
<get_nvt_families>get_nvt_families command.
-
<get_overrides>get_overrides command.
-
<get_permissions>get_permissions command.
-
<get_port_lists>get_port_lists command.
-
<get_preferences>get_preferences command.
-
<get_reports>get_reports command.
-
<get_report_formats>get_report_formats command.
-
<get_results>get_results command.
-
<get_roles>get_roles command.
-
<get_scanners>get_scanners command.
-
<get_schedules>get_schedules command.
-
<get_settings>get_settings command.
-
<get_system_reports>get_system_reports command.
-
<get_tags>get_tags command.
-
<get_targets>get_targets command.
-
<get_tasks>get_tasks command.
-
<get_tickets>get_tickets command.
-
<get_tls_certificates>get_tls_certificates command.
-
<get_users>get_users command.
-
<get_version>get_version command.
-
<get_vulns>get_vulns command.
-
<help>help command.
-
<modify_agent>modify_agent command.
-
<modify_alert>modify_alert command.
-
<modify_asset>modify_asset command.
-
<modify_auth>modify_auth command.
-
<modify_config>modify_config command.
-
<modify_credential>modify_credential command.
-
<modify_filter>modify_filter command.
-
<modify_group>modify_group command.
-
<modify_note>modify_note command.
-
<modify_override>modify_override command.
-
<modify_permission>modify_permission command.
-
<modify_port_list>modify_port_list command.
-
<modify_report>modify_report command.
-
<modify_report_format>modify_report_format command.
-
<modify_role>modify_role command.
-
<modify_scanner>modify_scanner command.
-
<modify_schedule>modify_schedule command.
-
<modify_setting>modify_setting command.
-
<modify_tag>modify_tag command.
-
<modify_target>modify_target command.
-
<modify_task>modify_task command.
-
<modify_ticket>modify_ticket command.
-
<modify_tls_certificate>modify_tls_certificate command.
-
<modify_user>modify_user command.
-
<restore>restore command.
-
<resume_task>resume_task command.
-
<run_wizard>run_wizard command.
-
<start_task>start_task command.
-
<stop_task>stop_task command.
-
<sync_config>sync_config command.
-
<test_alert>test_alert command.
-
<verify_agent>verify_agent command.
-
<verify_report_format>verify_report_format command.
-
<verify_scanner>verify_scanner command.
-
<authenticate>
-
One of*
-
Response
- @status (status)
- @status_text (text)
-
One of*
-
<authenticate_response>Response to authenticate command.
-
<commands_response>Response to commands command.
-
<create_agent_response>Response to create_agent command.
-
<create_alert_response>Response to create_alert command.
-
<create_asset_response>Response to create_asset command.
-
<create_config_response>Response to create_config command.
-
<create_credential_response>Response to create_credential command.
-
<create_filter_response>Response to create_filter command.
-
<create_group_response>Response to create_group command.
-
<create_note_response>Response to create_note command.
-
<create_override_response>Response to create_override command.
-
<create_permission_response>Response to create_permission command.
-
<create_port_list_response>Response to create_port_list command.
-
<create_port_range_response>Response to create_port_range command.
-
<create_role_response>Response to create_role command.
-
<create_scanner_response>Response to create_scanner command.
-
<create_schedule_response>Response to create_schedule command.
-
<create_tag_response>Response to create_tag command.
-
<create_target_response>Response to create_target command.
-
<create_task_response>Response to create_task command.
-
<create_ticket_response>Response to create_ticket command.
-
<create_tls_certificate_response>Response to create_tls_certificate command.
-
<create_user_response>Response to create_user command.
-
<delete_agent_response>Response to delete_agent command.
-
<delete_alert_response>Response to delete_alert command.
-
<delete_asset_response>Response to delete_asset command.
-
<delete_config_response>Response to delete_config command.
-
<delete_credential_response>Response to delete_credential command.
-
<delete_filter_response>Response to delete_filter command.
-
<delete_group_response>Response to delete_group command.
-
<delete_note_response>Response to delete_note command.
-
<delete_override_response>Response to delete_override command.
-
<delete_permission_response>Response to delete_permission command.
-
<delete_port_list_response>Response to delete_port_list command.
-
<delete_port_range_response>Response to delete_port_range command.
-
<delete_report_response>Response to delete_report command.
-
<delete_report_format_response>Response to delete_report_format command.
-
<delete_role_response>Response to delete_role command.
-
<delete_scanner_response>Response to delete_scanner command.
-
<delete_schedule_response>Response to delete_schedule command.
-
<delete_tag_response>Response to delete_tag command.
-
<delete_target_response>Response to delete_target command.
-
<delete_task_response>Response to delete_task command.
-
<delete_ticket_response>Response to delete_ticket command.
-
<delete_user_response>Response to delete_user command.
-
<describe_auth_response>Response to describe_auth command.
-
<empty_trashcan_response>Response to empty_trashcan command.
-
<get_agents_response>Response to get_agents command.
-
<get_alerts_response>Response to get_alerts command.
-
<get_assets_response>Response to get_assets command.
-
<get_configs_response>Response to get_configs command.
-
<get_credentials_response>Response to get_credentials command.
-
<get_groups_response>Response to get_groups command.
-
<get_info_response>Response to get_info command.
-
<get_feeds_response>Response to get_feeds command.
-
<get_filters_response>Response to get_filters command.
-
<get_notes_response>Response to get_notes command.
-
<get_nvts_response>Response to get_nvts command.
-
<get_nvt_families_response>Response to get_nvt_families command.
-
<get_overrides_response>Response to get_overrides command.
-
<get_permissions_response>Response to get_permissions command.
-
<get_port_lists_response>Response to get_port_lists command.
-
<get_preferences_response>Response to get_preferences command.
-
<get_reports_response>Response to get_reports command.
-
<get_report_formats_response>Response to get_report_formats command.
-
<get_results_response>Response to get_results command.
-
<get_roles_response>Response to get_roles command.
-
<get_scanners_response>Response to get_scanners command.
-
<get_schedules_response>Response to get_schedules command.
-
<get_settings_response>Response to get_settings command.
-
<get_system_reports_response>Response to get_system_reports command.
-
<get_tags_response>Response to get_tags command.
-
<get_targets_response>Response to get_targets command.
-
<get_tasks_response>Response to get_tasks command.
-
<get_tickets_response>Response to get_tickets command.
-
<get_tls_certificates_response>Response to get_tls_certificates command.
-
<get_users_response>Response to get_users command.
-
<get_version_response>Response to get_version command.
-
<get_vulns_response>Response to get_vulns command.
-
<help_response>Response to help command.
-
<modify_agent_response>Response to modify_agent command.
-
<modify_alert_response>Response to modify_alert command.
-
<modify_asset_response>Response to modify_asset command.
-
<modify_auth_response>Response to modify_auth command.
-
<modify_config_response>Response to modify_config command.
-
<modify_credential_response>Response to modify_credential command.
-
<modify_filter_response>Response to modify_filter command.
-
<modify_group_response>Response to modify_group command.
-
<modify_note_response>Response to modify_note command.
-
<modify_override_response>Response to modify_override command.
-
<modify_permission_response>Response to modify_permission command.
-
<modify_port_list_response>Response to modify_port_list command.
-
<modify_report_response>Response to modify_report command.
-
<modify_report_format_response>Response to modify_report_format command.
-
<modify_role_response>Response to modify_role command.
-
<modify_scanner_response>Response to modify_scanner command.
-
<modify_schedule_response>Response to modify_schedule command.
-
<modify_setting_response>Response to modify_setting command.
-
<modify_tag_response>Response to modify_tag command.
-
<modify_target_response>Response to modify_target command.
-
<modify_ticket_response>Response to modify_ticket command.
-
<modify_tls_certificate_response>Response to modify_tls_certificate command.
-
<modify_task_response>Response to modify_task command.
-
<modify_user_response>Response to modify_user command.
-
<restore_response>Response to restore command.
-
<resume_task_response>Response to resume_task command.
-
<run_wizard_response>Response to run_wizard command.
-
<start_task_response>Response to start_task command.
-
<stop_task_response>Response to stop_task command.
-
<sync_config_response>Response to sync_config command.
-
<test_alert_response>Response to test_alert command.
-
<verify_agent_response>Response to verify_agent command.
-
<verify_report_format_response>Response to verify_report_format command.
-
<verify_scanner_response>Response to verify_scanner command.
-
<authenticate_response>
7.2.2 RNC
commands = element commands { ( authenticate | commands | create_agent | create_alert | create_asset | create_config | create_credential | create_filter | create_group | create_note | create_override | create_permission | create_port_list | create_port_range | create_report_format | create_role | create_scanner | create_schedule | create_tag | create_target | create_task | create_ticket | create_tls_certificate | create_user | delete_agent | delete_alert | delete_asset | delete_config | delete_credential | delete_filter | delete_group | delete_note | delete_override | delete_permission | delete_report | delete_report_format | delete_role | delete_port_list | delete_port_range | delete_scanner | delete_schedule | delete_tag | delete_target | delete_task | delete_ticket | delete_user | describe_auth | empty_trashcan | get_agents | get_alerts | get_assets | get_configs | get_credentials | get_feeds | get_filters | get_groups | get_info | get_notes | get_nvts | get_nvt_families | get_overrides | get_permissions | get_port_lists | get_preferences | get_reports | get_report_formats | get_results | get_roles | get_scanners | get_schedules | get_settings | get_system_reports | get_tags | get_targets | get_tasks | get_tickets | get_tls_certificates | get_users | get_version | get_vulns | help | modify_agent | modify_alert | modify_asset | modify_auth | modify_config | modify_credential | modify_filter | modify_group | modify_note | modify_override | modify_permission | modify_port_list | modify_report | modify_report_format | modify_role | modify_scanner | modify_schedule | modify_setting | modify_tag | modify_target | modify_task | modify_ticket | modify_tls_certificate | modify_user | restore | resume_task | run_wizard | start_task | stop_task | sync_config | test_alert | verify_agent | verify_report_format | verify_scanner )* }
commands_response = element commands_response { attribute status { status } & attribute status_text { text } & ( authenticate_response | commands_response | create_agent_response | create_alert_response | create_asset_response | create_config_response | create_credential_response | create_filter_response | create_group_response | create_note_response | create_override_response | create_permission_response | create_port_list_response | create_port_range_response | create_role_response | create_scanner_response | create_schedule_response | create_tag_response | create_target_response | create_task_response | create_ticket_response | create_tls_certificate_response | create_user_response | delete_agent_response | delete_alert_response | delete_asset_response | delete_config_response | delete_credential_response | delete_filter_response | delete_group_response | delete_note_response | delete_override_response | delete_permission_response | delete_port_list_response | delete_port_range_response | delete_report_response | delete_report_format_response | delete_role_response | delete_scanner_response | delete_schedule_response | delete_tag_response | delete_target_response | delete_task_response | delete_ticket_response | delete_user_response | describe_auth_response | empty_trashcan_response | get_agents_response | get_alerts_response | get_assets_response | get_configs_response | get_credentials_response | get_groups_response | get_info_response | get_feeds_response | get_filters_response | get_notes_response | get_nvts_response | get_nvt_families_response | get_overrides_response | get_permissions_response | get_port_lists_response | get_preferences_response | get_reports_response | get_report_formats_response | get_results_response | get_roles_response | get_scanners_response | get_schedules_response | get_settings_response | get_system_reports_response | get_tags_response | get_targets_response | get_tasks_response | get_tickets_response | get_tls_certificates_response | get_users_response | get_version_response | get_vulns_response | help_response | modify_agent_response | modify_alert_response | modify_asset_response | modify_auth_response | modify_config_response | modify_credential_response | modify_filter_response | modify_group_response | modify_note_response | modify_override_response | modify_permission_response | modify_port_list_response | modify_report_response | modify_report_format_response | modify_role_response | modify_scanner_response | modify_schedule_response | modify_setting_response | modify_tag_response | modify_target_response | modify_ticket_response | modify_tls_certificate_response | modify_task_response | modify_user_response | restore_response | resume_task_response | run_wizard_response | start_task_response | stop_task_response | sync_config_response | test_alert_response | verify_agent_response | verify_report_format_response | verify_scanner_response )* }
7.3 Command create_agent
In short: Create an agent.
The client uses the create_agent command to create a new agent.
7.3.1 Structure
-
Command
-
<installer>
A file that installs the agent on a target machine.
-
<signature>
A detached OpenPGP signature of the installer.
-
<signature>
-
<name>
A name for the installer.
-
<comment>
?A comment on the agent.
-
<copy>
?The UUID of an existing agent.
-
<howto_install>
?A file that describes how to install the agent.
-
<howto_use>
?A file that describes how to use the agent.
-
<installer>
- Response
7.3.2 RNC
create_agent = element create_agent { create_agent_installer & create_agent_name & create_agent_comment? & create_agent_copy? & create_agent_howto_install? & create_agent_howto_use? } create_agent_installer = element installer { text # RNC limitation: base64 & create_agent_installer_signature } create_agent_installer_signature = element signature { base64 } create_agent_name = element name { name } create_agent_comment = element comment { text } create_agent_copy = element copy { uuid } create_agent_howto_install = element howto_install { base64 } create_agent_howto_use = element howto_use { base64 }
create_agent_response = element create_agent_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.3.3 Example: Create an agent
<create_agent> <installer> asdf3235saf3kjBVF... <signature>iEYEABECAAYFA...</signature> </installer> <name>SLAD</name> </create_agent>
<create_agent_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.4 Command create_alert
In short: Create an alert.
The client uses the create_alert command to create a new alert.
7.4.1 Structure
-
Command
-
<name>
A name for the alert.
-
<comment>
?A comment on the alert.
-
<copy>
?The UUID of an existing alert.
-
<condition>
The condition that must be satisfied for the alert to occur.
-
<data>
*Some data that defines the condition.
-
<name>
The name of the condition data.
-
<name>
-
<data>
*
-
<event>
The event that must happen for the alert to occur.
-
<data>
*Some data that defines the event.
-
<name>
The name of the event data.
-
<name>
-
<data>
*
-
<method>
The method by which the user is alerted.
-
<data>
*Some data that defines the method.
-
<name>
The name of the method data.
-
<name>
-
<data>
*
-
<filter>
Filter to apply when executing alert.
- @id (uuid)
-
<name>
- Response
7.4.2 RNC
create_alert = element create_alert { create_alert_name & create_alert_comment? & create_alert_copy? & create_alert_condition & create_alert_event & create_alert_method & create_alert_filter } create_alert_name = element name { name } create_alert_comment = element comment { text } create_alert_copy = element copy { uuid } create_alert_condition = element condition { text & create_alert_condition_data* } create_alert_condition_data = element data { text & create_alert_condition_data_name } create_alert_condition_data_name = element name { text } create_alert_event = element event { text & create_alert_event_data* } create_alert_event_data = element data { text & create_alert_event_data_name } create_alert_event_data_name = element name { text } create_alert_method = element method { text & create_alert_method_data* } create_alert_method_data = element data { text & create_alert_method_data_name } create_alert_method_data_name = element name { text } create_alert_filter = element filter { attribute id { uuid } }
create_alert_response = element create_alert_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.4.3 Example: Create an email alert
<create_alert> <name>emergency</name> <condition> Severity at least <data> 5.5 <name>severity</name> </data> </condition> <event> Task run status changed <data> Done <name>status</name> </data> </event> <method> Email <data> sally@example.org <name>to_address</name> </data> <data> bob@example.org <name>from_address</name> </data> </method> </create_alert>
<create_alert_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.4.3 Example: Create an Alemba vFire alert
<create_alert> <name>Alemba test</name> <method> Alemba vFire <data> https://alemba.example.com/vfire <name>vfire_base_url</name> </data> <data> 9431b46f-8491-45d8-81c3-efea92abb47b <name>vfire_credential</name> </data> <data> 5a52a4ff-6f5d-430d-b70a-d5329b6cbbd3 <name>vfire_client_id</name> </data> <data> This an automatically created call for the GVM task %n. <name>vfire_call_description</name> </data> <data> IT <name>vfire_call_partition_name</name> </data> <data> GVM Report <name>vfire_call_type_name</name> </data> <data> GVM Scan Report <name>vfire_call_template_name</name> </data> <data> 3 - Team (2-10) <name>vfire_call_impact_name</name> </data> <data> 3 - Normal <name>vfire_call_urgency_name</name> </data> <data> a3810a62-1f62-11e1-9219-406186ea4fc5, c402cc3e-b531-11e1-9163-406186ea4fc5 <name>report_formats</name> </data> </method> <condition>always</condition> <event> Task run status changed <data> Done <name>status</name> </data> </event> </create_alert>
<create_alert_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.5 Command create_asset
In short: Create an asset.
The client uses the create_asset command to create a new asset.
7.5.1 Structure
-
Command
-
One of
-
<asset>
-
<name>
A name for the asset. Must be an IPv4 or IPv6 address for hosts.
-
<comment>
?A comment on the asset.
-
<type>
The type of asset to create. Must be 'host'.
-
<name>
-
<report>
Report from which to import assets.
- @id (uuid)
-
<filter>
Filter, for min_qod and apply_overrides.
-
<term>
Filter term.
-
<term>
-
<asset>
-
One of
- Response
7.5.2 RNC
create_asset = element create_asset { ( create_asset_asset | create_asset_report ) } create_asset_asset = element asset { create_asset_asset_name & create_asset_asset_comment? & create_asset_asset_type } create_asset_asset_name = element name { name } create_asset_asset_comment = element comment { text } create_asset_asset_type = element type { text } create_asset_report = element report { attribute id { uuid } & create_asset_report_filter } create_asset_report_filter = element filter { create_asset_report_filter_term } create_asset_report_filter_term = element term { text }
create_asset_response = element create_asset_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.5.3 Example: Create an asset
<create_asset> <asset> <type>host</type> <name>Localhost</name> </asset> </create_asset>
<create_asset_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.6 Command create_config
In short: Create a config.
The client uses the create_config command to create a new config.
This command can be called in three ways:
- With a copy element. The new config is a copy of the existing config, with the given name.
- With an embedded get_configs response element. The config is created as defined by the get_configs response element. Name is actually optional in this case. The config is given the name of the config in the get_configs response. If there is already a config with this name, then a number is attached to the name to make it unique.
- With a scanner element referencing an OSP scanner. The config is then created by retrieving the expected preferences from the given scanner via OSP.
7.6.1 Structure
-
Command
-
<comment>
?A comment on the config.
-
One of
-
<copy>
The UUID of an existing config.
-
<get_configs_response>Response to get_configs command.
-
<scanner>
The UUID of an OSP scanner to get config data from.
-
<copy>
-
<name>
A name for the config.
-
<usage_type>
?Usage type (scan or policy) for the config. Can overwrite the one in get_configs_response.
-
<comment>
?
- Response
7.6.2 RNC
create_config = element create_config { create_config_comment? & ( create_config_copy | get_configs_response | create_config_scanner ) & create_config_name & create_config_usage_type? } create_config_comment = element comment { text } create_config_copy = element copy { uuid } create_config_scanner = element scanner { uuid } create_config_name = element name { name } create_config_usage_type = element usage_type { xsd:token { pattern = "scan|policy" } }
create_config_response = element create_config_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.6.3 Example: Copy a config
<create_config> <copy>daba56c8-73ec-11df-a475-002264764cea</copy> <name>Full</name> </create_config>
<create_config_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.6.3 Example: Create a config from a GET_CONFIGS response
<create_config> <get_configs_response> <config id="daba56c8-73ec-11df-a475-002264764cea"> <name>Full and fast</name> ... </config> </get_configs_response> </create_config>
<create_config_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.6.3 Example: Create an OSP config from a scanner
<create_config> <name>Full</name> <scanner>daba56c8-73ec-11df-a475-002264764cea</scanner> </create_config>
<create_config_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.7 Command create_credential
In short: Create a credential.
The client uses the create_credential command to create a new credential for local security checks and other functions requiring authentication.
If the command includes a key, then the manager creates a key-based credential from the key. If the command includes a password, then the manager creates a password only credential. Otherwise the manager autogenerates a key-based credential.
7.7.1 Structure
-
Command
-
<name>
A name for the credential.
-
<comment>
?A comment on the credential.
-
<copy>
?The UUID of an existing credential.
-
<allow_insecure>
?Whether to allow insecure use of the credential.
-
<certificate>
?The certificate of the credential.
-
<key>
?
-
<phrase>
?Key passphrase.
-
One of
-
<private>
Private key.
-
<public>
Public key.
-
<private>
-
<phrase>
?
-
<login>
?The user name of the credential.
-
<password>
?The password for the credential login.
-
<auth_algorithm>
?Authentication algorithm for SNMP, either md5 or sha1.
-
<community>
?The SNMP community.
-
<privacy>
?
-
<algorithm>
The SNMP privacy algorithm, either aes or des.
-
<password>
The SNMP privacy password.
-
<algorithm>
-
<type>
?The type of credential to create.
-
<name>
- Response
7.7.2 RNC
create_credential = element create_credential { create_credential_name & create_credential_comment? & create_credential_copy? & create_credential_allow_insecure? & create_credential_certificate? & create_credential_key? & create_credential_login? & create_credential_password? & create_credential_auth_algorithm? & create_credential_community? & create_credential_privacy? & create_credential_type? } create_credential_name = element name { name } create_credential_comment = element comment { text } create_credential_copy = element copy { uuid } create_credential_allow_insecure = element allow_insecure { boolean } create_credential_certificate = element certificate { text } create_credential_key = element key { create_credential_key_phrase? & ( create_credential_key_private | create_credential_key_public ) } create_credential_key_phrase = element phrase { text } create_credential_key_private = element private { text } create_credential_key_public = element public { text } create_credential_login = element login { text } create_credential_password = element password { text } create_credential_community = element community { text } create_credential_auth_algorithm = element auth_algorithm { xsd:token { pattern = "md5|sha1" } } create_credential_privacy = element privacy { create_credential_privacy_algorithm & create_credential_privacy_password } create_credential_privacy_algorithm = element algorithm { xsd:token { pattern = "aes|des" } } create_credential_privacy_password = element password { text } create_credential_type = element type { xsd:token { pattern = "cc|pgp|pw|smime|snmp|up|usk" } }
create_credential_response = element create_credential_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.7.3 Example: Create an LSC credential
<create_credential> <name>cluster sally</name> <login>sally</login> <password>secret</password> <comment>Sally's login to the cluster.</comment> </create_credential>
<create_credential_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.7.3 Example: Create a PGP public key credential
<create_credential> <name>Email public key</name> <type>pgp</type> <key> <public> -----BEGIN PGP PUBLIC KEY BLOCK----- [...] </public> </key> </create_credential>
<create_credential_response status="201" status_text="OK, resource created" id="e81be3f4-a9a6-45a0-853f-980383a5d9eb"/>
7.7.3 Example: Create an S/MIME credential
<create_credential> <name>Email certificate</name> <type>smime</type> <certificate>-----BEGIN PKCS7----- [...]</certificate> </create_credential>
<create_credential_response status="201" status_text="OK, resource created" id="4aa5bf8a-502d-4023-96b0-352fe202a097"/>
7.8 Command create_filter
In short: Create a filter.
The client uses the create_filter command to create a new filter.
7.8.1 Structure
-
Command
-
<name>
A name for the filter.
-
<comment>
?A comment on the filter.
-
<copy>
?The UUID of an existing filter.
-
<term>
?Filter term.
-
<type>
?Resource type.
-
<name>
- Response
7.8.2 RNC
create_filter = element create_filter { create_filter_name & create_filter_comment? & create_filter_copy? & create_filter_term? & create_filter_type? } create_filter_name = element name { name } create_filter_comment = element comment { text } create_filter_copy = element copy { uuid } create_filter_term = element term { text } create_filter_type = element type { text }
create_filter_response = element create_filter_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.8.3 Example: Create a filter
<create_filter> <name>Single Targets</name> <comment>Targets with only one host</comment> <term>ips=1 first=1 rows=-2</term> <type>target</type> </create_filter>
<create_filter_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c7"/>
7.9 Command create_group
In short: Create a group.
The client uses the create_group command to create a new group.
7.9.1 Structure
-
Command
-
<name>
A name for the group.
-
<comment>
?A comment on the group.
-
<copy>
?The UUID of an existing group.
-
<specials>
?
-
<full>
Create permission giving members full access to each other's resources.
-
<full>
-
<users>
?Comma separated list of user names.
-
<name>
- Response
7.9.2 RNC
create_group = element create_group { create_group_name & create_group_comment? & create_group_copy? & create_group_specials? & create_group_users? } create_group_name = element name { name } create_group_comment = element comment { text } create_group_copy = element copy { uuid } create_group_specials = element specials { create_group_specials_full } create_group_specials_full = element full { "" } create_group_users = element users { text }
create_group_response = element create_group_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.9.3 Example: Create a group
<create_group> <name>Managers</name> <users>sarah, bob</users> </create_group>
<create_group_response status="201" status_text="OK, resource created" id="d94211b6-ba40-11e3-bcb1-406186ea4fc5"/>
7.10 Command create_note
In short: Create a note.
The client uses the create_note command to create a new note.
7.10.1 Structure
-
Command
-
<text>
The text of the note.
-
<nvt>
NVT to which note applies.
- @oid (oid)
-
<active>
?Seconds note will be active. -1 on always, 0 off.
-
<copy>
?The UUID of an existing note.
-
<hosts>
?A comma-separated list of hosts.
-
<port>
?Port to which note applies.
-
<result>
?Result to which note applies.
- @id (uuid)
-
<severity>
?Severity to which note applies.
-
<task>
?Task to which note applies.
- @id (uuid)
-
<threat>
?Threat level to which note applies. Will be converted to severity.
-
<text>
- Response
7.10.2 RNC
create_note = element create_note { create_note_text & create_note_nvt & create_note_active? & create_note_copy? & create_note_hosts? & create_note_port? & create_note_result? & create_note_severity? & create_note_task? & create_note_threat? } create_note_text = element text { text } create_note_nvt = element nvt { attribute oid { oid } } create_note_active = element active { integer } create_note_copy = element copy { uuid } create_note_hosts = element hosts { text } create_note_port = element port { text } create_note_result = element result { attribute id { uuid } } create_note_severity = element severity { severity } create_note_task = element task { attribute id { uuid } } create_note_threat = element threat { threat }
create_note_response = element create_note_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.10.3 Example: Create a note
<create_note> <text>This issue should be resolved after the upgrade.</text> <nvt oid="1.3.6.1.4.1.25623.1.0.10330"/> <result>254cd3ef-bbe1-4d58-859d-21b8d0c046c6</result> </create_note>
<create_note_response status="202" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.11 Command create_override
In short: Create an override.
The client uses the create_override command to create a new override.
7.11.1 Structure
-
Command
-
<text>
The text of the override.
-
<nvt>
NVT to which override applies.
- @oid (oid)
-
<active>
?Seconds override will be active. -1 on always, 0 off.
-
<copy>
?The UUID of an existing override.
-
<hosts>
?A comma-separated list of hosts.
-
<new_severity>
?New severity for result.
-
<new_threat>
?New threat level for result, will be converted to a new_severity.
-
<port>
?Port to which override applies.
-
<result>
?Result to which override applies.
- @id (uuid)
-
<severity>
?Severity score to which override applies.
-
<task>
?Task to which override applies.
- @id (uuid)
-
<threat>
?Threat level to which override applies, will be converted to severity.
-
<text>
- Response
7.11.2 RNC
create_override = element create_override { create_override_text & create_override_nvt & create_override_active? & create_override_copy? & create_override_hosts? & create_override_new_severity? & create_override_new_threat? & create_override_port? & create_override_result? & create_override_severity? & create_override_task? & create_override_threat? } create_override_text = element text { text } create_override_active = element active { integer } create_override_nvt = element nvt { attribute oid { oid } } create_override_copy = element copy { uuid } create_override_hosts = element hosts { text } create_override_new_severity = element new_severity { severity } create_override_new_threat = element new_threat { threat } create_override_port = element port { text } create_override_result = element result { attribute id { uuid } } create_override_severity = element severity { severity } create_override_task = element task { attribute id { uuid } } create_override_threat = element threat { threat }
create_override_response = element create_override_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.11.3 Example: Create an override
<create_override> <text>This is actually of little concern.</text> <nvt oid="1.3.6.1.4.1.25623.1.0.10330"/> <new_threat>Low</new_threat> <result>254cd3ef-bbe1-4d58-859d-21b8d0c046c6</result> </create_override>
<create_override_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.12 Command create_permission
In short: Create a permission.
The client uses the create_permission command to create a new permission.
7.12.1 Structure
-
Command
-
<name>
A permission name, currently the name of a command.
-
<subject>
A subject to whom the permission is granted.
- @id (uuid)
-
<type>
GMP type of the subject: user, group or role.
-
<resource>
?A resource to which the permission applies.
- @id (uuid)
-
<type>
GMP type, for Super permissions: user, group or role.
-
<copy>
?UUID of an existing permission to copy.
-
<comment>
?Comment on the permission.
-
<name>
- Response
7.12.2 RNC
create_permission = element create_permission { create_permission_name & create_permission_subject & create_permission_resource? & create_permission_copy? & create_permission_comment? } create_permission_name = element name { text } create_permission_subject = element subject { attribute id { uuid }? & create_permission_subject_type } create_permission_subject_type = element type { text } create_permission_resource = element resource { attribute id { uuid }? & create_permission_resource_type } create_permission_resource_type = element type { text } create_permission_copy = element copy { uuid } create_permission_comment = element comment { text }
create_permission_response = element create_permission_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.12.3 Example: Grant a user permission to view a target
<create_permission> <name>get_targets</name> <resource id="b493b7a8-7489-11df-a3ec-002264764cea"/> <subject id="66abe5ce-c011-11e3-b96e-406186ea4fc5"> <type>user</type> </subject> </create_permission>
<create_permission_response status="201" status_text="OK, resource created" id="7ee79232-c011-11e3-b560-406186ea4fc5"/>
7.12.3 Example: Grant a role permission to create users
<create_permission> <name>create_user</name> <subject id="9b0cbd98-c011-11e3-a26e-406186ea4fc5"> <type>role</type> </subject> </create_permission>
<create_permission_response status="201" status_text="OK, resource created" id="b98ad69c-c011-11e3-b001-406186ea4fc5"/>
7.13 Command create_port_list
In short: Create a port list.
The client uses the create_port_list command to create a new port list.
The get_port_lists_response element overrides the port_range element.
7.13.1 Structure
-
Command
-
<name>
The name of the port list.
-
<comment>
?A comment on the port list.
-
<copy>
?The UUID of an existing port list.
-
<port_range>
Comma separated list of port ranges (allowing whitespace).
-
<get_port_lists_response>Response to get_port_lists command.
-
<name>
- Response
7.13.2 RNC
create_port_list = element create_port_list { create_port_list_name & create_port_list_comment? & create_port_list_copy? & create_port_list_port_range & get_port_lists_response } create_port_list_name = element name { name } create_port_list_comment = element comment { text } create_port_list_copy = element copy { uuid } create_port_list_port_range = element port_range { port_range }
create_port_list_response = element create_port_list_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.13.3 Example: Create a port list
<create_port_list> <name>All TCP</name> <comment>All possible TCP ports</comment> <port_range>T:1-65535</port_range> </create_port_list>
<create_port_list_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.14 Command create_port_range
In short: Create a port range.
The client uses the create_port_range command to create a new port range.
7.14.1 Structure
-
Command
-
<comment>
?A comment on the port range.
-
<port_list>
The port list to which to add the range.
- @id (uuid)
-
<start>
The first port in the range.
-
<end>
The last port in the range.
-
<type>
The type of the ports: TCP, UDP, ....
-
<comment>
?
- Response
7.14.2 RNC
create_port_range = element create_port_range { create_port_range_comment? & create_port_range_port_list & create_port_range_start & create_port_range_end & create_port_range_type } create_port_range_comment = element comment { text } create_port_range_port_list = element port_list { attribute id { uuid } } create_port_range_start = element start { port } create_port_range_end = element end { port } create_port_range_type = element type { text }
create_port_range_response = element create_port_range_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.14.3 Example: Add a port range to a port list
<create_port_range> <port_list id="354cd3ef-bbe1-4d58-859d-21b8d0c046c4"/> <start>777</start> <end>779</end> <type>TCP</type> </create_port_range>
<create_port_range_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.15 Command create_report
In short: Create a report.
The client uses the create_report command to import a report.
7.15.1 Structure
- Command
- Response
7.15.2 RNC
create_report = element create_report { create_report_report & create_report_task & create_report_in_assets? } create_report_report = element report # type report { text # RNC limitation: base64 & attribute id { uuid } & attribute format_id { uuid } & attribute extension { text } & attribute content_type { text } & attribute type { xsd:token { pattern = "scan|assets" } }? & report_owner & report_name & report_comment & report_creation_time & report_modification_time & report_writable & report_in_use & report_task & report_report_format & report_report } create_report_task = element task { attribute id { uuid }? } create_report_in_assets = element in_assets # type boolean { }
create_report_response = element create_report_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.15.3 Example: Create a report in an existing task
<create_report> <report id="f0fdf522-276d-4893-9274-fb8699dc2270" format_id="d5da9f67-8551-4e51-807b-b6a873d70e34" extension="xml" content_type="text/xml"> <report id="f0fdf522-276d-4893-9274-fb8699dc2270"> <gmp> <version>8.0</version> </gmp> ... <results start="1" max="-1"> <result id="634f7a2e-8ca1-43b7-b6d7-0d4841449508"> ... </result> ... </results> <scan_end>2010-02-02T19:11:52+00:00</scan_end> <errors> <count>0</count> </errors> </report> </report> <task id="76a4f237-9984-4345-a1f4-71fbcbf0611c"/> </create_report>
<create_report_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.16 Command create_report_format
In short: Create a report format.
The client uses the create_report_format command to create a new report format.
7.16.1 Structure
-
Command
-
One of
-
<copy>
The UUID of an existing report format.
-
<get_report_formats_response>Response to get_report_formats command.
-
<copy>
-
One of
- Response
7.16.2 RNC
create_report_format = element create_report_format { ( create_report_format_copy | get_report_formats_response ) } create_report_format_copy = element copy { uuid }
create_report_format_response = element create_report_format_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.16.3 Example: Create a report format
<create_report_format> <get_report_formats_response> <report_format id="a0704abb-2120-489f-959f-251c9f4ffebd"> <name>CPE</name> <extension>csv</extension> <content_type>text/csv</content_type> <summary>Common Platform Enumeration CSV table.</summary> <description> CPE stands for Common Platform Enumeration. It is a ... </description> <predefined>1</predefined> <trust> yes <time>Thu Dec 2 13:22:26 2010</time> </trust> <active>1</active> </report_format> </get_report_formats_response> </create_report_format>
<create_report_format_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.17 Command create_role
In short: Create a role.
The client uses the create_role command to create a new role.
7.17.1 Structure
-
Command
-
<name>
A name for the role.
-
<comment>
?A comment on the role.
-
<copy>
?The UUID of an existing role.
-
<users>
?Comma separated list of user names.
-
<name>
- Response
7.17.2 RNC
create_role = element create_role { create_role_name & create_role_comment? & create_role_copy? & create_role_users? } create_role_name = element name { name } create_role_comment = element comment { text } create_role_copy = element copy { uuid } create_role_users = element users { text }
create_role_response = element create_role_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.17.3 Example: Create a role
<create_role> <name>SCAP Observer</name> <users>sarah, bob</users> </create_role>
<create_role_response status="201" status_text="OK, resource created" id="b64c81b2-b9de-11e3-a2e9-406186ea4fc5"/>
7.18 Command create_scanner
In short: Create a scanner.
The client uses the create_scanner command to create a new scanner.
7.18.1 Structure
-
Command
-
<name>
A name for the scanner.
-
<comment>
?A comment on the scanner.
-
<copy>
?The UUID of an existing scanner.
-
<host>
The host of the scanner.
-
<port>
The port of the scanner.
-
<type>
The type of the scanner.
-
<ca_pub>
Certificate of CA to verify scanner certificate..
-
<credential>
Client certificate credential for the Scanner.
- @id (uuid) UUID of the credential.
-
<name>
- Response
7.18.2 RNC
create_scanner = element create_scanner { create_scanner_name & create_scanner_comment? & create_scanner_copy? & create_scanner_host & create_scanner_port & create_scanner_type & create_scanner_ca_pub & create_scanner_credential } create_scanner_name = element name { name } create_scanner_comment = element comment { text } create_scanner_copy = element copy { uuid } create_scanner_host = element host { text } create_scanner_port = element port { text } create_scanner_type = element type { text } create_scanner_ca_pub = element ca_pub { text } create_scanner_credential = element credential { attribute id { uuid } }
create_scanner_response = element create_scanner_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.18.3 Example: Create a scanner
<create_scanner> <name>Default Scanner</name> <host>localhost</host> <port>9391</port> <type>2</type> <ca_pub>...</ca_pub> <credential id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/> </create_scanner>
<create_scanner_response status="201" status_text="OK, resource created" id="814cd30f-dee1-4d58-851d-21b8d0c048e3"/>
7.19 Command create_schedule
In short: Create a schedule.
The client uses the create_schedule command to create a new schedule.
7.19.1 Structure
-
Command
-
<name>
A name for the schedule.
-
<comment>
?A comment on the schedule.
-
<copy>
?The UUID of an existing schedule.
-
<icalendar>
?iCalendar text containing the time data. Replaces first_time, duration and period..
-
<first_time>
?The first time the schedule will run.
-
<minute>
-
<hour>
-
<day_of_month>
-
<month>
-
<year>
-
<minute>
-
<duration>
?How long the Manager will run the scheduled task for.
-
<unit>
Duration time unit.
-
<unit>
-
<period>
?How often the Manager will repeat the scheduled task.
-
<unit>
Period time unit.
-
<unit>
-
<timezone>
?The timezone the schedule will follow.
-
<name>
- Response
7.19.2 RNC
create_schedule = element create_schedule { create_schedule_name & create_schedule_comment? & create_schedule_copy? & create_schedule_icalendar? & create_schedule_first_time? & create_schedule_duration? & create_schedule_period? & create_schedule_timezone? } create_schedule_name = element name { name } create_schedule_comment = element comment { text } create_schedule_copy = element copy { uuid } create_schedule_icalendar = element icalendar { text } create_schedule_first_time = element first_time { create_schedule_first_time_minute & create_schedule_first_time_hour & create_schedule_first_time_day_of_month & create_schedule_first_time_month & create_schedule_first_time_year } create_schedule_first_time_minute = element minute { integer } create_schedule_first_time_hour = element hour { integer } create_schedule_first_time_day_of_month = element day_of_month { integer } create_schedule_first_time_month = element month { integer } create_schedule_first_time_year = element year { integer } create_schedule_duration = element duration { create_schedule_duration_unit } create_schedule_duration_unit = element unit { time_unit } create_schedule_period = element period { create_schedule_period_unit } create_schedule_period_unit = element unit { time_unit } create_schedule_timezone = element timezone { timezone }
create_schedule_response = element create_schedule_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.19.3 Example: Create a schedule
<create_schedule> <name>Every night</name> <first_time> <day_of_month>1</day_of_month> <hour>0</hour> <minute>0</minute> <month>1</month> <year>2011</year> </first_time> <duration> 3 <unit>hour</unit> </duration> <period> 1 <unit>day</unit> </period> </create_schedule>
<create_schedule_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.20 Command create_tag
In short: Create a tag.
The client uses the create_tag command to create a new tag. A name and the resource type must be provided. If a resource ID is also given, it must refer to an existing resource.
7.20.1 Structure
-
Command
-
<name>
A full tag name consisting of namespace and predicate.
-
<resources>
Identifies the resources the tag is to be attached to.
- @filter (text) Filter term to select resources the tag is to be attached to.
-
<resource>
*
- @id (uuid) ID of a resource the tag is to be attached to.
-
<type>
GMP type of the resources the tag is to be attached to.
-
<copy>
?UUID of an existing tag to copy.
-
<value>
?Value associated with the tag.
-
<comment>
?Comment to add to the tag.
-
<active>
?Whether the tag is active.
-
<name>
- Response
7.20.2 RNC
create_tag = element create_tag { create_tag_name & create_tag_resources & create_tag_copy? & create_tag_value? & create_tag_comment? & create_tag_active? } create_tag_name = element name { text } create_tag_resources = element resources { attribute filter { text }? & create_tag_resources_resource* & create_tag_resources_type } create_tag_resources_resource = element resource { attribute id { uuid }? } create_tag_resources_type = element type { text } create_tag_copy = element copy { uuid } create_tag_value = element value { text } create_tag_comment = element comment { text } create_tag_active = element active { boolean }
create_tag_response = element create_tag_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.20.3 Example: Create a tag attached to a target
<create_tag> <name>geo:long</name> <resource id="b493b7a8-7489-11df-a3ec-002264764cea"> <type>target</type> </resource> <value>52.2788</value> </create_tag>
<create_tag_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.21 Command create_target
In short: Create a target.
The client uses the create_target command to create a new target.
If the list of hosts is empty, the command must also include a target locator.
7.21.1 Structure
-
Command
-
<name>
A name for the target.
-
<comment>
?A comment on the target.
-
<copy>
?The UUID of an existing target.
-
One of
-
<asset_hosts>
Hosts from which to create the target.
- @filter (text) Filter term that defines the list of hosts.
-
<hosts>
A comma-separated list of hosts, which may be empty.
-
<asset_hosts>
-
<exclude_hosts>
?A list of hosts to exclude.
-
<ssh_credential>
?SSH login credentials for target.
- @id (uuid)
-
<port>
?The port the LSCs will use.
-
<smb_credential>
?SMB login credentials for target.
- @id (uuid)
-
<esxi_credential>
?ESXi credential to use on target.
- @id (uuid)
-
<snmp_credential>
?SNMP credentials to use on target.
- @id (uuid)
-
<ssh_lsc_credential>
?Deprecated: use ssh_credential. SSH credential.
- @id (uuid)
-
<port>
?The port the LSCs will use.
-
<smb_lsc_credential>
?Deprecated: use ssh_credential. SMB credential.
- @id (uuid)
-
<esxi_lsc_credential>
?Deprecated: use esxi_credential. ESXi credential.
- @id (uuid)
-
<alive_tests>
?Which alive tests to use.
-
<reverse_lookup_only>
?Whether to scan only hosts that have names.
-
<reverse_lookup_unify>
?Whether to scan only one IP when multiple IPs have the same name.
-
<port_range>
?Comma separated list of port ranges for the target (allowing whitespace).
-
<port_list>
?Port list for the target.
- @id (uuid)
-
<name>
- Response
7.21.2 RNC
create_target = element create_target { create_target_name & create_target_comment? & create_target_copy? & ( create_target_asset_hosts | create_target_hosts ) & create_target_exclude_hosts? & create_target_ssh_credential? & create_target_smb_credential? & create_target_esxi_credential? & create_target_snmp_credential? & create_target_ssh_lsc_credential? & create_target_smb_lsc_credential? & create_target_esxi_lsc_credential? & create_target_alive_tests? & create_target_reverse_lookup_only? & create_target_reverse_lookup_unify? & create_target_port_range? & create_target_port_list? } create_target_name = element name { name } create_target_comment = element comment { text } create_target_copy = element copy { uuid } create_target_asset_hosts = element asset_hosts { attribute filter { text } } create_target_hosts = element hosts { text } create_target_exclude_hosts = element exclude_hosts { text } create_target_ssh_credential = element ssh_credential { attribute id { uuid } & create_target_ssh_credential_port? } create_target_ssh_credential_port = element port { text } create_target_smb_credential = element smb_credential { attribute id { uuid } } create_target_esxi_credential = element esxi_credential { attribute id { uuid } } create_target_snmp_credential = element snmp_credential { attribute id { uuid } } create_target_ssh_lsc_credential = element ssh_lsc_credential { attribute id { uuid } & create_target_ssh_lsc_credential_port? } create_target_ssh_lsc_credential_port = element port { text } create_target_smb_lsc_credential = element smb_lsc_credential { attribute id { uuid } } create_target_esxi_lsc_credential = element esxi_lsc_credential { attribute id { uuid } } create_target_alive_tests = element alive_tests { alive_test } create_target_reverse_lookup_only = element reverse_lookup_only { boolean } create_target_reverse_lookup_unify = element reverse_lookup_unify { boolean } create_target_port_range = element port_range { port_range } create_target_port_list = element port_list { attribute id { uuid } }
create_target_response = element create_target_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.21.3 Example: Create a target, giving a host list
<create_target> <name>All GNU/Linux machines</name> <hosts>192.168.1.0/24</hosts> </create_target>
<create_target_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.22 Command create_task
In short: Create a task.
The client uses the create_task command to create a new task.
When given a target with an id of 0, the command creates a "container" task. This kind of task can not be run, but it is possible to import reports into the task. Importing is done using the create_report command. The report being imported must be in the XML format.
When creating a container task, the elements config, hosts_ordering, scanner, alert, schedule, schedule_periods, observers and preferences are ignored.
7.22.1 Structure
-
Command
-
<name>
A name for the task.
-
<comment>
?A comment on the task.
-
<copy>
?The UUID of an existing task.
-
<alterable>
?Whether the task is alterable.
-
<usage_type>
?Usage type for the task (scan or audit), defaulting to scan.
-
<config>
The scan configuration used by the task.
- @id (uuid)
-
<target>
The hosts scanned by the task.
- @id (uuid)
-
<hosts_ordering>
?The order hosts are scanned in.
-
<scanner>
The scanner to use for scanning the target.
- @id (uuid)
-
<alert>
*An alert that applies to the task.
- @id (uuid)
-
<schedule>
?When the task will run.
- @id (uuid)
-
<schedule_periods>
?A limit to the number of times the task will be scheduled, or 0 for no limit.
-
<observers>
?Users allowed to observe this task.
-
<preferences>
?
-
<preference>
*
-
<scanner_name>
Compact name of preference, from scanner.
-
<value>
-
<scanner_name>
-
<preference>
*
-
<name>
- Response
7.22.2 RNC
create_task = element create_task { create_task_name & create_task_comment? & create_task_copy? & create_task_alterable? & create_task_usage_type? & create_task_config & create_task_target & create_task_hosts_ordering? & create_task_scanner & create_task_alert* & create_task_schedule? & create_task_schedule_periods? & create_task_observers? & create_task_preferences? } create_task_name = element name { name } create_task_comment = element comment { text } create_task_copy = element copy { uuid } create_task_alterable = element alterable { boolean } create_task_usage_type = element usage_type { xsd:token { pattern = "scan|audit" } } create_task_config = element config { attribute id { uuid } } create_task_target = element target { attribute id { uuid } } create_task_hosts_ordering = element hosts_ordering { text } create_task_scanner = element scanner { attribute id { uuid } } create_task_alert = element alert { attribute id { uuid } } create_task_schedule = element schedule { attribute id { uuid } } create_task_schedule_periods = element schedule_periods { integer } create_task_observers = element observers { user_list } create_task_preferences = element preferences { create_task_preferences_preference* } create_task_preferences_preference = element preference { create_task_preferences_preference_scanner_name & create_task_preferences_preference_value } create_task_preferences_preference_scanner_name = element scanner_name { text } create_task_preferences_preference_value = element value { text }
create_task_response = element create_task_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.22.3 Example: Create a task, giving a host list
<create_task> <name>Scan Webserver</name> <comment>Hourly scan of the webserver</comment> <config id="daba56c8-73ec-11df-a475-002264764cea"/> <target id="b493b7a8-7489-11df-a3ec-002264764cea"/> <scanner id="15348381-3180-213f-4eec-123591912388"/> </create_task>
<create_task_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.22.3 Example: Create a container task, for importing reports
<create_task> <name>Container Example</name> <comment>This task provides for importing reports</comment> <target id="0"/> </create_task>
<create_task_response status="201" status_text="OK, resource created" id="b7f0afbe-bdb3-11e9-9847-28d24461215b"/>
7.23 Command create_ticket
In short: Create a ticket.
The client uses the create_ticket command to create a new ticket.
7.23.1 Structure
- Command
- Response
7.23.2 RNC
create_ticket = element create_ticket { create_ticket_comment? & create_ticket_copy? & create_ticket_result & create_ticket_assigned_to & create_ticket_open_note } create_ticket_comment = element comment { text } create_ticket_copy = element copy { uuid } create_ticket_result = element result { attribute id { uuid } } create_ticket_assigned_to = element assigned_to { create_ticket_assigned_to_user } create_ticket_assigned_to_user = element user { attribute id { uuid } } create_ticket_open_note = element open_note { text }
create_ticket_response = element create_ticket_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.23.3 Example: Create a ticket
<create_ticket> <result id="138c1216-4acb-4ded-bef3-7fab80eac8c7"/> <assigned_to> <user id="33e92d3e-a379-4c46-a4cf-88c8201ab710"/> </assigned_to> <open_note>Please fix today.</open_note> </create_ticket>
<create_ticket_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
7.24 Command create_tls_certificate
In short: Create a TLS certificate.
The client uses the create_tls_certificate command to create a new TLS certificate.
TLS certificates owned by the current user must have unique fingerprints, so copying will only work with fingerprints owned by another user.
7.24.1 Structure
-
Command
-
<comment>
?A comment on the TLS certificate.
-
<copy>
?The UUID of an existing TLS certificate.
-
<name>
?The name of the certificate, defaulting to the MD5 fingerprint.
-
<trust>
?Whether the certificate is trusted.
-
<certificate>
The Base64 encoded certificate data (x.509 DER or PEM).
-
<comment>
?
- Response
7.24.2 RNC
create_tls_certificate = element create_tls_certificate { create_tls_certificate_comment? & create_tls_certificate_copy? & create_tls_certificate_name? & create_tls_certificate_trust? & create_tls_certificate_certificate } create_tls_certificate_comment = element comment { text } create_tls_certificate_copy = element copy { uuid } create_tls_certificate_name = element name { text } create_tls_certificate_trust = element trust { boolean } create_tls_certificate_certificate = element certificate { text }
create_tls_certificate_response = element create_tls_certificate_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.24.3 Example: Create a TLS certificate
<create_tls_certificate> <name>Example Certificate</name> <certificate>MIIDNjCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELM[...]</certificate> </create_tls_certificate>
<create_tls_certificate_response status="201" status_text="OK, resource created" id="8a925978-59d0-494b-a837-40b271569727"/>
7.25 Command create_user
In short: Create a user.
The client uses the create_user command to create a new user.
7.25.1 Structure
-
Command
-
<name>
The name of the user to be created.
-
<copy>
?The UUID of an existing user.
-
<comment>
?Comment for the user.
-
<hosts>
?User access rules: a comma-separated list of hosts.
- @allow (boolean) If 1, allow only listed, otherwise forbid listed.
-
<ifaces>
?User access rules: a comma-separated list of ifaces.
- @allow (boolean) If 1, allow only listed, otherwise forbid listed.
-
<password>
?The password for the user.
-
<role>
*A role of the user.
- @id (uuid)
-
<name>
- Response
7.25.2 RNC
create_user = element create_user { create_user_name & create_user_copy? & create_user_comment? & create_user_hosts? & create_user_ifaces? & create_user_password? & create_user_role* } create_user_name = element name { text } create_user_copy = element copy { uuid } create_user_comment = element comment { text } create_user_hosts = element hosts { text & attribute allow { boolean }? } create_user_ifaces = element ifaces { text & attribute allow { boolean }? } create_user_password = element password { text } create_user_role = element role { attribute id { uuid } }
create_user_response = element create_user_response { attribute status { status } & attribute status_text { text } & attribute id { uuid } }
7.25.3 Example: Create a user
<create_user> <name>foobar</name> <password>f00bar</password> <role id="8d453140-b74d-11e2-b0be-406186ea4fc5"/> </create_user>
<create_user_response status="201" status_text="OK, resource created"/>
7.26 Command delete_agent
In short: Delete an agent.
The client uses the delete_agent command to delete an existing agent.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.26.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.26.2 RNC
delete_agent = element delete_agent { attribute agent_id { uuid } & attribute ultimate { boolean } }
delete_agent_response = element delete_agent_response { attribute status { status } & attribute status_text { text } }
7.26.3 Example: Delete an agent
<delete_agent agent_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_agent_response status="200" status_text="OK"/>
7.27 Command delete_asset
In short: Delete an asset.
The client uses the delete_asset command to delete an existing asset.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.27.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.27.2 RNC
delete_asset = element delete_asset { ( attribute asset_id { uuid } | attribute report_id { uuid } ) }
delete_asset_response = element delete_asset_response { attribute status { status } & attribute status_text { text } }
7.27.3 Example: Delete a asset
<delete_asset asset_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_asset_response status="200" status_text="OK"/>
7.28 Command delete_config
In short: Delete a config.
The client uses the delete_config command to delete an existing config.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.28.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.28.2 RNC
delete_config = element delete_config { attribute config_id { uuid } & attribute ultimate { boolean } }
delete_config_response = element delete_config_response { attribute status { status } & attribute status_text { text } }
7.28.3 Example: Delete a config
<delete_config config_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_config_response status="200" status_text="OK"/>
7.29 Command delete_alert
In short: Delete an alert.
The client uses the delete_alert command to delete an existing alert.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.29.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.29.2 RNC
delete_alert = element delete_alert { attribute alert_id { uuid } & attribute ultimate { boolean } }
delete_alert_response = element delete_alert_response { attribute status { status } & attribute status_text { text } }
7.29.3 Example: Delete an alert
<delete_alert alert_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_alert_response status="200" status_text="OK"/>
7.30 Command delete_credential
In short: Delete a credential.
The client uses the delete_credential command to delete an existing credential.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.30.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.30.2 RNC
delete_credential = element delete_credential { attribute credential_id { uuid } & attribute ultimate { boolean } }
delete_credential_response = element delete_credential_response { attribute status { status } & attribute status_text { text } }
7.30.3 Example: Delete a credential
<delete_credential credential_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_credential_response status="200" status_text="OK"/>
7.31 Command delete_filter
In short: Delete a filter.
The client uses the delete_filter command to delete an existing filter.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.31.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.31.2 RNC
delete_filter = element delete_filter { attribute filter_id { uuid } & attribute ultimate { boolean } }
delete_filter_response = element delete_filter_response { attribute status { status } & attribute status_text { text } }
7.31.3 Example: Delete a filter
<delete_filter filter_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_filter_response status="200" status_text="OK"/>
7.32 Command delete_group
In short: Delete a group.
The client uses the delete_group command to delete an existing group.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.32.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.32.2 RNC
delete_group = element delete_group { attribute group_id { uuid } & attribute ultimate { boolean } }
delete_group_response = element delete_group_response { attribute status { status } & attribute status_text { text } }
7.32.3 Example: Delete a group
<delete_group group_id="d94211b6-ba40-11e3-bcb1-406186ea4fc5"/>
<delete_group_response status="200" status_text="OK"/>
7.33 Command delete_note
In short: Delete a note.
The client uses the delete_note command to delete an existing note.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.33.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.33.2 RNC
delete_note = element delete_note { attribute note_id { uuid } & attribute ultimate { boolean } }
delete_note_response = element delete_note_response { attribute status { status } & attribute status_text { text } }
7.33.3 Example: Delete a note
<delete_note note_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_note_response status="200" status_text="OK"/>
7.34 Command delete_override
In short: Delete an override.
The client uses the delete_override command to delete an existing override.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.34.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.34.2 RNC
delete_override = element delete_override { attribute override_id { uuid } & attribute ultimate { boolean } }
delete_override_response = element delete_override_response { attribute status { status } & attribute status_text { text } }
7.34.3 Example: Delete an override
<delete_override override_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_override_response status="200" status_text="OK"/>
7.35 Command delete_report
In short: Delete a report.
The client uses the delete_report command to delete an existing report.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.35.1 Structure
7.35.2 RNC
delete_report = element delete_report { attribute report_id { uuid } }
delete_report_response = element delete_report_response { attribute status { status } & attribute status_text { text } }
7.35.3 Example: Delete a report
<delete_report report_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_report_response status="200" status_text="OK"/>
7.36 Command delete_permission
In short: Delete a permission.
The client uses the delete_permission command to delete an existing permission.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.36.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.36.2 RNC
delete_permission = element delete_permission { attribute permission_id { uuid } & attribute ultimate { boolean } }
delete_permission_response = element delete_permission_response { attribute status { status } & attribute status_text { text } }
7.36.3 Example: Delete a permission
<delete_permission permission_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_permission_response status="200" status_text="OK"/>
7.37 Command delete_port_list
In short: Delete a port list.
The client uses the delete_port_list command to delete an existing port list.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.37.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.37.2 RNC
delete_port_list = element delete_port_list { attribute port_list_id { uuid } & attribute ultimate { boolean } }
delete_port_list_response = element delete_port_list_response { attribute status { status } & attribute status_text { text } }
7.37.3 Example: Delete a port list
<delete_port_list port_list_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_port_list_response status="200" status_text="OK"/>
7.38 Command delete_port_range
In short: Delete a port range.
The client uses the delete_port_range command to delete an existing port range.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.38.1 Structure
7.38.2 RNC
delete_port_range = element delete_port_range { attribute port_range_id { uuid } }
delete_port_range_response = element delete_port_range_response { attribute status { status } & attribute status_text { text } }
7.38.3 Example: Delete a port range
<delete_port_range port_range_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_port_range_response status="200" status_text="OK"/>
7.39 Command delete_report_format
In short: Delete a report format.
The client uses the delete_report_format command to delete an existing report format.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.39.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.39.2 RNC
delete_report_format = element delete_report_format { attribute report_format_id { uuid } & attribute ultimate { boolean } }
delete_report_format_response = element delete_report_format_response { attribute status { status } & attribute status_text { text } }
7.39.3 Example: Delete a report format
<delete_report_format report_format_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_report_format_response status="200" status_text="OK"/>
7.40 Command delete_role
In short: Delete a role.
The client uses the delete_role command to delete an existing role.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.40.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.40.2 RNC
delete_role = element delete_role { attribute role_id { uuid } & attribute ultimate { boolean } }
delete_role_response = element delete_role_response { attribute status { status } & attribute status_text { text } }
7.40.3 Example: Delete a role
<delete_role role_id="b64c81b2-b9de-11e3-a2e9-406186ea4fc5"/>
<delete_role_response status="200" status_text="OK"/>
7.41 Command delete_scanner
In short: Delete a scanner.
The client uses the delete_scanner command to delete an existing scanner.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.41.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.41.2 RNC
delete_scanner = element delete_scanner { attribute scanner_id { uuid } & attribute ultimate { boolean } }
delete_scanner_response = element delete_scanner_response { attribute status { status } & attribute status_text { text } }
7.41.3 Example: Delete a scanner
<delete_scanner scanner_id="817a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_scanner_response status="200" status_text="OK"/>
7.42 Command delete_schedule
In short: Delete a schedule.
The client uses the delete_schedule command to delete an existing schedule.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.42.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.42.2 RNC
delete_schedule = element delete_schedule { attribute schedule_id { uuid } & attribute ultimate { boolean } }
delete_schedule_response = element delete_schedule_response { attribute status { status } & attribute status_text { text } }
7.42.3 Example: Delete a schedule
<delete_schedule schedule_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_schedule_response status="200" status_text="OK"/>
7.43 Command delete_tag
In short: Delete a tag.
The client uses the delete_tag command to delete an existing tag.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.43.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.43.2 RNC
delete_tag = element delete_tag { attribute tag_id { uuid } & attribute ultimate { boolean } }
delete_tag_response = element delete_tag_response { attribute status { status } & attribute status_text { text } }
7.43.3 Example: Delete a tag
<delete_tag target_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_tag_response status="200" status_text="OK"/>
7.44 Command delete_target
In short: Delete a target.
The client uses the delete_target command to delete an existing target.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.44.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.44.2 RNC
delete_target = element delete_target { attribute target_id { uuid } & attribute ultimate { boolean } }
delete_target_response = element delete_target_response { attribute status { status } & attribute status_text { text } }
7.44.3 Example: Delete a target
<delete_target target_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_target_response status="200" status_text="OK"/>
7.45 Command delete_task
In short: Delete a task.
The client uses the delete_task command to delete an existing task, including all reports associated with the task.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.45.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.45.2 RNC
delete_task = element delete_task { attribute task_id { uuid } & attribute ultimate { boolean } }
delete_task_response = element delete_task_response { attribute status { status } & attribute status_text { text } }
7.45.3 Example: Delete a task
<delete_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_task_response status="200" status_text="OK"/>
7.46 Command delete_ticket
In short: Delete a ticket.
The client uses the delete_ticket command to delete an existing ticket.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.46.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
7.46.2 RNC
delete_ticket = element delete_ticket { attribute ticket_id { uuid } & attribute ultimate { boolean } }
delete_ticket_response = element delete_ticket_response { attribute status { status } & attribute status_text { text } }
7.46.3 Example: Delete a ticket
<delete_ticket ticket_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>
<delete_ticket_response status="200" status_text="OK"/>
7.47 Command delete_user
In short: Delete a user.
The client uses the delete_user command to delete an existing user.
Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
7.47.1 Structure
-
Command
-
One of
- @user_id (uuid) The ID of the user to be deleted. Overrides name.
- @name (text) The name of the user to be deleted.
-
One of?
- @inheritor_id (text) The ID of the inheriting user or "self". Overrides inheritor_name.
- @inheritor_name (text) The name of the inheriting user.
-
One of
-
Response
- @status (status)
- @status_text (text)
7.47.2 RNC
delete_user = element delete_user { ( attribute user_id { uuid } | attribute name { text } ) & ( attribute inheritor_id { text } | attribute inheritor_name { text } )? }
delete_user_response = element delete_user_response { attribute status { status } & attribute status_text { text } }
7.47.3 Example: Delete a user
<delete_user name="foobar"/>
<delete_user_response status="200" status_text="OK"/>
7.48 Command describe_auth
In short: Describe authentication methods.
The client uses the "describe_auth" command to get details about the used authentication methods.
The Manager will reply with a list of all used authentication methods if such a list is available.
7.48.1 Structure
-
Command
- Empty single element.
-
Response
- @status (status)
- @status_text (text)
-
<group>
Config group.
- @name (text)
-
<auth_conf_setting>
-
<key>
Setting name.
-
<value>
Setting value.
-
<certificate_info>
?
Info about the certificate.
-
<key>
7.48.2 RNC
describe_auth = element describe_auth { "" }
describe_auth_response = element describe_auth_response { attribute status { status } & attribute status_text { text } & describe_auth_response_group } describe_auth_response_group = element group { attribute name { text } & describe_auth_response_group_auth_conf_setting } describe_auth_response_group_auth_conf_setting = element auth_conf_setting { describe_auth_response_group_auth_conf_setting_key & describe_auth_response_group_auth_conf_setting_value & describe_auth_response_group_auth_conf_setting_certificate_info? } describe_auth_response_group_auth_conf_setting_key = element key { text } describe_auth_response_group_auth_conf_setting_value = element value { text } describe_auth_response_group_auth_conf_setting_certificate_info = element certificate_info # type certificate_info { certificate_info_time_status & certificate_info_activation_time & certificate_info_expiration_time & certificate_info_issuer & certificate_info_md5_fingerprint }
7.48.3 Example: Describe the authentication methods
<describe_auth/>
<describe_auth_response status="200" status_text="OK"> <group name="Foo"> <auth_conf_setting> <key>Bar</key> <value>Baz</value> </auth_conf_setting> </group> </describe_auth_response>
7.49 Command empty_trashcan
In short: Empty the trashcan.
The client uses the empty_trashcan command to empty the trashcan.
7.49.1 Structure
-
Command
- Empty single element.
-
Response
- @status (status)
- @status_text (text)
7.49.2 RNC
empty_trashcan = element empty_trashcan { "" }
empty_trashcan_response = element empty_trashcan_response { attribute status { status } & attribute status_text { text } }
7.49.3 Example: Empty the trashcan
<empty_trashcan/>
<empty_trashcan_response status="200" status_text="OK"/>
7.50 Command get_agents
In short: Get one or many agents.
The client uses the get_agents command to get agent information. If the command sent by the client was valid, the manager will reply with a list of agents to the client.
If the request includes a format then the agents in the response include installer elements, otherwise they include trust state and time. If the details attribute is set, the response will include the installer.
7.50.1 Structure
-
Command
- @agent_id (uuid) ID of single agent to get.
- @filter (text) Filter term to use to filter query.
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan agents instead.
- @details (boolean) Whether to include agents package information when no format was provided.
- @format ("installer", "howto_install" or "howto_use")
-
Response
- @status (status)
- @status_text (text)
-
<agent>
*
- @id (uuid)
-
<owner>
Owner of the agent.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the agent.
-
<comment>
The comment on the agent.
-
<creation_time>
Date and time the agent was created.
-
<modification_time>
Date and time the agent was last modified.
-
<in_use>
Whether the agent is in use.
-
<writable>
Whether the agent is writable.
-
<permissions>
Permissions that the current user has on the agent.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the agent.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
One of
-
<installer>
-
<trust>
Whether signature verification succeeded.
-
<time>
When the signature was verified.
-
<time>
-
<trust>
-
<package>
Either the installer or one of the HOWTOs.
-
<filename>
The filename of the package.
-
<filename>
-
<installer>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <agents>
-
<agent_count>
-
<filtered>
Number of agents after filtering.
-
<page>
Number of agents on current page.
-
<filtered>
7.50.2 RNC
get_agents = element get_agents { attribute agent_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute details { boolean }? & attribute format { xsd:token { pattern = "installer|howto_install|howto_use" } }? }
get_agents_response = element get_agents_response { attribute status { status } & attribute status_text { text } & get_agents_response_agent* & get_agents_response_filters & get_agents_response_sort & get_agents_response_agents & get_agents_response_agent_count } get_agents_response_agent = element agent { attribute id { uuid } & get_agents_response_agent_owner & get_agents_response_agent_name & get_agents_response_agent_comment & get_agents_response_agent_creation_time & get_agents_response_agent_modification_time & get_agents_response_agent_in_use & get_agents_response_agent_writable & get_agents_response_agent_permissions & get_agents_response_agent_user_tags? & ( get_agents_response_agent_installer | get_agents_response_agent_package ) } get_agents_response_agent_owner = element owner { get_agents_response_agent_owner_name } get_agents_response_agent_owner_name = element name { name } get_agents_response_agent_name = element name { name } get_agents_response_agent_comment = element comment { text } get_agents_response_agent_creation_time = element creation_time { iso_time } get_agents_response_agent_modification_time = element modification_time { iso_time } get_agents_response_agent_in_use = element in_use { boolean } get_agents_response_agent_writable = element writable { boolean } get_agents_response_agent_permissions = element permissions { get_agents_response_agent_permissions_permission* } get_agents_response_agent_permissions_permission = element permission { get_agents_response_agent_permissions_permission_name } get_agents_response_agent_permissions_permission_name = element name { name } get_agents_response_agent_user_tags = element user_tags { get_agents_response_agent_user_tags_count & get_agents_response_agent_user_tags_tag* } get_agents_response_agent_user_tags_count = element count { integer } get_agents_response_agent_user_tags_tag = element tag { attribute id { uuid } & get_agents_response_agent_user_tags_tag_name & get_agents_response_agent_user_tags_tag_value & get_agents_response_agent_user_tags_tag_comment } get_agents_response_agent_user_tags_tag_name = element name { text } get_agents_response_agent_user_tags_tag_value = element value { text } get_agents_response_agent_user_tags_tag_comment = element comment { text } get_agents_response_agent_installer = element installer { get_agents_response_agent_installer_trust } get_agents_response_agent_installer_trust = element trust { text # RNC limitation: xsd:token { pattern = "yes|no|unknown" } & get_agents_response_agent_installer_trust_time } get_agents_response_agent_installer_trust_time = element time { iso_time } get_agents_response_agent_package = element package { text # RNC limitation: base64 & get_agents_response_agent_package_filename } get_agents_response_agent_package_filename = element filename { text } get_agents_response_filters = element filters { attribute id { uuid } & get_agents_response_filters_term & get_agents_response_filters_name? & get_agents_response_filters_keywords } get_agents_response_filters_term = element term { text } get_agents_response_filters_name = element name { text } get_agents_response_filters_keywords = element keywords { get_agents_response_filters_keywords_keyword* } get_agents_response_filters_keywords_keyword = element keyword { get_agents_response_filters_keywords_keyword_column & get_agents_response_filters_keywords_keyword_relation & get_agents_response_filters_keywords_keyword_value } get_agents_response_filters_keywords_keyword_column = element column { text } get_agents_response_filters_keywords_keyword_relation = element relation { ERROR } get_agents_response_filters_keywords_keyword_value = element value { text } get_agents_response_sort = element sort { text & get_agents_response_sort_field } get_agents_response_sort_field = element field { get_agents_response_sort_field_order } get_agents_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_agents_response_agents = element agents { attribute start { integer } & attribute max { integer } } get_agents_response_agent_count = element agent_count { get_agents_response_agent_count_filtered & get_agents_response_agent_count_page } get_agents_response_agent_count_filtered = element filtered { integer } get_agents_response_agent_count_page = element page { integer }
7.50.3 Example: Get one or many agents
<get_agents/>
<get_agents_response status="200" status_text="OK"> <agent id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"> <name>Custom Scan Agent</name> <comment>Custom agent for use on the Web servers.</comment> <creation_time>2012-01-23T10:44:00+01:00</creation_time> <modification_time>2013-01-23T10:44:00+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <installer> <trust> yes <time>Wed Jun 30 21:49:08 2012</time> </trust> </installer> </agent> ... </get_agents_response>
7.50.3 Example: Get one agent
<get_agents agent_id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"/>
<get_agents_response status="200" status_text="OK"> <agent id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"> <name>Custom Scan Agent</name> <comment>Custom agent for use on the Web servers.</comment> <creation_time>2012-01-23T10:44:00+01:00</creation_time> <modification_time>2013-01-23T10:44:00+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <installer> <trust> yes <time>Wed Jun 30 21:49:08 2012</time> </trust> </installer> </agent> </get_agents_response>
7.50.3 Example: Get one agent, including the installer package
<get_agents agent_id="c33864a9-d3fd-44b3-8717-972bfb01dfcf" format="installer"/>
<get_agents_response status="200" status_text="OK"> <agent id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"> <name>Custom Scan Agent</name> <comment>Custom agent for use on the Web servers.</comment> <creation_time>2012-01-23T10:44:00+01:00</creation_time> <modification_time>2013-01-23T10:44:00+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <package format="installer"> CgoKCgoKCgoKCgoKCSAgI... <filename>agent.deb</filename> </package> </agent> </get_agents_response>
7.51 Command get_configs
In short: Get one or many configs.
The client uses the get_configs command to get config information. If the command sent by the client was valid, the manager will reply with a list of configs to the client.
7.51.1 Structure
-
Command
- @config_id (uuid) ID of single config to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column nvt_selector (uuid) NVT selector UUID
- column families_total (integer) Total number of selected NVT families
- column nvts_total (integer) Total number of selected NVTs
- column families_trend (boolean) Whether new NVT families will be added
- column nvts_trend (boolean) Whether new NVTs will be added
- column type ("0" or "1") The type of the config (0 = OpenVAS, 1 OSP)
- column usage_type ("scan" or "policy") Usage type
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan configs instead.
- @details (boolean) Whether to get config families, preferences, nvt selectors and tasks.
- @families (boolean) Whether to include the families if no details are requested.
- @preferences (boolean) Whether to include the preferences if no details are requested.
- @tasks (boolean) Whether to get tasks using this config.
- @usage_type ("policy", "scan" or "") Optional usage type to limit the configs to. Affects total count unlike filter.
-
Response
- @status (status)
- @status_text (text)
-
<config>
*
- @id (uuid)
-
<owner>
Owner of the config.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the config.
-
<comment>
The comment on the config.
-
<creation_time>
Creation time of the config.
-
<modification_time>
Last time the config was modified.
-
<family_count>
The number of families selected by the config.
-
<growing>
Whether new families are automatically added to the config.
-
<growing>
-
<nvt_count>
The number of NVTs selected by the config.
-
<growing>
Whether new NVTs are automatically added to the config.
-
<growing>
-
<type>
The type of the config (0 = OpenVAS, 1 OSP).
-
<usage_type>
The usage type of the config (scan or policy).
-
<max_nvt_count>
Total number of NVTs in the families selected by the config.
-
<known_nvt_count>
Total number of known NVTs selected by the config.
-
<scanner>
?The scanner used by the config if it is an OSP one.
- @id (uuid) UUID of the scanner.
-
<trash>
Whether the scanner is in the trashcan.
-
<in_use>
Whether any tasks are using the config.
-
<writable>
Whether any tasks are using the config, including trashcan tasks.
-
<permissions>
Permissions that the current user has on the target.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the config.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<tasks>
All tasks using the config.
-
<task>
*
- @id (uuid)
-
<name>
The name of the task.
-
<permissions>
?Permissions the user has on the task.
-
<task>
*
-
<families>
?All families selected by the config.
-
<family>
*
-
<name>
The name of the family.
-
<nvt_count>
The number of NVTs selected in the family.
-
<max_nvt_count>
The total number of NVTs in the family.
-
<growing>
Whether new NVTs in the family are automatically added to the selection.
-
<name>
-
<family>
*
-
<preferences>
?Preferences for all NVTs selected by the config.
-
<preference>
*
-
<nvt>
NVT to which preference applies.
- @oid (oid)
-
<name>
The name of the NVT.
-
<hr_name>
The full, more "human readable" name of the preference.
-
<name>
The compact name of the preference as used by the scanner.
-
<id>
The ID of the preference.
-
<type>
The type of the preference.
-
<value>
The value of the preference.
-
<default>
The default value of the preference.
-
<alt>
*An alternate value for the preference.
-
<nvt>
-
<preference>
*
-
<nvt_selectors>
?All NVT selectors of the config.
-
<nvt_selector>
*An NVT selector.
-
<name>
Name of the selector.
-
<include>
Whether the selector is an include selector.
-
<type>
Selector type: 0 = all, 1 = family, 2 = NVT.
-
<family_or_nvt>
Name of the family or OID of the NVT.
-
<name>
-
<nvt_selector>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <configs>
-
<config_count>
-
<filtered>
Number of configs after filtering.
-
<page>
Number of configs on current page.
-
<filtered>
7.51.2 RNC
get_configs = element get_configs { attribute config_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute details { boolean }? & attribute families { boolean }? & attribute preferences { boolean }? & attribute tasks { boolean }? & attribute usage_type { xsd:token { pattern = "policy|scan|" } }? }
get_configs_response = element get_configs_response { attribute status { status } & attribute status_text { text } & get_configs_response_config* & get_configs_response_filters & get_configs_response_sort & get_configs_response_configs & get_configs_response_config_count } get_configs_response_config = element config { attribute id { uuid } & get_configs_response_config_owner & get_configs_response_config_name & get_configs_response_config_comment & get_configs_response_config_creation_time & get_configs_response_config_modification_time & get_configs_response_config_family_count & get_configs_response_config_nvt_count & get_configs_response_config_type & get_configs_response_config_usage_type & get_configs_response_config_max_nvt_count & get_configs_response_config_known_nvt_count & get_configs_response_config_scanner? & get_configs_response_config_in_use & get_configs_response_config_writable & get_configs_response_config_permissions & get_configs_response_config_user_tags? & get_configs_response_config_tasks & get_configs_response_config_families? & get_configs_response_config_preferences? & get_configs_response_config_nvt_selectors? } get_configs_response_config_owner = element owner { get_configs_response_config_owner_name } get_configs_response_config_owner_name = element name { name } get_configs_response_config_name = element name { name } get_configs_response_config_comment = element comment { text } get_configs_response_config_creation_time = element creation_time { iso_time } get_configs_response_config_modification_time = element modification_time { iso_time } get_configs_response_config_family_count = element family_count { text # RNC limitation: integer & get_configs_response_config_family_count_growing } get_configs_response_config_family_count_growing = element growing { boolean } get_configs_response_config_nvt_count = element nvt_count { text # RNC limitation: integer & get_configs_response_config_nvt_count_growing } get_configs_response_config_nvt_count_growing = element growing { boolean } get_configs_response_config_type = element type { xsd:token { pattern = "0|1" } } get_configs_response_config_usage_type = element usage_type { xsd:token { pattern = "scan|policy" } } get_configs_response_config_max_nvt_count = element max_nvt_count { integer } get_configs_response_config_known_nvt_count = element known_nvt_count { integer } get_configs_response_config_scanner = element scanner { text # RNC limitation: text & attribute id { uuid } & get_configs_response_config_scanner_trash } get_configs_response_config_scanner_trash = element trash { boolean } get_configs_response_config_in_use = element in_use { boolean } get_configs_response_config_writable = element writable { boolean } get_configs_response_config_permissions = element permissions { get_configs_response_config_permissions_permission* } get_configs_response_config_permissions_permission = element permission { get_configs_response_config_permissions_permission_name } get_configs_response_config_permissions_permission_name = element name { name } get_configs_response_config_user_tags = element user_tags { get_configs_response_config_user_tags_count & get_configs_response_config_user_tags_tag* } get_configs_response_config_user_tags_count = element count { integer } get_configs_response_config_user_tags_tag = element tag { attribute id { uuid } & get_configs_response_config_user_tags_tag_name & get_configs_response_config_user_tags_tag_value & get_configs_response_config_user_tags_tag_comment } get_configs_response_config_user_tags_tag_name = element name { text } get_configs_response_config_user_tags_tag_value = element value { text } get_configs_response_config_user_tags_tag_comment = element comment { text } get_configs_response_config_tasks = element tasks { get_configs_response_config_tasks_task* } get_configs_response_config_tasks_task = element task { attribute id { uuid } & get_configs_response_config_tasks_task_name & get_configs_response_config_tasks_task_permissions? } get_configs_response_config_tasks_task_name = element name { name } get_configs_response_config_tasks_task_permissions = element permissions { "" } get_configs_response_config_families = element families { get_configs_response_config_families_family* } get_configs_response_config_families_family = element family { get_configs_response_config_families_family_name & get_configs_response_config_families_family_nvt_count & get_configs_response_config_families_family_max_nvt_count & get_configs_response_config_families_family_growing } get_configs_response_config_families_family_name = element name { name } get_configs_response_config_families_family_type = element type { integer } get_configs_response_config_families_family_nvt_count = element nvt_count { integer } get_configs_response_config_families_family_max_nvt_count = element max_nvt_count { integer } get_configs_response_config_families_family_growing = element growing { boolean } get_configs_response_config_preferences = element preferences { get_configs_response_config_preferences_preference* } get_configs_response_config_preferences_preference = element preference { get_configs_response_config_preferences_preference_nvt & get_configs_response_config_preferences_preference_hr_name & get_configs_response_config_preferences_preference_name & get_configs_response_config_preferences_preference_id & get_configs_response_config_preferences_preference_type & get_configs_response_config_preferences_preference_value & get_configs_response_config_preferences_preference_default & get_configs_response_config_preferences_preference_alt* } get_configs_response_config_preferences_preference_nvt = element nvt { attribute oid { oid } & get_configs_response_config_preferences_preference_nvt_name } get_configs_response_config_preferences_preference_nvt_name = element name { name } get_configs_response_config_preferences_preference_hr_name = element hr_name { name } get_configs_response_config_preferences_preference_name = element name { name } get_configs_response_config_preferences_preference_id = element id { text } get_configs_response_config_preferences_preference_type = element type { text } get_configs_response_config_preferences_preference_value = element value { text } get_configs_response_config_preferences_preference_default = element default { text } get_configs_response_config_preferences_preference_alt = element alt { text } get_configs_response_config_nvt_selectors = element nvt_selectors { get_configs_response_config_nvt_selectors_nvt_selector* } get_configs_response_config_nvt_selectors_nvt_selector = element nvt_selector { get_configs_response_config_nvt_selectors_nvt_selector_name & get_configs_response_config_nvt_selectors_nvt_selector_include & get_configs_response_config_nvt_selectors_nvt_selector_type & get_configs_response_config_nvt_selectors_nvt_selector_family_or_nvt } get_configs_response_config_nvt_selectors_nvt_selector_name = element name { text } get_configs_response_config_nvt_selectors_nvt_selector_include = element include { boolean } get_configs_response_config_nvt_selectors_nvt_selector_type = element type { integer } get_configs_response_config_nvt_selectors_nvt_selector_family_or_nvt = element family_or_nvt { text } get_configs_response_filters = element filters { attribute id { uuid } & get_configs_response_filters_term & get_configs_response_filters_name? & get_configs_response_filters_keywords } get_configs_response_filters_term = element term { text } get_configs_response_filters_name = element name { text } get_configs_response_filters_keywords = element keywords { get_configs_response_filters_keywords_keyword* } get_configs_response_filters_keywords_keyword = element keyword { get_configs_response_filters_keywords_keyword_column & get_configs_response_filters_keywords_keyword_relation & get_configs_response_filters_keywords_keyword_value } get_configs_response_filters_keywords_keyword_column = element column { text } get_configs_response_filters_keywords_keyword_relation = element relation { ERROR } get_configs_response_filters_keywords_keyword_value = element value { text } get_configs_response_sort = element sort { text & get_configs_response_sort_field } get_configs_response_sort_field = element field { get_configs_response_sort_field_order } get_configs_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_configs_response_configs = element configs { attribute start { integer } & attribute max { integer } } get_configs_response_config_count = element config_count { get_configs_response_config_count_filtered & get_configs_response_config_count_page } get_configs_response_config_count_filtered = element filtered { integer } get_configs_response_config_count_page = element page { integer }
7.51.3 Example: Get one or many configs
<get_configs/>
<get_configs_response status="200" status_text="OK"> <config id="daba56c8-73ec-11df-a475-002264764cea"> <name>Full and fast</name> <comment> All NVT's; optimized by using previously collected information. </comment> <creation_time>2012-11-23T10:44:00+01:00</creation_time> <modification_time>2013-01-23T10:44:00+01:00</modification_time> <family_count> 4 <growing>1</growing> </family_count> <nvt_count> 12 <growing>1</growing> </nvt_count> <in_use>1</in_use> <writable>0</writable> </config> ... </get_configs_response>
7.51.3 Example: Get a single config, including preference, family lists and tasks using this config
<get_configs config_id="daba56c8-73ec-11df-a475-002264764cea" preferences="1" families="1" tasks="1"/>
<get_configs_response status="200" status_text="OK"> <config id="daba56c8-73ec-11df-a475-002264764cea"> <name>Full and fast</name> <comment> All NVT's; optimized by using previously collected information. </comment> <family_count> 4 <growing>1</growing> </family_count> <nvt_count> 12 <growing>1</growing> </nvt_count> <in_use>1</in_use> <tasks> <task id="13bb418a-4220-4575-b35b-ec398bff7417"> <name>Web Servers</name> </task> ... </tasks> <families> <family> <name>Credentials</name> <nvt_count>8</nvt_count> <max_nvt_count>8</max_nvt_count> <growing>1</growing> </family> ... </families> <preferences> <preference> <nvt oid="1.3.6.1.4.1.25623.1.0.10330"> <name>Services</name> </nvt> <id>1</id> <name>Network connection timeout :</name> <type>entry</type> <value>5</value> </preference> ... </preferences> </config> ... </get_configs_response>
7.52 Command get_aggregates
In short: Get aggregates of various resources.
The client uses the get_aggregate command to get aggregated data like counts or averages of various resources.
Unlike other get_... commands, get_aggregates ignores the filter keywords "first" and "rows". It also does not support selecting single items by id or getting items from the trashcan.
7.52.1 Structure
-
Command
- @filter (text) Filter term to use to filter query of the resources to aggregate (see get_... commands of selected type for keywords).
- @filt_id (uuid) ID of filter to use to filter query of the resources to aggregate.
- @type (text) The GMP resource type to gather data from.
- @data_column (text) A single column to get the data to aggregate from.
- @group_column (text) The field to group the resources by.
- @subgroup_column (text) The field to further group the resources inside groups by.
- @sort_field (text) The column to sort the aggregated rows by. With a subgroup column, groups will be sorted by the group_column first..
- @sort_order ("ascending" or "descending") The order to sort by.
- @sort_stat ("min", "max", "mean", "sum", "count" or "value") The statistic to sort the aggregated rows by.
- @first_group (integer) The index of the first aggregate group to return.
- @max_groups (integer) The maximum number of aggregate groups to return, -1 for all.
- @mode ("" or "word_counts") Special mode for aggregation.
- @usage_type ("audit", "policy", "scan" or "") Optional usage type to limit configs and tasks to.
-
<sort>
*Optional tuples of sort criteria.
- @sort_field (text) The column to sort the aggregated rows by. With a subgroup column, groups will be sorted by the group_column first..
- @sort_order ("ascending" or "descending") The order to sort by.
- @sort_stat ("min", "max", "mean", "sum", "count" or "value") The statistic to sort the aggregated rows by.
-
<data_column>
*(text)A column to get the data to aggregate from.
-
<text_column>
*(text)A simple text column which no statistics are calculated for.
-
Response
- @status (status)
- @status_text (text)
-
<aggregate>
*A collection of aggregated data of the selected type.
-
<data_type>
The resource type the data is aggregated from.
-
<data_column>
*A column the data is aggregated from.
-
<group_column>
?The column the data is grouped by.
-
<text_column>
*A simple text column.
-
One of
-
<group>
*Aggregate data for a group of resources.
-
<value>
Value of the group column.
-
<subgroup>
*Aggregate data for a subgroup of resources.
-
<value>
Value of the subgroup column.
-
<count>
Number of resources in the subgroup.
-
<c_count>
Cumulative number of resources in the current subgroup.
-
<stats>
*Statistics of a data column for the current subgroup.
- @column (text) Name of the column the stats apply to.
-
<min>
Minimum value of the data column.
-
<max>
Maximum value of the data column.
-
<mean>
Arithmetic mean of the numeric values of the data.
-
<sum>
Sum of the numeric values of the data column.
-
<c_sum>
Cumulative sum of the data column.
-
<value>
-
<count>
Number of resources in the group.
-
<c_count>
Cumulative number of resources in all groups up to and including the current one.
-
<stats>
*Statistics of a data column.
- @column (text) Name of the column the stats apply to.
-
<min>
Minimum value of the data column.
-
<max>
Maximum value of the data column.
-
<mean>
Arithmetic mean of the numeric values of the data.
-
<sum>
Sum of the numeric values of the data column.
-
<c_sum>
Cumulative sum of the numeric values of the data column for all groups up to and including the current one.
-
<text>
*The value of a simple text column..
- @name (text) Name of the text column.
-
<value>
-
<overall>
Aggregate data for all resources of the selected type.
-
<count>
Overall number of resources.
-
<min>
Overall minimum value of the data column.
-
<max>
Overall maximum value of the data column.
-
<mean>
Overall arithmetic mean of the numeric values of the data.
-
<sum>
Overall sum of the numeric values of the data column.
-
<count>
-
<group>
*
-
<subgroups>
?Overview of all subgroup values.
-
<value>
*Value of the subgroup column.
-
<value>
*
-
<column_info>
Info on the aggregate columns.
-
<aggregate_column>
*Info on one column of the aggregate.
-
<name>
Name of the column as it appears in the group or overall element.
-
<stat>
The type of statistic in the column, e.g. min, max, mean.
-
<type>
The resource type.
-
<column>
Name of the column in the non-aggregated table.
-
<data_type>
The data type of the column, e.g. integer, text, cvss.
-
<name>
-
<aggregate_column>
*
-
<data_type>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
7.52.2 RNC
get_aggregates = element get_aggregates { attribute filter { text }? & attribute filt_id { uuid }? & attribute type { text } & attribute data_column { text }? & attribute group_column { text }? & attribute subgroup_column { text }? & attribute sort_field { text }? & attribute sort_order { xsd:token { pattern = "ascending|descending" } }? & attribute sort_stat { xsd:token { pattern = "min|max|mean|sum|count|value" } }? & attribute first_group { integer }? & attribute max_groups { integer }? & attribute mode { xsd:token { pattern = "|word_counts" } }? & attribute usage_type { xsd:token { pattern = "audit|policy|scan|" } }? & get_aggregates_sort* & get_aggregates_data_column* & get_aggregates_text_column* } get_aggregates_sort = element sort { attribute sort_field { text }? & attribute sort_order { xsd:token { pattern = "ascending|descending" } }? & attribute sort_stat { xsd:token { pattern = "min|max|mean|sum|count|value" } }? } get_aggregates_data_column = element data_column # type text { } get_aggregates_text_column = element text_column # type text { }
get_aggregates_response = element get_aggregates_response { attribute status { status } & attribute status_text { text } & get_aggregates_response_aggregate* & get_aggregates_response_filters } get_aggregates_response_aggregate = element aggregate { get_aggregates_response_aggregate_data_type & get_aggregates_response_aggregate_data_column* & get_aggregates_response_aggregate_group_column? & get_aggregates_response_aggregate_text_column* & ( get_aggregates_response_aggregate_group* | get_aggregates_response_aggregate_overall ) & get_aggregates_response_aggregate_subgroups? & get_aggregates_response_aggregate_column_info } get_aggregates_response_aggregate_data_type = element data_type { text } get_aggregates_response_aggregate_data_column = element data_column { text } get_aggregates_response_aggregate_group_column = element group_column { text } get_aggregates_response_aggregate_text_column = element text_column { text } get_aggregates_response_aggregate_group = element group { get_aggregates_response_aggregate_group_value & get_aggregates_response_aggregate_group_subgroup* & get_aggregates_response_aggregate_group_count & get_aggregates_response_aggregate_group_c_count & get_aggregates_response_aggregate_group_stats* & get_aggregates_response_aggregate_group_text* } get_aggregates_response_aggregate_group_value = element value { text } get_aggregates_response_aggregate_group_subgroup = element subgroup { get_aggregates_response_aggregate_group_subgroup_value & get_aggregates_response_aggregate_group_subgroup_count & get_aggregates_response_aggregate_group_subgroup_c_count & get_aggregates_response_aggregate_group_subgroup_stats* } get_aggregates_response_aggregate_group_subgroup_value = element value { text } get_aggregates_response_aggregate_group_subgroup_count = element count { integer } get_aggregates_response_aggregate_group_subgroup_c_count = element c_count { integer } get_aggregates_response_aggregate_group_subgroup_stats = element stats { attribute column { text }? & get_aggregates_response_aggregate_group_subgroup_stats_min & get_aggregates_response_aggregate_group_subgroup_stats_max & get_aggregates_response_aggregate_group_subgroup_stats_mean & get_aggregates_response_aggregate_group_subgroup_stats_sum & get_aggregates_response_aggregate_group_subgroup_stats_c_sum } get_aggregates_response_aggregate_group_subgroup_stats_min = element min { text } get_aggregates_response_aggregate_group_subgroup_stats_max = element max { text } get_aggregates_response_aggregate_group_subgroup_stats_mean = element mean { text } get_aggregates_response_aggregate_group_subgroup_stats_sum = element sum { text } get_aggregates_response_aggregate_group_subgroup_stats_c_sum = element c_sum { text } get_aggregates_response_aggregate_group_count = element count { integer } get_aggregates_response_aggregate_group_c_count = element c_count { integer } get_aggregates_response_aggregate_group_text = element text { text & attribute name { text }? } get_aggregates_response_aggregate_group_stats = element stats { attribute column { text }? & get_aggregates_response_aggregate_group_stats_min & get_aggregates_response_aggregate_group_stats_max & get_aggregates_response_aggregate_group_stats_mean & get_aggregates_response_aggregate_group_stats_sum & get_aggregates_response_aggregate_group_stats_c_sum } get_aggregates_response_aggregate_group_stats_min = element min { text } get_aggregates_response_aggregate_group_stats_max = element max { text } get_aggregates_response_aggregate_group_stats_mean = element mean { text } get_aggregates_response_aggregate_group_stats_sum = element sum { text } get_aggregates_response_aggregate_group_stats_c_sum = element c_sum { text } get_aggregates_response_aggregate_overall = element overall { get_aggregates_response_aggregate_overall_count & get_aggregates_response_aggregate_overall_min & get_aggregates_response_aggregate_overall_max & get_aggregates_response_aggregate_overall_mean & get_aggregates_response_aggregate_overall_sum } get_aggregates_response_aggregate_overall_count = element count { integer } get_aggregates_response_aggregate_overall_min = element min { text } get_aggregates_response_aggregate_overall_max = element max { text } get_aggregates_response_aggregate_overall_mean = element mean { text } get_aggregates_response_aggregate_overall_sum = element sum { text } get_aggregates_response_aggregate_subgroups = element subgroups { get_aggregates_response_aggregate_subgroups_value* } get_aggregates_response_aggregate_subgroups_value = element value { text } get_aggregates_response_aggregate_column_info = element column_info { get_aggregates_response_aggregate_column_info_aggregate_column* } get_aggregates_response_aggregate_column_info_aggregate_column = element aggregate_column { get_aggregates_response_aggregate_column_info_aggregate_column_name & get_aggregates_response_aggregate_column_info_aggregate_column_stat & get_aggregates_response_aggregate_column_info_aggregate_column_type & get_aggregates_response_aggregate_column_info_aggregate_column_column & get_aggregates_response_aggregate_column_info_aggregate_column_data_type } get_aggregates_response_aggregate_column_info_aggregate_column_name = element name { text } get_aggregates_response_aggregate_column_info_aggregate_column_stat = element stat { text } get_aggregates_response_aggregate_column_info_aggregate_column_type = element type { text } get_aggregates_response_aggregate_column_info_aggregate_column_column = element column { text } get_aggregates_response_aggregate_column_info_aggregate_column_data_type = element data_type { text } get_aggregates_response_filters = element filters { attribute id { uuid } & get_aggregates_response_filters_term & get_aggregates_response_filters_name? & get_aggregates_response_filters_keywords } get_aggregates_response_filters_term = element term { text } get_aggregates_response_filters_name = element name { text } get_aggregates_response_filters_keywords = element keywords { get_aggregates_response_filters_keywords_keyword* } get_aggregates_response_filters_keywords_keyword = element keyword { get_aggregates_response_filters_keywords_keyword_column & get_aggregates_response_filters_keywords_keyword_relation & get_aggregates_response_filters_keywords_keyword_value } get_aggregates_response_filters_keywords_keyword_column = element column { text } get_aggregates_response_filters_keywords_keyword_relation = element relation { ERROR } get_aggregates_response_filters_keywords_keyword_value = element value { text }
7.52.3 Example: Get severity statistics of NVTs by family
<get_aggregates type="nvt" group_column="family" data_column="severity"/>
<get_aggregates_response status_text="OK" status="200"> <aggregate> <data_type>nvt</data_type> <data_column>severity</data_column> <group_column>family</group_column> <group> <value>AIX Local Security Checks</value> <count>1</count> <c_count>1</c_count> <min>3.3</min> <max>3.3</max> <mean>3.3</mean> <sum>3.3</sum> <c_sum>3.3</c_sum> </group> <group> <value>Brute force attacks</value> <count>8</count> <c_count>9</c_count> <min>0</min> <max>7.8</max> <mean>6.275</mean> <sum>50.2</sum> <c_sum>53.5</c_sum> </group> <group> <value>Buffer overflow</value> <count>519</count> <c_count>528</c_count> <min>10</min> <max>9.7</max> <mean>8.63083</mean> <sum>4479.4</sum> <c_sum>4532.9</c_sum> </group> ... <column_info> <aggregate_column> <name>value</name> <stat>value</stat> <type>nvt</type> <column>family</column> <data_type>text</data_type> </aggregate_column> <aggregate_column> <name>count</name> <stat>count</stat> <type>nvt</type> <column/> <data_type>integer</data_type> </aggregate_column> <aggregate_column> <name>c_count</name> <stat>c_count</stat> <type>nvt</type> <column/> <data_type>integer</data_type> </aggregate_column> <aggregate_column> <name>min</name> <stat>min</stat> <type>nvt</type> <column>severity</column> <data_type>cvss</data_type> </aggregate_column> ... </column_info> </aggregate> <filters id=""> <term>first=1 rows=-1 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> <keyword> <column>rows</column> <relation>=</relation> <value>-1</value> </keyword> <keyword> <column>sort</column> <relation>=</relation> <value>name</value> </keyword> </keywords> </filters> </get_aggregates_response>
7.53 Command get_alerts
In short: Get one or many alerts.
The client uses the get_alerts command to get alert information. If the command sent by the client was valid, the manager will reply with a list of alerts to the client.
7.53.1 Structure
-
Command
- @alert_id (uuid) ID of single alert to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column event (integer) The event that triggers the alert
- column condition (integer) The condition for the alert
- column method (integer) The method of the alert
- column filter (uuid) UUID of the filter applied to the report
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan alerts instead.
- @tasks (boolean) Whether to get the tasks using the alerts.
-
Response
- @status (status)
- @status_text (text)
-
<alert>
*
- @id (uuid)
-
<owner>
Owner of the alert.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the alert.
-
<comment>
The comment on the alert.
-
<creation_time>
Creation time of the alert.
-
<modification_time>
Last time the alert was modified.
-
<in_use>
Whether any tasks are using the alert.
-
<writable>
Whether the alert is writable or not.
-
<permissions>
Permissions that the current user has on the alert.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the alert.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<condition>
The condition that must be satisfied for the alert to occur.
-
<data>
*Some data that defines the condition.
-
<name>
The name of the condition data.
-
<name>
-
<data>
*
-
<event>
The event that must happen for the alert to occur.
-
<data>
*Some data that defines the event.
-
<name>
The name of the event data.
-
<name>
-
<data>
*
-
<method>
The method by which he alert must occur.
-
<data>
*Some data that defines the method.
-
<name>
The name of the method data.
-
<credential>
?Credential information if the data is a credential ID.
- @id (uuid) UUID of the credential.
-
<name>
The name of the credential.
-
<login>
The username of the credential.
-
<name>
-
<data>
*
-
<filter>
- @id (uuid)
-
<name>
The name of the filter.
-
<permissions>
?Permissions the user has on the filter.
-
<trash>
Whether the filter is in the trashcan.
-
<tasks>
?Tasks using the alert.
-
<task>
*
- @id (uuid)
-
<name>
The name of the task.
-
<permissions>
?Permissions the user has on the task.
-
<task>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <alerts>
-
<alert_count>
-
<filtered>
Number of alerts after filtering.
-
<page>
Number of alerts on current page.
-
<filtered>
7.53.2 RNC
get_alerts = element get_alerts { attribute alert_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute tasks { boolean }? }
get_alerts_response = element get_alerts_response { attribute status { status } & attribute status_text { text } & get_alerts_response_alert* & get_alerts_response_filters & get_alerts_response_sort & get_alerts_response_alerts & get_alerts_response_alert_count } get_alerts_response_alert = element alert { attribute id { uuid } & get_alerts_response_alert_owner & get_alerts_response_alert_name & get_alerts_response_alert_comment & get_alerts_response_alert_creation_time & get_alerts_response_alert_modification_time & get_alerts_response_alert_in_use & get_alerts_response_alert_writable & get_alerts_response_alert_permissions & get_alerts_response_alert_user_tags? & get_alerts_response_alert_condition & get_alerts_response_alert_event & get_alerts_response_alert_method & get_alerts_response_alert_filter & get_alerts_response_alert_tasks? } get_alerts_response_alert_owner = element owner { get_alerts_response_alert_owner_name } get_alerts_response_alert_owner_name = element name { name } get_alerts_response_alert_name = element name { name } get_alerts_response_alert_comment = element comment { text } get_alerts_response_alert_in_use = element in_use { boolean } get_alerts_response_alert_writable = element writable { boolean } get_alerts_response_alert_creation_time = element creation_time { iso_time } get_alerts_response_alert_modification_time = element modification_time { iso_time } get_alerts_response_alert_permissions = element permissions { get_alerts_response_alert_permissions_permission* } get_alerts_response_alert_permissions_permission = element permission { get_alerts_response_alert_permissions_permission_name } get_alerts_response_alert_permissions_permission_name = element name { name } get_alerts_response_alert_user_tags = element user_tags { get_alerts_response_alert_user_tags_count & get_alerts_response_alert_user_tags_tag* } get_alerts_response_alert_user_tags_count = element count { integer } get_alerts_response_alert_user_tags_tag = element tag { attribute id { uuid } & get_alerts_response_alert_user_tags_tag_name & get_alerts_response_alert_user_tags_tag_value & get_alerts_response_alert_user_tags_tag_comment } get_alerts_response_alert_user_tags_tag_name = element name { text } get_alerts_response_alert_user_tags_tag_value = element value { text } get_alerts_response_alert_user_tags_tag_comment = element comment { text } get_alerts_response_alert_condition = element condition { text & get_alerts_response_alert_condition_data* } get_alerts_response_alert_condition_data = element data { text & get_alerts_response_alert_condition_data_name } get_alerts_response_alert_condition_data_name = element name { text } get_alerts_response_alert_event = element event { text & get_alerts_response_alert_event_data* } get_alerts_response_alert_event_data = element data { text & get_alerts_response_alert_event_data_name } get_alerts_response_alert_event_data_name = element name { text } get_alerts_response_alert_method = element method { text & get_alerts_response_alert_method_data* } get_alerts_response_alert_method_data = element data { text & get_alerts_response_alert_method_data_name & get_alerts_response_alert_method_data_credential? } get_alerts_response_alert_method_data_name = element name { text } get_alerts_response_alert_method_data_credential = element credential { attribute id { uuid }? & get_alerts_response_alert_method_data_credential_name & get_alerts_response_alert_method_data_credential_login } get_alerts_response_alert_method_data_credential_name = element name { name } get_alerts_response_alert_method_data_credential_login = element login { name } get_alerts_response_alert_filter = element filter { attribute id { uuid }? & get_alerts_response_alert_filter_name & get_alerts_response_alert_filter_permissions? & get_alerts_response_alert_filter_trash } get_alerts_response_alert_filter_name = element name { name } get_alerts_response_alert_filter_permissions = element permissions { "" } get_alerts_response_alert_filter_trash = element trash { boolean } get_alerts_response_alert_tasks = element tasks { get_alerts_response_alert_tasks_task* } get_alerts_response_alert_tasks_task = element task { attribute id { uuid } & get_alerts_response_alert_tasks_task_name & get_alerts_response_alert_tasks_task_permissions? } get_alerts_response_alert_tasks_task_name = element name { name } get_alerts_response_alert_tasks_task_permissions = element permissions { "" } get_alerts_response_filters = element filters { attribute id { uuid } & get_alerts_response_filters_term & get_alerts_response_filters_name? & get_alerts_response_filters_keywords } get_alerts_response_filters_term = element term { text } get_alerts_response_filters_name = element name { text } get_alerts_response_filters_keywords = element keywords { get_alerts_response_filters_keywords_keyword* } get_alerts_response_filters_keywords_keyword = element keyword { get_alerts_response_filters_keywords_keyword_column & get_alerts_response_filters_keywords_keyword_relation & get_alerts_response_filters_keywords_keyword_value } get_alerts_response_filters_keywords_keyword_column = element column { text } get_alerts_response_filters_keywords_keyword_relation = element relation { ERROR } get_alerts_response_filters_keywords_keyword_value = element value { text } get_alerts_response_sort = element sort { text & get_alerts_response_sort_field } get_alerts_response_sort_field = element field { get_alerts_response_sort_field_order } get_alerts_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_alerts_response_alerts = element alerts { attribute start { integer } & attribute max { integer } } get_alerts_response_alert_count = element alert_count { get_alerts_response_alert_count_filtered & get_alerts_response_alert_count_page } get_alerts_response_alert_count_filtered = element filtered { integer } get_alerts_response_alert_count_page = element page { integer }
7.53.3 Example: Get the alerts
<get_alerts/>
<get_alerts_response status="200" status_text="OK"> <alert id="6181e65d-8ba0-4937-9c44-8f2b10b0def7"> <name>Team alert</name> <comment/> <creation_time>2012-04-27T12:44:00+01:00</creation_time> <modification_time>2012-08-28T12:14:00+01:00</modification_time> <writable>1</writable> <in_use>1</in_use> <condition> Threat level at least <data> High <name>level</name> </data> </condition> <event> Task run status changed <data> Done <name>status</name> </data> </event> <method> Email <data> team@example.org <name>to_address</name> </data> <data> admin@example.org <name>from_address</name> </data> <data> 0 <name>notice</name> </data> </method> </alert> ... </get_alerts_response>
7.54 Command get_assets
In short: Get one or many assets.
The client uses the get_assets command to get asset information.
7.54.1 Structure
-
Command
- @asset_id (uuid) ID of single asset to get.
-
@filter
(text)
Filter term to use to filter query.
KeywordsKeywords if type is "host"
- column severity (severity) Highest severity of the asset from latest report
- column os (text) Best matching OS
- column oss (text) Comma-separated list of all OSs of the host
- column hostname (text) Hostname
- column ip (text) IP address
Keywords if type is "os"- column title (text) CPE title of the asset
- column hosts (integer) Number of hosts using the asset
- column latest_severity (severity) Latest severity score of the asset
- column highest_severity (severity) Latest severity score of the asset
- column average_severity (severity) Average severity score of the asset
- @filt_id (uuid) ID of filter to use to filter query.
- @ignore_pagination (boolean) Whether to ignore info used to split the report into pages like the filter terms "first" and "rows".
- @type ("host" or "os") Type of assets to get.
- @details (boolean) Whether to include additional information (e.g., tags).
-
Response
- @status (status)
- @status_text (text)
-
<asset>
*
- @id (uuid)
-
<owner>
Owner of the asset.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the asset.
-
<comment>
The comment on the asset.
-
<creation_time>
Date and time the asset was created.
-
<modification_time>
Date and time the asset was last modified.
-
<writable>
Whether the asset is writable.
-
<in_use>
Whether any tasks are using the asset.
-
<permissions>
Permissions that the current user has on the asset.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the asset.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<identifiers>
?Host identifiers.
-
<identifier>
A single identifier.
-
<name>
The name of the identifier.
-
<value>
The value of the identifier.
-
<creation_time>
Date and time the identifier was created.
-
<modification_time>
Date and time the identifier was last modified.
-
<source>
The source of the identifier.
- @id (uuid)
-
<type>
Type of source.
-
<data>
Extra data, depends on type of source.
-
<deleted>
Whether the source has been deleted.
-
<os>
?
- @id (uuid)
-
<title>
Title of OS.
-
<name>
-
<identifier>
-
One of
-
<host>
A host.
-
<severity>
Severity of the host.
-
<value>
-
<value>
-
<detail>
*A host detail.
-
<name>
The name of the detail.
-
<value>
The value of the detail.
-
<source>
The source of the detail.
- @id (uuid)
-
<type>
Type of source.
-
<name>
-
<routes>
List of routes to the host, with most recent ones first.
-
<route>
*List of hosts on the route to the host.
-
<route>
*
-
<severity>
-
<os>
An OS.
-
<title>
Title of the OS.
-
<installs>
Number of hosts on which OS has been detected.
-
<latest_severity>
Latest severity.
-
<value>
-
<value>
-
<highest_severity>
Highest severity.
-
<value>
-
<value>
-
<average_severity>
Average severity.
-
<value>
-
<value>
-
<hosts>
Hosts on which this OS has been detected.
-
<asset>
The host.
- @id (uuid)
-
<name>
The name of the host.
-
<severity>
Severity of the host.
-
<value>
-
<value>
-
<asset>
-
<title>
-
<host>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <assets>
-
<asset_count>
-
<filtered>
Number of assets after filtering.
-
<page>
Number of assets on current page.
-
<filtered>
7.54.2 RNC
get_assets = element get_assets { attribute asset_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute ignore_pagination { boolean }? & attribute type { xsd:token { pattern = "host|os" } }? }
get_assets_response = element get_assets_response { attribute status { status } & attribute status_text { text } & get_assets_response_asset* & get_assets_response_filters & get_assets_response_sort & get_assets_response_assets & get_assets_response_asset_count } get_assets_response_asset = element asset { attribute id { uuid } & get_assets_response_asset_owner & get_assets_response_asset_name & get_assets_response_asset_comment & get_assets_response_asset_creation_time & get_assets_response_asset_modification_time & get_assets_response_asset_writable & get_assets_response_asset_in_use & get_assets_response_asset_permissions & get_assets_response_asset_user_tags? & get_assets_response_asset_identifiers? & ( get_assets_response_asset_host | get_assets_response_asset_os ) } get_assets_response_asset_owner = element owner { get_assets_response_asset_owner_name } get_assets_response_asset_owner_name = element name { name } get_assets_response_asset_name = element name { name } get_assets_response_asset_comment = element comment { text } get_assets_response_asset_creation_time = element creation_time { iso_time } get_assets_response_asset_modification_time = element modification_time { iso_time } get_assets_response_asset_identifiers = element identifiers { get_assets_response_asset_identifiers_identifier } get_assets_response_asset_identifiers_identifier = element identifier { get_assets_response_asset_identifiers_identifier_name & get_assets_response_asset_identifiers_identifier_value & get_assets_response_asset_identifiers_identifier_creation_time & get_assets_response_asset_identifiers_identifier_modification_time & get_assets_response_asset_identifiers_identifier_source & get_assets_response_asset_identifiers_identifier_os? } get_assets_response_asset_identifiers_identifier_name = element name { name } get_assets_response_asset_identifiers_identifier_value = element value { text } get_assets_response_asset_identifiers_identifier_creation_time = element creation_time { iso_time } get_assets_response_asset_identifiers_identifier_modification_time = element modification_time { iso_time } get_assets_response_asset_identifiers_identifier_source = element source { attribute id { uuid } & get_assets_response_asset_identifiers_identifier_source_type & get_assets_response_asset_identifiers_identifier_source_data & get_assets_response_asset_identifiers_identifier_source_deleted } get_assets_response_asset_identifiers_identifier_source_type = element type { text } get_assets_response_asset_identifiers_identifier_source_data = element data { text } get_assets_response_asset_identifiers_identifier_source_deleted = element deleted { boolean } get_assets_response_asset_identifiers_identifier_os = element os { attribute id { uuid } & get_assets_response_asset_identifiers_identifier_os_title } get_assets_response_asset_identifiers_identifier_os_title = element title { text } get_assets_response_asset_host = element host { get_assets_response_asset_host_severity & get_assets_response_asset_host_detail* & get_assets_response_asset_host_routes } get_assets_response_asset_host_severity = element severity { get_assets_response_asset_host_severity_value } get_assets_response_asset_host_severity_value = element value { severity } get_assets_response_asset_host_detail = element detail { get_assets_response_asset_host_detail_name & get_assets_response_asset_host_detail_value & get_assets_response_asset_host_detail_source } get_assets_response_asset_host_detail_name = element name { name } get_assets_response_asset_host_detail_value = element value { text } get_assets_response_asset_host_detail_source = element source { attribute id { uuid } & get_assets_response_asset_host_detail_source_type } get_assets_response_asset_host_detail_source_type = element type { text } get_assets_response_asset_host_routes = element routes { get_assets_response_asset_host_routes_route* } get_assets_response_asset_host_routes_route = element route { get_assets_response_asset_host_routes_route_host* } get_assets_response_asset_host_routes_route_host = element host { attribute id { uuid }? & attribute distance { number }? & attribute same_source { boolean }? & get_assets_response_asset_host_routes_route_host_ip } get_assets_response_asset_host_routes_route_host_ip = element ip { text } get_assets_response_asset_os = element os { get_assets_response_asset_os_title & get_assets_response_asset_os_installs & get_assets_response_asset_os_latest_severity & get_assets_response_asset_os_highest_severity & get_assets_response_asset_os_average_severity & get_assets_response_asset_os_hosts } get_assets_response_asset_os_title = element title { text } get_assets_response_asset_os_installs = element installs { integer } get_assets_response_asset_os_latest_severity = element latest_severity { get_assets_response_asset_os_latest_severity_value } get_assets_response_asset_os_latest_severity_value = element value { text } get_assets_response_asset_os_highest_severity = element highest_severity { get_assets_response_asset_os_highest_severity_value } get_assets_response_asset_os_highest_severity_value = element value { text } get_assets_response_asset_os_average_severity = element average_severity { get_assets_response_asset_os_average_severity_value } get_assets_response_asset_os_average_severity_value = element value { text } get_assets_response_asset_os_hosts = element hosts { get_assets_response_asset_os_hosts_asset } get_assets_response_asset_os_hosts_asset = element asset { attribute id { uuid } & get_assets_response_asset_os_hosts_asset_name & get_assets_response_asset_os_hosts_asset_severity } get_assets_response_asset_os_hosts_asset_name = element name { name } get_assets_response_asset_os_hosts_asset_severity = element severity { get_assets_response_asset_os_hosts_asset_severity_value } get_assets_response_asset_os_hosts_asset_severity_value = element value { text } get_assets_response_asset_in_use = element in_use { boolean } get_assets_response_asset_writable = element writable { boolean } get_assets_response_asset_permissions = element permissions { get_assets_response_asset_permissions_permission* } get_assets_response_asset_permissions_permission = element permission { get_assets_response_asset_permissions_permission_name } get_assets_response_asset_permissions_permission_name = element name { name } get_assets_response_asset_user_tags = element user_tags { get_assets_response_asset_user_tags_count & get_assets_response_asset_user_tags_tag* } get_assets_response_asset_user_tags_count = element count { integer } get_assets_response_asset_user_tags_tag = element tag { attribute id { uuid } & get_assets_response_asset_user_tags_tag_name & get_assets_response_asset_user_tags_tag_value & get_assets_response_asset_user_tags_tag_comment } get_assets_response_asset_user_tags_tag_name = element name { text } get_assets_response_asset_user_tags_tag_value = element value { text } get_assets_response_asset_user_tags_tag_comment = element comment { text } get_assets_response_filters = element filters { attribute id { uuid } & get_assets_response_filters_term & get_assets_response_filters_name? & get_assets_response_filters_keywords } get_assets_response_filters_term = element term { text } get_assets_response_filters_name = element name { text } get_assets_response_filters_keywords = element keywords { get_assets_response_filters_keywords_keyword* } get_assets_response_filters_keywords_keyword = element keyword { get_assets_response_filters_keywords_keyword_column & get_assets_response_filters_keywords_keyword_relation & get_assets_response_filters_keywords_keyword_value } get_assets_response_filters_keywords_keyword_column = element column { text } get_assets_response_filters_keywords_keyword_relation = element relation { ERROR } get_assets_response_filters_keywords_keyword_value = element value { text } get_assets_response_sort = element sort { text & get_assets_response_sort_field } get_assets_response_sort_field = element field { get_assets_response_sort_field_order } get_assets_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_assets_response_assets = element assets { attribute start { integer } & attribute max { integer } } get_assets_response_asset_count = element asset_count { get_assets_response_asset_count_filtered & get_assets_response_asset_count_page } get_assets_response_asset_count_filtered = element filtered { integer } get_assets_response_asset_count_page = element page { integer }
7.54.3 Example: Get one or many assets
<get_assets/>
<get_assets_response status="200" status_text="OK"> <asset id="b493b7a8-7489-11df-a3ec-002264764cea"> <name>Localhost</name> <comment/> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <writable>0</writable> <in_use>7</in_use> <hosts>localhost</hosts> <max_hosts>1</max_hosts> <ssh_credential id=""> <name/> </ssh_credential> <smb_credential id=""> <name/> </smb_credential> <esxi_credential id=""> <name/> </esxi_credential> </asset> ... </get_assets_response>
7.54.3 Example: Get a single asset, including tasks using the asset
<get_assets asset_id="1f28d970-17ef-4c69-ba8a-13827059f2b9" tasks="1"/>
<get_assets_response status="200" status_text="OK"> <asset id="1f28d970-17ef-4c69-ba8a-13827059f2b9"> <name>dik</name> <comment>dik mm</comment> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <writable>0</writable> <in_use>4</in_use> <hosts>dik.example.org</hosts> <max_hosts>1</max_hosts> <ssh_credential id="58ff2793-2dc7-43fe-85f9-20bfac5a87e4"> <name>mm</name> </ssh_credential> <smb_credential id=""> <name/> </smb_credential> <esxi_credential id=""> <name/> </esxi_credential> <tasks> <task id="13bb418a-4220-4575-b35b-ec398bff7417"> <name>dik mm</name> </task> ... </tasks> </asset> </get_assets_response>
7.55 Command get_credentials
In short: Get one or many credentials.
The client uses the get_credentials command to get credentials information. If the command sent by the client was valid, the manager will reply with a list of credentials to the client.
7.55.1 Structure
-
Command
- @credential_id (uuid) ID of single credential to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column login (text) The login username
- column type (text) The type abbreviation
- column allow_insecure (boolean) Whether insecure use is allowed
- @filt_id (uuid) ID of filter to use to filter query.
- @scanners (boolean) Whether to include a list of scanners using the credentials.
- @trash (boolean) Whether to get the trashcan credentials instead.
- @targets (boolean) Whether to include a list of targets using the credentials.
- @format ("key", "rpm", "deb", "exe" or "pem")
-
Response
- @status (status)
- @status_text (text)
-
<credential>
*
- @id (uuid)
-
<owner>
Owner of the credential.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the credential.
-
<allow_insecure>
Whether insecure use of the credential is allowed.
-
<login>
The username of the credential.
-
<comment>
The comment on the credential.
-
<creation_time>
Date and time the credential was created.
-
<modification_time>
Date and time the credential was last modified.
-
<writable>
Whether this credential is writable.
-
<in_use>
Whether any targets are using the credential.
-
<permissions>
Permissions that the current user has on the credential.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the credential.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<type>
The type of the credential.
-
<full_type>
The type of the credential written out.
-
<formats>
The export formats available for the credential.
-
<format>
*Format as used in the command.
-
<format>
*
-
<auth_algorithm>
?The SNMP authentication algorithm.
-
<privacy>
?
-
<algorithm>
The SNMP privacy algorithm.
-
<algorithm>
-
<certificate_info>
?
Info about the certificate.
-
<scanners>
?All scanners using this credential.
-
<scanner>
*
- @id (uuid)
-
<name>
The name of the scanner.
-
<permissions>
?Permissions the user has on the scanner.
-
<scanner>
*
-
<targets>
?All targets using this credential.
-
<target>
*
- @id (uuid)
-
<name>
The name of the target.
-
<permissions>
?Permissions the user has on the target.
-
<target>
*
-
One of
-
<public_key>
-
<package>
- @format ("rpm", "deb" or "exe")
-
<certificate>
-
<public_key>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <credentials>
-
<credential_count>
-
<filtered>
Number of credentials after filtering.
-
<page>
Number of credentials on current page.
-
<filtered>
7.55.2 RNC
get_credentials = element get_credentials { attribute credential_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute scanners { boolean }? & attribute trash { boolean }? & attribute targets { boolean }? & attribute format { xsd:token { pattern = "key|rpm|deb|exe|pem" } }? }
get_credentials_response = element get_credentials_response { attribute status { status } & attribute status_text { text } & get_credentials_response_credential* & get_credentials_response_filters & get_credentials_response_sort & get_credentials_response_credentials & get_credentials_response_credential_count } get_credentials_response_credential = element credential { attribute id { uuid } & get_credentials_response_credential_owner & get_credentials_response_credential_name & get_credentials_response_credential_allow_insecure & get_credentials_response_credential_login & get_credentials_response_credential_comment & get_credentials_response_credential_creation_time & get_credentials_response_credential_modification_time & get_credentials_response_credential_writable & get_credentials_response_credential_in_use & get_credentials_response_credential_permissions & get_credentials_response_credential_user_tags? & get_credentials_response_credential_type & get_credentials_response_credential_full_type & get_credentials_response_credential_formats & get_credentials_response_credential_auth_algorithm? & get_credentials_response_credential_privacy? & get_credentials_response_credential_certificate_info? & get_credentials_response_credential_scanners? & get_credentials_response_credential_targets? & ( get_credentials_response_credential_public_key | get_credentials_response_credential_package | get_credentials_response_credential_certificate ) } get_credentials_response_credential_owner = element owner { get_credentials_response_credential_owner_name } get_credentials_response_credential_owner_name = element name { name } get_credentials_response_credential_name = element name { name } get_credentials_response_credential_allow_insecure = element allow_insecure { boolean } get_credentials_response_credential_login = element login { name } get_credentials_response_credential_comment = element comment { text } get_credentials_response_credential_creation_time = element creation_time { iso_time } get_credentials_response_credential_modification_time = element modification_time { iso_time } get_credentials_response_credential_writable = element writable { boolean } get_credentials_response_credential_in_use = element in_use { boolean } get_credentials_response_credential_permissions = element permissions { get_credentials_response_credential_permissions_permission* } get_credentials_response_credential_permissions_permission = element permission { get_credentials_response_credential_permissions_permission_name } get_credentials_response_credential_permissions_permission_name = element name { name } get_credentials_response_credential_user_tags = element user_tags { get_credentials_response_credential_user_tags_count & get_credentials_response_credential_user_tags_tag* } get_credentials_response_credential_user_tags_count = element count { integer } get_credentials_response_credential_user_tags_tag = element tag { attribute id { uuid } & get_credentials_response_credential_user_tags_tag_name & get_credentials_response_credential_user_tags_tag_value & get_credentials_response_credential_user_tags_tag_comment } get_credentials_response_credential_user_tags_tag_name = element name { text } get_credentials_response_credential_user_tags_tag_value = element value { text } get_credentials_response_credential_user_tags_tag_comment = element comment { text } get_credentials_response_credential_type = element type { xsd:token { pattern = "cc|pgp|pw|smime|snmp|up|usk" } } get_credentials_response_credential_full_type = element full_type { text } get_credentials_response_credential_formats = element formats { get_credentials_response_credential_formats_format* } get_credentials_response_credential_formats_format = element format { xsd:token { pattern = "key|rpm|deb|exe|pem" } } get_credentials_response_credential_auth_algorithm = element auth_algorithm { xsd:token { pattern = "md5|sha1" } } get_credentials_response_credential_privacy = element privacy { get_credentials_response_credential_privacy_algorithm } get_credentials_response_credential_privacy_algorithm = element algorithm { xsd:token { pattern = "aes|des" } } get_credentials_response_credential_certificate_info = element certificate_info # type certificate_info { certificate_info_time_status & certificate_info_activation_time & certificate_info_expiration_time & certificate_info_issuer & certificate_info_md5_fingerprint } get_credentials_response_credential_scanners = element scanners { get_credentials_response_credential_scanners_scanner* } get_credentials_response_credential_scanners_scanner = element scanner { attribute id { uuid } & get_credentials_response_credential_scanners_scanner_name & get_credentials_response_credential_scanners_scanner_permissions? } get_credentials_response_credential_scanners_scanner_name = element name { name } get_credentials_response_credential_scanners_scanner_permissions = element permissions { "" } get_credentials_response_credential_targets = element targets { get_credentials_response_credential_targets_target* } get_credentials_response_credential_targets_target = element target { attribute id { uuid } & get_credentials_response_credential_targets_target_name & get_credentials_response_credential_targets_target_permissions? } get_credentials_response_credential_targets_target_name = element name { name } get_credentials_response_credential_targets_target_permissions = element permissions { "" } get_credentials_response_credential_public_key = element public_key { text } get_credentials_response_credential_package = element package { base64 & attribute format { xsd:token { pattern = "rpm|deb|exe" } } } get_credentials_response_credential_certificate = element certificate { text } get_credentials_response_filters = element filters { attribute id { uuid } & get_credentials_response_filters_term & get_credentials_response_filters_name? & get_credentials_response_filters_keywords } get_credentials_response_filters_term = element term { text } get_credentials_response_filters_name = element name { text } get_credentials_response_filters_keywords = element keywords { get_credentials_response_filters_keywords_keyword* } get_credentials_response_filters_keywords_keyword = element keyword { get_credentials_response_filters_keywords_keyword_column & get_credentials_response_filters_keywords_keyword_relation & get_credentials_response_filters_keywords_keyword_value } get_credentials_response_filters_keywords_keyword_column = element column { text } get_credentials_response_filters_keywords_keyword_relation = element relation { ERROR } get_credentials_response_filters_keywords_keyword_value = element value { text } get_credentials_response_sort = element sort { text & get_credentials_response_sort_field } get_credentials_response_sort_field = element field { get_credentials_response_sort_field_order } get_credentials_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_credentials_response_credentials = element credentials { attribute start { integer } & attribute max { integer } } get_credentials_response_credential_count = element credential_count { get_credentials_response_credential_count_filtered & get_credentials_response_credential_count_page } get_credentials_response_credential_count_filtered = element filtered { integer } get_credentials_response_credential_count_page = element page { integer }
7.55.3 Example: Get one or many the credentials
<get_credentials/>
<get_credentials_response status="200" status_text="OK"> <credential id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"> <name>sally</name> <login>sally</login> <comment/> <creation_time>2012-12-14T17:11:25+01:00</creation_time> <modification_time>2012-05-28T11:19:20+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <type>usk</type> <full_type>username + SSH key</full_type> <formats> <format>key</format> <format>rpm</format> <format>deb</format> </formats> </credential> <credential id="8e305b0b-260d-450d-91a8-dadf0b144e15"> <name>bob</name> <comment>Bob on the web server.</comment> <creation_time>2013-01-03T15:49:35+01:00</creation_time> <modification_time>2013-01-18T12:07:00+01:00</modification_time> <writable>1</writable> <in_use>1</in_use> <login>bob</login> <type>up</type> <full_type>username + password</full_type> <formats> <format>exe</format> </formats> </credential> ... </get_credentials_response>
7.55.3 Example: Get a single credential, its public key and targets using it
<get_credentials credential_id="8e305b0b-260d-450d-91a8-dadf0b144e15" format="key" targets="1"/>
<get_credentials_response status="200" status_text="OK"> <credential id="8e305b0b-260d-450d-91a8-dadf0b144e15"> <name>bob</name> <comment>Bob on the web server.</comment> <creation_time>2012-11-03T15:41:35+01:00</creation_time> <modification_time>2012-11-18T13:17:00+01:00</modification_time> <writable>1</writable> <in_use>1</in_use> <login>bob</login> <type>up</type> <full_type>username + password</full_type> <targets> <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9"> <name>Web server</name> </target> </targets> <public_key> ssh-rsa AAAAB3...Z64IcQ== Key generated by GVM </public_key> </credential> </get_credentials_response>
7.55.3 Example: Get the Debian package of a single credential
<get_credentials credential_id="8e305b0b-260d-450d-91a8-dadf0b144e15" format="deb"/>
<get_credentials_response status="200" status_text="OK"> <credential id="8e305b0b-260d-450d-91a8-dadf0b144e15"> <name>bob</name> <login>bob</login> <comment>Bob on the web server.</comment> <creation_time>2012-11-03T15:41:35+01:00</creation_time> <modification_time>2012-11-18T13:17:00+01:00</modification_time> <writable>1</writable> <in_use>1</in_use> <type>up</type> <full_type>username + password</full_type> <targets> <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9"> <name>Web server</name> </target> </targets> <package format="deb">ITxhcmNoPgpk...DmvF0AKAAACg==</package> </credential> </get_credentials_response>
7.56 Command get_feeds
In short: Get one or many feeds.
The client uses the get_feeds command to get feed information. If the command sent by the client was valid, the manager will reply with a list of feeds to the client.
7.56.1 Structure
-
Command
- @type (text) Type of single feed to get: NVT, CERT or SCAP.
-
Response
- @status (status)
- @status_text (text)
-
<feed>
*
-
<type>
The type of feed: NVT, CERT or SCAP.
-
<name>
The name of the feed.
-
<version>
The version of the feed.
-
<description>
A description of the feed.
-
<sync_not_available>
?Present if syncing is not available.
-
<error>
Description of why sync is not available.
-
<error>
-
<currently_syncing>
?Present if a sync of this type is underway.
-
<timestamp>
Time sync started.
-
<user>
Name of user who is performing sync.
-
<timestamp>
-
<type>
7.56.2 RNC
get_feeds = element get_feeds { attribute type { text }? }
get_feeds_response = element get_feeds_response { attribute status { status } & attribute status_text { text } & get_feeds_response_feed* } get_feeds_response_feed = element feed { get_feeds_response_feed_type & get_feeds_response_feed_name & get_feeds_response_feed_version & get_feeds_response_feed_description & get_feeds_response_feed_sync_not_available? & get_feeds_response_feed_currently_syncing? } get_feeds_response_feed_type = element type { text } get_feeds_response_feed_name = element name { text } get_feeds_response_feed_version = element version { text } get_feeds_response_feed_description = element description { text } get_feeds_response_feed_sync_not_available = element sync_not_available { get_feeds_response_feed_sync_not_available_error } get_feeds_response_feed_sync_not_available_error = element error { } get_feeds_response_feed_currently_syncing = element currently_syncing { get_feeds_response_feed_currently_syncing_timestamp & get_feeds_response_feed_currently_syncing_user } get_feeds_response_feed_currently_syncing_timestamp = element timestamp { text } get_feeds_response_feed_currently_syncing_user = element user { text }
7.56.3 Example: Get the feeds
<get_feeds/>
<get_feeds_response status_text="OK" status="200"> <feed> <type>NVT</type> <name>Greenbone Security Feed</name> <version>201608180124</version> <description>This script synchronizes an NVT collection with...</description> </feed> <feed> <type>CERT</type> <name>Greenbone CERT Feed</name> <version>201609130000</version> <description>This script synchronizes a CERT collection with...</description> </feed> <feed> <type>SCAP</type> <name>Greenbone SCAP Feed</name> <version>201608172300</version> <description>This script synchronizes a SCAP collection with...</description> </feed> </get_feeds_response>
7.57 Command get_filters
In short: Get one or many filters.
The client uses the get_filters command to get filter information.
7.57.1 Structure
-
Command
- @filter_id (uuid) ID of single filter to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column type (text) Resource type the filter is restricted to
- column term (text) The filter term
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan filters instead.
- @alerts (boolean) Whether to include list of alerts that use the filter.
-
Response
- @status (status)
- @status_text (text)
-
<filter>
*
- @id (uuid)
-
<owner>
Owner of the filter.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the filter.
-
<comment>
The comment on the filter.
-
<term>
The filter term.
-
<type>
Resource type filter applies to. Blank for all.
-
<creation_time>
Date and time the filter was created.
-
<modification_time>
Date and time the filter was last modified.
-
<in_use>
Whether any tasks are using the filter.
-
<writable>
Whether the filter is writable.
-
<permissions>
Permissions that the current user has on the filter.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the filter.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<alerts>
?All alerts using the filter.
-
<alert>
*
- @id (uuid)
-
<name>
The name of the alert.
-
<permissions>
?Permissions the user has on the alert.
-
<alert>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
- @start (integer) First filter.
- @max (integer) Maximum number of filters.
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
- @start (integer) First filter.
- @max (integer) Maximum number of filters.
-
<filter_count>
-
<filtered>
Number of filters after filtering.
-
<page>
Number of filters on current page.
-
<filtered>
7.57.2 RNC
get_filters = element get_filters { attribute filter_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute alerts { boolean }? }
get_filters_response = element get_filters_response { attribute status { status } & attribute status_text { text } & get_filters_response_filter* & get_filters_response_filters & get_filters_response_sort & get_filters_response_filters & get_filters_response_filter_count } get_filters_response_filter = element filter { attribute id { uuid } & get_filters_response_filter_owner & get_filters_response_filter_name & get_filters_response_filter_comment & get_filters_response_filter_term & get_filters_response_filter_type & get_filters_response_filter_creation_time & get_filters_response_filter_modification_time & get_filters_response_filter_in_use & get_filters_response_filter_writable & get_filters_response_filter_permissions & get_filters_response_filter_user_tags? & get_filters_response_filter_alerts? } get_filters_response_filter_owner = element owner { get_filters_response_filter_owner_name } get_filters_response_filter_owner_name = element name { name } get_filters_response_filter_name = element name { name } get_filters_response_filter_comment = element comment { text } get_filters_response_filter_term = element term { text } get_filters_response_filter_type = element type { text } get_filters_response_filter_creation_time = element creation_time { iso_time } get_filters_response_filter_modification_time = element modification_time { iso_time } get_filters_response_filter_in_use = element in_use { boolean } get_filters_response_filter_writable = element writable { boolean } get_filters_response_filter_permissions = element permissions { get_filters_response_filter_permissions_permission* } get_filters_response_filter_permissions_permission = element permission { get_filters_response_filter_permissions_permission_name } get_filters_response_filter_permissions_permission_name = element name { name } get_filters_response_filter_user_tags = element user_tags { get_filters_response_filter_user_tags_count & get_filters_response_filter_user_tags_tag* } get_filters_response_filter_user_tags_count = element count { integer } get_filters_response_filter_user_tags_tag = element tag { attribute id { uuid } & get_filters_response_filter_user_tags_tag_name & get_filters_response_filter_user_tags_tag_value & get_filters_response_filter_user_tags_tag_comment } get_filters_response_filter_user_tags_tag_name = element name { text } get_filters_response_filter_user_tags_tag_value = element value { text } get_filters_response_filter_user_tags_tag_comment = element comment { text } get_filters_response_filter_alerts = element alerts { get_filters_response_filter_alerts_alert* } get_filters_response_filter_alerts_alert = element alert { attribute id { uuid } & get_filters_response_filter_alerts_alert_name & get_filters_response_filter_alerts_alert_permissions? } get_filters_response_filter_alerts_alert_name = element name { name } get_filters_response_filter_alerts_alert_permissions = element permissions { "" } get_filters_response_filters = element filters { attribute id { uuid } & get_filters_response_filters_term & get_filters_response_filters_name? & get_filters_response_filters_keywords } get_filters_response_filters_term = element term { text } get_filters_response_filters_name = element name { text } get_filters_response_filters_keywords = element keywords { get_filters_response_filters_keywords_keyword* } get_filters_response_filters_keywords_keyword = element keyword { get_filters_response_filters_keywords_keyword_column & get_filters_response_filters_keywords_keyword_relation & get_filters_response_filters_keywords_keyword_value } get_filters_response_filters_keywords_keyword_column = element column { text } get_filters_response_filters_keywords_keyword_relation = element relation { ERROR } get_filters_response_filters_keywords_keyword_value = element value { text } get_filters_response_sort = element sort { text & get_filters_response_sort_field } get_filters_response_sort_field = element field { get_filters_response_sort_field_order } get_filters_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_filters_response_filters = element filters { attribute start { integer } & attribute max { integer } } get_filters_response_filter_count = element filter_count { get_filters_response_filter_count_filtered & get_filters_response_filter_count_page } get_filters_response_filter_count_filtered = element filtered { integer } get_filters_response_filter_count_page = element page { integer }
7.57.3 Example: Get one or many filters
<get_filters/>
<get_filters_response status="200" status_text="OK"> <filter id="b493b7a8-7489-11df-a3ec-001164764cea"> <name>Single Targets</name> <comment>Targets with only one host</comment> <term>ips=1 first=1 rows=-2</term> <type>target</type> <in_use>1</in_use> <writable>1</writable> <creation_time>2015-07-15T15:05:55Z</creation_time> <modification_time>2015-07-15T15:05:55Z</modification_time> </filter> ... </get_filters_response>
7.57.3 Example: Get single filter, including alerts that use the filter
<get_filters filter_id="c33864a9-d3fd-44b3-8717-972bfb01dfc0" tasks="1"/>
<get_filters_response status="200" status_text="OK"> <filter id="c33864a9-d3fd-44b3-8717-972bfb01dfc0"> <name>Local</name> <comment>Any item with name containing 'local'.</comment> <term>name~local first=1 rows=-2</term> <type/> <in_use>1</in_use> <writable>1</writable> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <alerts> <alert id="13bb418a-4220-4575-b35b-ec398bff7418"> <name>Local Mailer</name> </alert> ... </alerts> </filter> </get_filters_response>
7.58 Command get_groups
In short: Get one or many groups.
The client uses the get_groups command to get group information.
7.58.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
-
<group>
*
- @id (uuid)
-
<owner>
Owner of the group.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the group.
-
<comment>
The comment on the group.
-
<creation_time>
Date and time the group was created.
-
<modification_time>
Date and time the group was last modified.
-
<writable>
Whether the group is writable.
-
<in_use>
Whether the group is in use.
-
<permissions>
Permissions that the current user has on the group.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the group.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<users>
A comma-separated list of the users in the group.
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <groups>
-
<group_count>
-
<filtered>
Number of groups after filtering.
-
<page>
Number of groups on current page.
-
<filtered>
7.58.2 RNC
get_groups = element get_groups { attribute group_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? }
get_groups_response = element get_groups_response { attribute status { status } & attribute status_text { text } & get_groups_response_group* & get_groups_response_filters & get_groups_response_sort & get_groups_response_groups & get_groups_response_group_count } get_groups_response_group = element group { attribute id { uuid } & get_groups_response_group_owner & get_groups_response_group_name & get_groups_response_group_comment & get_groups_response_group_creation_time & get_groups_response_group_modification_time & get_groups_response_group_writable & get_groups_response_group_in_use & get_groups_response_group_permissions & get_groups_response_group_user_tags? & get_groups_response_group_users } get_groups_response_group_owner = element owner { get_groups_response_group_owner_name } get_groups_response_group_owner_name = element name { name } get_groups_response_group_name = element name { name } get_groups_response_group_comment = element comment { text } get_groups_response_group_creation_time = element creation_time { iso_time } get_groups_response_group_modification_time = element modification_time { iso_time } get_groups_response_group_users = element users { text } get_groups_response_group_writable = element writable { boolean } get_groups_response_group_in_use = element in_use { boolean } get_groups_response_group_permissions = element permissions { get_groups_response_group_permissions_permission* } get_groups_response_group_permissions_permission = element permission { get_groups_response_group_permissions_permission_name } get_groups_response_group_permissions_permission_name = element name { name } get_groups_response_group_user_tags = element user_tags { get_groups_response_group_user_tags_count & get_groups_response_group_user_tags_tag* } get_groups_response_group_user_tags_count = element count { integer } get_groups_response_group_user_tags_tag = element tag { attribute id { uuid } & get_groups_response_group_user_tags_tag_name & get_groups_response_group_user_tags_tag_value & get_groups_response_group_user_tags_tag_comment } get_groups_response_group_user_tags_tag_name = element name { text } get_groups_response_group_user_tags_tag_value = element value { text } get_groups_response_group_user_tags_tag_comment = element comment { text } get_groups_response_filters = element filters { attribute id { uuid } & get_groups_response_filters_term & get_groups_response_filters_name? & get_groups_response_filters_keywords } get_groups_response_filters_term = element term { text } get_groups_response_filters_name = element name { text } get_groups_response_filters_keywords = element keywords { get_groups_response_filters_keywords_keyword* } get_groups_response_filters_keywords_keyword = element keyword { get_groups_response_filters_keywords_keyword_column & get_groups_response_filters_keywords_keyword_relation & get_groups_response_filters_keywords_keyword_value } get_groups_response_filters_keywords_keyword_column = element column { text } get_groups_response_filters_keywords_keyword_relation = element relation { ERROR } get_groups_response_filters_keywords_keyword_value = element value { text } get_groups_response_sort = element sort { text & get_groups_response_sort_field } get_groups_response_sort_field = element field { get_groups_response_sort_field_order } get_groups_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_groups_response_groups = element groups { attribute start { integer } & attribute max { integer } } get_groups_response_group_count = element group_count { get_groups_response_group_count_filtered & get_groups_response_group_count_page } get_groups_response_group_count_filtered = element filtered { integer } get_groups_response_group_count_page = element page { integer }
7.58.3 Example: Get one or many groups
<get_groups/>
<get_groups_response status="200" status_text="OK"> <group id="b493b7a8-7489-11df-a3ec-002264764cea"> <name>Management</name> <comment>Managers</comment> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <writable>1</writable> <in_use>0</in_use> <users>sarah, frank</users> </group> ... <filters id=""> <term>first=1 rows=-1 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> ... </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <groups max="-1" start="1"/> <group_count> 1 <filtered>1</filtered> <page>1</page> </group_count> </get_groups_response>
7.59 Command get_info
In short: Get information for items of given type.
The client uses the get_info command to get information about static data from an external source, like CVE or CPE. If the command sent by the client was valid, the manager will reply with a list of info elements of a given type to the client.
7.59.1 Structure
-
Command
- @type (text) Type must be either CERT_BUND_ADV, CPE, CVE, DFN_CERT_ADV, OVALDEF, NVT or ALLINFO.
- @name (text) Name or identifier of the requested information.
- @info_id (text) ID of single info to get. Conflicts with name.
-
@filter
(text)
Filter term to use to filter query.
KeywordsKeywords if type is "nvt"
- column summary (text) Summary text of the NVT
- column cve (text) List of CVEs of the NVT
- column xref (text) List of XREFs of the NVT
- column family (text) Family of the NVT
- column cvss (severity) Alias for severity
- column cvss_base (severity) Alias for severity
- column script_tags (text) List of script tags
- column qod (integer) Numerical QoD
- column qod_type (text) QoD type
- column solution_type (text) Solution type
Keywords if type is "cve"- column vector (text) "Vector" component of the CVSS base vector
- column complexity (text) "Complexity" component of the CVSS base vector
- column authentication (text) "Authentication" component of the CVSS base vector
- column confidentiality_impact (text) "Confidentiality Impact" component of the CVSS base vector
- column integrity_impact (text) "Integrity Impact" component of the CVSS base vector
- column availability_impact (text) "Availability Impact" component of the CVSS base vector
- column products (text) Space separated list CPEs the CVE applies to
- column cvss (severity) Alias for severity
- column description (text) Description text of the CVE
- column published () Time the CVE was published, alias for created
Keywords if type is "cpe"Keywords if type is "ovaldef"- column version (integer) Version number of the OVAL Definition
- column deprecated (boolean) Whether the OVAL Definition is deprecated
- column class (text) Class of the OVAL Definition
- column title (text) Title of the OVAL Definition
- column description (text) Longer description of the OVAL Definition
- column file (text) Name of the file containing the OVAL Definition
- column status (text) Status of the OVAL Definition
- column max_cvss (severity) Alias for severity
- column cves (integer) Number of CVEs referencing this CPE
Keywords if type is either "cert_bund_adv" or "dfn_cert_adv"Keywords if type is "allinfo"- column type (text) Type of SecInfo as given in the "type" parameter
- column extra (text) Title or similar text
- @filt_id (uuid) ID of filter to use to filter query.
- @details (boolean) Whether to include information about references to this information.
-
Response
- @status (status)
- @status_text (text)
-
<info>
*
- @id (integer) A unique number identifying this info, if available.
-
<owner>
Owner of the info.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the info.
-
<comment>
The comment on the info.
-
<creation_time>
Date and time the info was created.
-
<modification_time>
Date and time the info was last modified.
-
<permissions>
Permissions that the current user has on the info.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the info.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<update_time>
Date and time the source of the info was read.
-
One of
-
<cert_bund_adv>
An CERT-Bund advisory info element.
-
<title>
Title of the advisory.
-
<summary>
Summary text of the advisory.
-
<max_cvss>
Highest CVSS score of CVEs referenced by the advisory.
-
<cve_refs>
Number of CVEs referenced by this advisory.
-
<raw_data>
?Source representation of the information. Only when details were requested.
-
<title>
-
<cpe>
A CPE info element.
-
<nvd_id>
The NVD ID of the CPE.
-
<title>
?The title of the CPE.
-
<max_cvss>
The highest CVSS recorder for this CPE.
-
<cve_refs>
The number CVE of references to this CPE.
-
<status>
The status of this CPE.
-
<cves>
?CVEs referring to this CPE. Only when details were requested.
-
<cve>
*CVE referring to this CPE.
-
<cve>
*
-
<raw_data>
?Source representation of the information. Only when details were requested.
-
<nvd_id>
-
<cve>
A CVE info element.
-
<cvss>
CVSS Base Score.
-
<vector>
CVSS Access Vector metric.
-
<complexity>
CVSS Attack Complexity metric.
-
<authentication>
CVSS Authentication metric.
-
<confidentiality_impact>
CVSS Confidentiality impact metric.
-
<integrity_impact>
CVSS Integrity impact metric.
-
<availability_impact>
CVSS Availability impact metric.
-
<description>
The CVE's description.
-
<products>
Space separated list of CPEs affected by this.
-
<nvts>
?NVTs addressing this CVE. Only when details were requested.
-
<nvt>
*NVT referring to this CPE.
- @oid (oid)
-
<name>
Name of the NVT.
-
<nvt>
*
-
<cert>
?List of CERT advisories referencing this CVE.
-
<cert_ref>
*A CERT advisory reference.
- @type (text) Type of the advisory (e.g. "DFN-CERT", "CERT-BUND").
-
<name>
The name / ID of the advisory.
-
<title>
The title of the advisory.
-
<warning>
?A warning message, e.g. when the database is unavailable.
-
<cert_ref>
*
-
<raw_data>
?Source representation of the information. Only when details were requested.
-
<cvss>
-
<dfn_cert_adv>
An DFN-CERT advisory info element.
-
<title>
Title of the advisory.
-
<summary>
Summary text of the advisory.
-
<max_cvss>
Highest CVSS score of CVEs referenced by the advisory.
-
<cve_refs>
Number of CVEs referenced by this advisory.
-
<raw_data>
?Source representation of the information. Only when details were requested.
-
<title>
-
<ovaldef>
An OVAL definition info element.
-
<version>
Version number of the OVAL definition.
-
<deprecated>
Whether the definition is deprecated.
-
<status>
Lifecycle status text of the definition.
-
<class>
Definition class of the definition.
-
<title>
Title of the definition.
-
<max_cvss>
Highest CVSS score of CVEs referenced by the definition.
-
<cve_refs>
Number of CVEs referenced by the definition.
-
<file>
Path to the source xml file, relative to the SCAP data directory.
-
<description>
?Longer description of the definition. Only when details were requested.
-
<raw_data>
?Source representation of the information. Only when details were requested.
-
<version>
-
<nvt>
A NVT info element.
-
<allinfo>
A SecInfo entry. Could be CPE, CVE, NVT, OVALDEF or DFN-CERT Advisory.
-
<type>
Type of SecInfo entry.
-
<extra>
Extra information from the entry like title or description.
-
<severity>
Severity rating (CVSS score) of the entry.
-
<type>
-
<cert_bund_adv>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
(text)Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
-
<details>
(boolean)Are details included in this response.
-
<info_count>
-
<filtered>
Number of info elements after filtering.
-
<page>
Number of info elements on current page.
-
<filtered>
7.59.2 RNC
get_info = element get_info { attribute type { text } & attribute name { text }? & attribute info_id { text }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute details { boolean }? }
get_info_response = element get_info_response { attribute status { status } & attribute status_text { text } & get_info_response_info* & get_info_response_filters & get_info_response_sort & get_info_response_details & get_info_response_info_count } get_info_response_info = element info { attribute id { integer }? & get_info_response_info_owner & get_info_response_info_name & get_info_response_info_comment & get_info_response_info_creation_time & get_info_response_info_modification_time & get_info_response_info_permissions & get_info_response_info_user_tags? & get_info_response_info_update_time & ( get_info_response_info_cert_bund_adv | get_info_response_info_cpe | get_info_response_info_cve | get_info_response_info_dfn_cert_adv | get_info_response_info_ovaldef | get_info_response_info_nvt | get_info_response_info_allinfo ) } get_info_response_info_owner = element owner { get_info_response_info_owner_name } get_info_response_info_owner_name = element name { name } get_info_response_info_name = element name { name } get_info_response_info_comment = element comment { text } get_info_response_info_creation_time = element creation_time { iso_time } get_info_response_info_modification_time = element modification_time { iso_time } get_info_response_info_update_time = element update_time { iso_time } get_info_response_info_permissions = element permissions { get_info_response_info_permissions_permission* } get_info_response_info_permissions_permission = element permission { get_info_response_info_permissions_permission_name } get_info_response_info_permissions_permission_name = element name { name } get_info_response_info_user_tags = element user_tags { get_info_response_info_user_tags_count & get_info_response_info_user_tags_tag* } get_info_response_info_user_tags_count = element count { integer } get_info_response_info_user_tags_tag = element tag { attribute id { uuid } & get_info_response_info_user_tags_tag_name & get_info_response_info_user_tags_tag_value & get_info_response_info_user_tags_tag_comment } get_info_response_info_user_tags_tag_name = element name { text } get_info_response_info_user_tags_tag_value = element value { text } get_info_response_info_user_tags_tag_comment = element comment { text } get_info_response_info_cert_bund_adv = element cert_bund_adv { get_info_response_info_cert_bund_adv_title & get_info_response_info_cert_bund_adv_summary & get_info_response_info_cert_bund_adv_max_cvss & get_info_response_info_cert_bund_adv_cve_refs & get_info_response_info_cert_bund_adv_raw_data? } get_info_response_info_cert_bund_adv_title = element title { text } get_info_response_info_cert_bund_adv_summary = element summary { text } get_info_response_info_cert_bund_adv_max_cvss = element max_cvss { text } get_info_response_info_cert_bund_adv_cve_refs = element cve_refs { integer } get_info_response_info_cert_bund_adv_raw_data = element raw_data { text } get_info_response_info_cpe = element cpe { get_info_response_info_cpe_nvd_id & get_info_response_info_cpe_title? & get_info_response_info_cpe_max_cvss & get_info_response_info_cpe_cve_refs & get_info_response_info_cpe_status & get_info_response_info_cpe_cves? & get_info_response_info_cpe_raw_data? } get_info_response_info_cpe_nvd_id = element nvd_id { text } get_info_response_info_cpe_title = element title { text } get_info_response_info_cpe_max_cvss = element max_cvss { integer } get_info_response_info_cpe_cve_refs = element cve_refs { integer } get_info_response_info_cpe_status = element status { text } get_info_response_info_cpe_cves = element cves { get_info_response_info_cpe_cves_cve* } get_info_response_info_cpe_cves_cve = element cve { text } get_info_response_info_cpe_raw_data = element raw_data { text } get_info_response_info_nvt = element nvt { text } get_info_response_info_cve = element cve { get_info_response_info_cve_cvss & get_info_response_info_cve_vector & get_info_response_info_cve_complexity & get_info_response_info_cve_authentication & get_info_response_info_cve_confidentiality_impact & get_info_response_info_cve_integrity_impact & get_info_response_info_cve_availability_impact & get_info_response_info_cve_description & get_info_response_info_cve_products & get_info_response_info_cve_nvts? & get_info_response_info_cve_cert? & get_info_response_info_cve_raw_data? } get_info_response_info_cve_cvss = element cvss { text } get_info_response_info_cve_vector = element vector { text } get_info_response_info_cve_complexity = element complexity { text } get_info_response_info_cve_authentication = element authentication { text } get_info_response_info_cve_confidentiality_impact = element confidentiality_impact { text } get_info_response_info_cve_integrity_impact = element integrity_impact { text } get_info_response_info_cve_availability_impact = element availability_impact { text } get_info_response_info_cve_description = element description { text } get_info_response_info_cve_products = element products { text } get_info_response_info_cve_nvts = element nvts { get_info_response_info_cve_nvts_nvt* } get_info_response_info_cve_nvts_nvt = element nvt { attribute oid { oid }? & get_info_response_info_cve_nvts_nvt_name } get_info_response_info_cve_nvts_nvt_name = element name { text } get_info_response_info_cve_cert = element cert { get_info_response_info_cve_cert_cert_ref* & get_info_response_info_cve_cert_warning? } get_info_response_info_cve_cert_cert_ref = element cert_ref { attribute type { text }? & get_info_response_info_cve_cert_cert_ref_name & get_info_response_info_cve_cert_cert_ref_title } get_info_response_info_cve_cert_cert_ref_name = element name { text } get_info_response_info_cve_cert_cert_ref_title = element title { text } get_info_response_info_cve_cert_warning = element warning { text } get_info_response_info_cve_raw_data = element raw_data { text } get_info_response_info_dfn_cert_adv = element dfn_cert_adv { get_info_response_info_dfn_cert_adv_title & get_info_response_info_dfn_cert_adv_summary & get_info_response_info_dfn_cert_adv_max_cvss & get_info_response_info_dfn_cert_adv_cve_refs & get_info_response_info_dfn_cert_adv_raw_data? } get_info_response_info_dfn_cert_adv_title = element title { text } get_info_response_info_dfn_cert_adv_summary = element summary { text } get_info_response_info_dfn_cert_adv_max_cvss = element max_cvss { text } get_info_response_info_dfn_cert_adv_cve_refs = element cve_refs { integer } get_info_response_info_dfn_cert_adv_raw_data = element raw_data { text } get_info_response_info_ovaldef = element ovaldef { get_info_response_info_ovaldef_version & get_info_response_info_ovaldef_deprecated & get_info_response_info_ovaldef_status & get_info_response_info_ovaldef_class & get_info_response_info_ovaldef_title & get_info_response_info_ovaldef_max_cvss & get_info_response_info_ovaldef_cve_refs & get_info_response_info_ovaldef_file & get_info_response_info_ovaldef_description? & get_info_response_info_ovaldef_raw_data? } get_info_response_info_ovaldef_version = element version { integer } get_info_response_info_ovaldef_deprecated = element deprecated { boolean } get_info_response_info_ovaldef_status = element status { text } get_info_response_info_ovaldef_class = element class { text } get_info_response_info_ovaldef_title = element title { text } get_info_response_info_ovaldef_max_cvss = element max_cvss { text } get_info_response_info_ovaldef_cve_refs = element cve_refs { integer } get_info_response_info_ovaldef_file = element file { text } get_info_response_info_ovaldef_description = element description { text } get_info_response_info_ovaldef_raw_data = element raw_data { text } get_info_response_info_allinfo = element allinfo { get_info_response_info_allinfo_type & get_info_response_info_allinfo_extra & get_info_response_info_allinfo_severity } get_info_response_info_allinfo_type = element type { text } get_info_response_info_allinfo_extra = element extra { text } get_info_response_info_allinfo_severity = element severity { severity } get_info_response_filters = element filters { attribute id { uuid } & get_info_response_filters_term & get_info_response_filters_name? & get_info_response_filters_keywords } get_info_response_filters_term = element term # type text { } get_info_response_filters_name = element name { text } get_info_response_filters_keywords = element keywords { get_info_response_filters_keywords_keyword* } get_info_response_filters_keywords_keyword = element keyword { get_info_response_filters_keywords_keyword_column & get_info_response_filters_keywords_keyword_relation & get_info_response_filters_keywords_keyword_value } get_info_response_filters_keywords_keyword_column = element column { text } get_info_response_filters_keywords_keyword_relation = element relation { ERROR } get_info_response_filters_keywords_keyword_value = element value { text } get_info_response_sort = element sort { text & get_info_response_sort_field } get_info_response_sort_field = element field { get_info_response_sort_field_order } get_info_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_info_response_info_count = element info_count { get_info_response_info_count_filtered & get_info_response_info_count_page } get_info_response_info_count_filtered = element filtered { integer } get_info_response_info_count_page = element page { integer } get_info_response_details = element details # type boolean { }
7.59.3 Example: Get a info about cpe:/a:gnu:gzip:1.3.3 with all details
<get_info type="CPE" name="cpe:/a:gnu:gzip:1.3.3" details="1"/>
<get_info_response status_text="OK" status="200"> <info id="28139"> <name>cpe:/a:gnu:gzip:1.3.3</name> <comment/> <creation_time>2007-09-14T17:36:49Z</creation_time> <modification_time>2007-09-14T17:36:49Z</modification_time> <writable>0</writable> <in_use>0</in_use> <update_time>2012-10-26T13:18:00.000+0000</update_time> <cpe> <title>GNU Gzip 1.3.3</title> <max_cvss>10.0</max_cvss> <cve_refs>5</cve_refs> <status>DRAFT</status> <cves> <cve> <entry id="CVE-2004-0603"> <vuln:cvss> <cvss:base_metrics> <cvss:score>10.0</cvss:score> </cvss:base_metrics> </vuln:cvss> </entry> </cve> <cve> <entry id="CVE-2010-0001"> <vuln:cvss> <cvss:base_metrics> <cvss:score>6.8</cvss:score> </cvss:base_metrics> </vuln:cvss> </entry> </cve> <cve> <entry id="CVE-2009-2624"> <vuln:cvss> <cvss:base_metrics> <cvss:score>6.8</cvss:score> </cvss:base_metrics> </vuln:cvss> </entry> </cve> <cve> <entry id="CVE-2005-1228"> <vuln:cvss> <cvss:base_metrics> <cvss:score>5.0</cvss:score> </cvss:base_metrics> </vuln:cvss> </entry> </cve> <cve> <entry id="CVE-2005-0988"> <vuln:cvss> <cvss:base_metrics> <cvss:score>3.7</cvss:score> </cvss:base_metrics> </vuln:cvss> </entry> </cve> </cves> <raw_data> <cpe-item name="cpe:/a:gnu:gzip:1.3.3"> <title xml:lang="en-US">GNU Gzip 1.3.3</title> <meta:item-metadata nvd-id="28139" status="DRAFT" modification-date="2007-09-14T17:36:49.090Z"/> </cpe-item> </raw_data> </cpe> </info> <details>1</details> <filters id="(null)"> <term/> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <info max="-1" start="1"/> <info_count> <filtered>1</filtered> <page>1</page> </info_count> </get_info_response>
7.59.3 Example: Get a info CVE-1999-0010 without details
<get_info name="CVE-2011-0018" type="cve"/>
<get_info_response status_text="OK" status="200"> <info id="CVE-2011-0018"> <name>CVE-2011-0018</name> <comment/> <creation_time>2011-01-28T16:00:02Z</creation_time> <modification_time>2011-02-05T07:01:22Z</modification_time> <writable>0</writable> <in_use>0</in_use> <update_time>2012-10-26T13:18:00.000+0000</update_time> <cve> <cvss>9.0</cvss> <vector>NETWORK</vector> <complexity>LOW</complexity> <authentication>SINGLE_INSTANCE</authentication> <confidentiality_impact>COMPLETE</confidentiality_impact> <integrity_impact>COMPLETE</integrity_impact> <availability_impact>COMPLETE</availability_impact> <description> The email function in manage_sql.c in ...(truncated for example) </description> <products> cpe:/a:openvas:openvas_manager:1.0.1 ...(truncated for example) </products> </cve> </info> <filters id="(null)"> <term/> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <info max="-1" start="1"/> <info_count> <filtered>1</filtered> <page>1</page> </info_count> </get_info_response>
7.60 Command get_notes
In short: Get one or many notes.
The client uses the get_notes command to get note information. If the command sent by the client was valid, the manager will reply with a list of notes to the client.
7.60.1 Structure
-
Command
- @note_id (uuid) ID of single note to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column nvt (oid) OID of the NVT the Note applies to
- column text (text) Text of the Note
- column nvt_id (oid) Alias of nvt
- column task_name (text) Name of the Task the Note applies to
- column task_id (uuid) UUID of the Task the Note applies to
- column hosts (text) Hosts the Note applies to
- column port (text) Port the Note applies to
- column active (boolean) Whether the Note is active
- column result (uuid) UUID of the result the Note applies to
- column severity (severity) Minimum severity of results the Note applies to
- @filt_id (uuid) ID of filter to use to filter query.
- @nvt_oid (oid)
- @task_id (uuid)
- @details (boolean)
- @result (boolean)
-
Response
- @status (status)
- @status_text (text)
-
<note>
*(note)
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <notes>
-
<note_count>
-
<filtered>
Number of notes after filtering.
-
<page>
Number of notes on current page.
-
<filtered>
7.60.2 RNC
get_notes = element get_notes { attribute note_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute nvt_oid { oid }? & attribute task_id { uuid }? & attribute details { boolean }? & attribute result { boolean }? }
get_notes_response = element get_notes_response { attribute status { status } & attribute status_text { text } & get_notes_response_note* & get_notes_response_filters & get_notes_response_sort & get_notes_response_notes & get_notes_response_note_count } get_notes_response_filters = element filters { attribute id { uuid } & get_notes_response_filters_term & get_notes_response_filters_name? & get_notes_response_filters_keywords } get_notes_response_filters_term = element term { text } get_notes_response_filters_name = element name { text } get_notes_response_filters_keywords = element keywords { get_notes_response_filters_keywords_keyword* } get_notes_response_filters_keywords_keyword = element keyword { get_notes_response_filters_keywords_keyword_column & get_notes_response_filters_keywords_keyword_relation & get_notes_response_filters_keywords_keyword_value } get_notes_response_filters_keywords_keyword_column = element column { text } get_notes_response_filters_keywords_keyword_relation = element relation { ERROR } get_notes_response_filters_keywords_keyword_value = element value { text } get_notes_response_sort = element sort { text & get_notes_response_sort_field } get_notes_response_sort_field = element field { get_notes_response_sort_field_order } get_notes_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_notes_response_notes = element notes { attribute start { integer } & attribute max { integer } } get_notes_response_note_count = element note_count { get_notes_response_note_count_filtered & get_notes_response_note_count_page } get_notes_response_note_count_filtered = element filtered { integer } get_notes_response_note_count_page = element page { integer } get_notes_response_note = element note # type note { attribute id { uuid } & note_permissions & note_owner & note_nvt & note_text & note_creation_time & note_modification_time & note_writable & note_in_use & note_active & note_orphan & note_user_tags? & ( note_hosts & note_port & note_severity & note_threat & note_task & note_end_time? & note_result? )? }
7.60.3 Example: Get one or many notes
<get_notes/>
<get_notes_response status="200" status_text="OK"> <note id="b76b81a7-9df8-42df-afff-baa9d4620128"> <nvt oid="1.3.6.1.4.1.25623.1.0.75"> <name>Test NVT: long lines</name> </nvt> <creation_time>2013-01-09T09:47:41+01:00</creation_time> <modification_time>2013-01-09T09:47:41+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <active>1</active> <orphan>1</orphan> <text excerpt="0">This is the full text of the note.</text> </note> ... </get_notes_response>
7.60.3 Example: Get details of a single note and result to which it applies
<get_notes note_id="7f618bbb-4664-419e-9bbf-367d93954cb0" details="1" result="1"/>
<get_notes_response status="200" status_text="OK"> <note id="7f618bbb-4664-419e-9bbf-367d93954cb0"> <nvt oid="1.3.6.1.4.1.25623.1.0.77"> <name>Test NVT: control chars in report result</name> </nvt> <creation_time>2015-07-15T15:05:55Z</creation_time> <modification_time>2015-07-15T15:05:55Z</modification_time> <writable>1</writable> <in_use>0</in_use> <active>1</active> <end_time/> <text>note fixed to result</text> <hosts>127.0.0.1</hosts> <port>general/tcp</port> <threat>Medium</threat> <task id="40b236a9-2b0f-4813-b8c7-bc2b98d9d7e4"> <name>test</name> </task> <orphan>0</orphan> <result id="0c95e6b3-1100-4dfd-88f1-4bed1fad29de"> <host>127.0.0.1</host> <port>general/tcp</port> <nvt oid="1.3.6.1.4.1.25623.1.0.77"> <name>Test NVT: control chars in report result</name> <cvss_base/> <cve/> <bid/> </nvt> <threat>Medium</threat> <description>Warning with control char between fullstops: . .</description> </result> </note> ... </get_notes_response>
7.61 Command get_nvts
In short: Get one or many NVTs.
The client uses the get_nvts command to get NVT information.
This command may always include a details flag, a config, a sort order and a sort field. If the command includes a details flag, the manager also consults the timeout, preference_count and preferences flags.
The NVT OID, family name and config attributes limit the listing to a single NVT or all NVTs in a particular family and/or config.
If the details flag is present the manager will send full details of the NVT, otherwise it will send just the NVT name.
With the preferences flag the manager includes in the listing, the values of each listed NVT's preferences for the given config. The timeout flag does the same for the special timeout preference. If the config contains no values for a preference, the default value of the preference is returned. The same applies if no config is given.
If the manager possesses an NVT collection, it will reply with the NVT information. If the manager cannot access a list of available NVTs at that time, it will reply with the 503 response.
NVT categories: 0 init, 1 scanner, 2 settings, 3 infos, 4 attack, 5 mixed, 6 destructive attack, 7 denial, 8 kill host, 9 flood, 10 end, and 11 unknown.
7.61.1 Structure
-
Command
- @nvt_oid (oid) Single NVT to get.
- @details (boolean) Whether to include full details.
- @preferences (boolean) Whether to include preference.
- @preference_count (boolean) Whether to include preference count.
- @timeout (boolean) Whether to include the special timeout preference.
- @config_id (uuid) ID of config to which to limit the NVT listing.
- @preferences_config_id (uuid) ID of config to use for preference values.
- @family (text) Family to which to limit NVT listing.
- @sort_order (sort_order)
- @sort_field (text)
-
Response
- @status (status)
- @status_text (text)
-
<nvt>
- @oid (oid)
-
<name>
The name of the NVT.
-
<user_tags>
?Info on tags attached to the NVT.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
The group?
-
<creation_time>
The creation time of the NVT.
-
<modification_time>
The modification time of the NVT.
-
<category>
The category of the NVT.
-
<summary>
Short description of the NVT.
-
<family>
Name of the family the NVT belongs to.
-
<cvss_base>
CVSS base score of the NVT.
-
<qod>
The quality of detection (QoD) of the NVT.
-
<value>
The numeric QoD value.
-
<type>
The QoD type.
-
<value>
-
<refs>
List of references of various types for this vulnerability test.
-
<ref>
*A reference.
- @id (text) ID of the reference.
- @type (text) Type of the reference, for example "cve", "bid", "dfn-cert", "cert-bund".
-
<warning>
?A warning message, e.g. when the CERT database is not available.
-
<ref>
*
-
<tags>
The tags of the NVT, separated by vertical bars.
-
<preference_count>
?The number of preferences for the NVT.
-
<timeout>
?The timeout of the NVT.
-
<default_timeout>
?The default_timeout of the NVT.
-
<preferences>
?List of preferences of the NVT.
-
<timeout>
The timeout of the NVT.
-
<default_timeout>
The default timeout of the NVT.
-
<preference>
*
-
<nvt>
NVT to which preference applies.
- @oid (oid)
-
<name>
The name of the NVT.
-
<name>
The name of the preference.
-
<type>
The type of the preference.
-
<value>
The value of the preference.
-
<alt>
*An alternate value of the preference.
-
<default>
The default value of the preference.
-
<nvt>
-
<timeout>
-
<creation_time>
7.61.2 RNC
get_nvts = element get_nvts { attribute nvt_oid { oid } & attribute details { boolean }? & attribute preferences { boolean }? & attribute preference_count { boolean }? & attribute timeout { boolean }? & attribute config_id { uuid }? & attribute preferences_config_id { uuid }? & attribute family { text }? & attribute sort_order { sort_order }? & attribute sort_field { text }? }
get_nvts_response = element get_nvts_response { attribute status { status } & attribute status_text { text } & get_nvts_response_nvt } get_nvts_response_nvt = element nvt { attribute oid { oid } & get_nvts_response_nvt_name & get_nvts_response_nvt_user_tags? & ( get_nvts_response_nvt_creation_time & get_nvts_response_nvt_modification_time & get_nvts_response_nvt_category & get_nvts_response_nvt_summary & get_nvts_response_nvt_family & get_nvts_response_nvt_cvss_base & get_nvts_response_nvt_qod & get_nvts_response_nvt_refs & get_nvts_response_nvt_tags & get_nvts_response_nvt_preference_count? & get_nvts_response_nvt_timeout? & get_nvts_response_nvt_default_timeout? & get_nvts_response_nvt_preferences? )? } get_nvts_response_nvt_name = element name { name } get_nvts_response_nvt_category = element category { integer } get_nvts_response_nvt_creation_time = element creation_time { iso_time } get_nvts_response_nvt_modification_time = element modification_time { iso_time } get_nvts_response_nvt_user_tags = element user_tags { get_nvts_response_nvt_user_tags_count & get_nvts_response_nvt_user_tags_tag* } get_nvts_response_nvt_user_tags_count = element count { integer } get_nvts_response_nvt_user_tags_tag = element tag { attribute id { uuid } & get_nvts_response_nvt_user_tags_tag_name & get_nvts_response_nvt_user_tags_tag_value & get_nvts_response_nvt_user_tags_tag_comment } get_nvts_response_nvt_user_tags_tag_name = element name { text } get_nvts_response_nvt_user_tags_tag_value = element value { text } get_nvts_response_nvt_user_tags_tag_comment = element comment { text } get_nvts_response_nvt_summary = element summary { text } get_nvts_response_nvt_family = element family { text } get_nvts_response_nvt_cvss_base = element cvss_base { text } get_nvts_response_nvt_qod = element qod { get_nvts_response_nvt_qod_value & get_nvts_response_nvt_qod_type } get_nvts_response_nvt_qod_value = element value { integer } get_nvts_response_nvt_qod_type = element type { text } get_nvts_response_nvt_refs = element refs { get_nvts_response_nvt_refs_ref* & get_nvts_response_nvt_refs_warning? } get_nvts_response_nvt_refs_ref = element ref { attribute id { text }? & attribute type { text }? } get_nvts_response_nvt_refs_warning = element warning { text } get_nvts_response_nvt_tags = element tags { text } get_nvts_response_nvt_preference_count = element preference_count { text } get_nvts_response_nvt_timeout = element timeout { text } get_nvts_response_nvt_default_timeout = element default_timeout { text } get_nvts_response_nvt_preferences = element preferences { text & get_nvts_response_nvt_preferences_timeout & get_nvts_response_nvt_preferences_default_timeout & get_nvts_response_nvt_preferences_preference* } get_nvts_response_nvt_preferences_timeout = element timeout { text } get_nvts_response_nvt_preferences_default_timeout = element default_timeout { text } get_nvts_response_nvt_preferences_preference = element preference { get_nvts_response_nvt_preferences_preference_nvt & get_nvts_response_nvt_preferences_preference_name & get_nvts_response_nvt_preferences_preference_type & get_nvts_response_nvt_preferences_preference_value & get_nvts_response_nvt_preferences_preference_alt* & get_nvts_response_nvt_preferences_preference_default } get_nvts_response_nvt_preferences_preference_nvt = element nvt { attribute oid { oid } & get_nvts_response_nvt_preferences_preference_nvt_name } get_nvts_response_nvt_preferences_preference_nvt_name = element name { name } get_nvts_response_nvt_preferences_preference_name = element name { text } get_nvts_response_nvt_preferences_preference_type = element type { text } get_nvts_response_nvt_preferences_preference_value = element value { text } get_nvts_response_nvt_preferences_preference_alt = element alt { text } get_nvts_response_nvt_preferences_preference_default = element default { text }
7.61.3 Example: Get full NVT listing with details
<get_nvts details="1"/>
<get_nvts_response status="200" status_text="OK"> <nvt oid="1.3.6.1.4.1.25623.1.7.13005"> <name>Services</name> <creation_time>2011-01-14T10:12:23+01:00</creation_time> <modification_time>2012-09-19T20:56:15+02:00</modification_time> <category>3</category> <summary>Find what is listening on which port</summary> <family>Service detection</family> <cvss_base/> <refs/> <tags>NOTAG</tags> <preference_count>-1</preference_count> <timeout/> <preferences> <timeout/> <preference> <nvt oid="1.3.6.1.4.1.25623.1.0.10330"> <name>Services</name> </nvt> <id>1</id> <name>Network connection timeout :</name> <type>entry</type> <value>5</value> <default>5</default> </preference> ... </preferences> </nvt> <nvt oid="1.3.6.1.4.1.25623.1.7.13006"> <name>FooBar 21</name> <creation_time>2011-01-14T10:12:23+01:00</creation_time> <modification_time>2012-09-19T20:56:15+02:00</modification_time> <category>3</category> <description> This script detects whether the FooBar 2.1 XSS vulnerability is present. </description> ... </nvt> ... </get_nvts_response>
7.61.3 Example: Get minimal information about one NVT
<get_nvts nvt_oid="1.3.6.1.4.1.25623.1.0.10330"/>
<get_nvts_response status="200" status_text="OK"> <nvt oid="1.3.6.1.4.1.25623.1.0.10330"> <name>Services</name> </nvt> </get_nvts_response>
7.62 Command get_nvt_families
In short: Get a list of all NVT families.
The client uses the get_nvt_families command to get NVT family information. If the command sent by the client was valid, the manager will reply with a list of NVT families to the client.
7.62.1 Structure
-
Command
- @sort_order (sort_order)
-
Response
- @status (status)
- @status_text (text)
-
<families>
-
<family>
*
-
<name>
The name of the family.
-
<max_nvt_count>
The number of NVTs in the family.
-
<name>
-
<family>
*
7.62.2 RNC
get_nvt_families = element get_nvt_families { attribute sort_order { sort_order }? }
get_nvt_families_response = element get_nvt_families_response { attribute status { status } & attribute status_text { text } & get_nvt_families_response_families } get_nvt_families_response_families = element families { get_nvt_families_response_families_family* } get_nvt_families_response_families_family = element family { get_nvt_families_response_families_family_name & get_nvt_families_response_families_family_max_nvt_count } get_nvt_families_response_families_family_name = element name { name } get_nvt_families_response_families_family_max_nvt_count = element max_nvt_count { integer }
7.62.3 Example: Get the NVT families
<get_nvt_families/>
<get_nvt_families_response status="200" status_text="OK"> <families> <family> <name>Credentials</name> <max_nvt_count>8</max_nvt_count> </family> <family> <name>Port scanners</name> <max_nvt_count>12</max_nvt_count> </family> ... </families> </get_nvt_families_response>
7.63 Command get_overrides
In short: Get one or many overrides.
The client uses the get_overrides command to get override information. If the command sent by the client was valid, the manager will reply with a list of overrides to the client.
7.63.1 Structure
-
Command
- @override_id (uuid) ID of single override to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column nvt (oid) OID of the NVT the Override applies to
- column text (text) Text of the Override
- column nvt_id (oid) Alias of nvt
- column task_name (text) Name of the Task the Override applies to
- column task_id (uuid) UUID of the Task the Override applies to
- column hosts (text) Hosts the Override applies to
- column port (text) Port the Override applies to
- column threat (threat) Minimum severity level the Override applies to
- column new_threat (threat) Severity level results are changed to by the Override
- column active (boolean) Whether the Override is active
- column result (uuid) UUID of the result the Override applies to
- column severity (severity) Minimum severity of results the Override applies to
- column new_severity (severity) Severity level results are changed to by the Override
- @filt_id (uuid) ID of filter to use to filter query.
- @nvt_oid (oid)
- @task_id (uuid)
- @details (boolean)
- @result (boolean)
-
Response
- @status (status)
- @status_text (text)
-
<override>
*(override)
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <overrides>
-
<override_count>
-
<filtered>
Number of overrides after filtering.
-
<page>
Number of overrides on current page.
-
<filtered>
7.63.2 RNC
get_overrides = element get_overrides { attribute override_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute nvt_oid { oid }? & attribute task_id { uuid }? & attribute details { boolean }? & attribute result { boolean }? }
get_overrides_response = element get_overrides_response { attribute status { status } & attribute status_text { text } & get_overrides_response_override* & get_overrides_response_filters & get_overrides_response_sort & get_overrides_response_overrides & get_overrides_response_override_count } get_overrides_response_filters = element filters { attribute id { uuid } & get_overrides_response_filters_term & get_overrides_response_filters_name? & get_overrides_response_filters_keywords } get_overrides_response_filters_term = element term { text } get_overrides_response_filters_name = element name { text } get_overrides_response_filters_keywords = element keywords { get_overrides_response_filters_keywords_keyword* } get_overrides_response_filters_keywords_keyword = element keyword { get_overrides_response_filters_keywords_keyword_column & get_overrides_response_filters_keywords_keyword_relation & get_overrides_response_filters_keywords_keyword_value } get_overrides_response_filters_keywords_keyword_column = element column { text } get_overrides_response_filters_keywords_keyword_relation = element relation { ERROR } get_overrides_response_filters_keywords_keyword_value = element value { text } get_overrides_response_sort = element sort { text & get_overrides_response_sort_field } get_overrides_response_sort_field = element field { get_overrides_response_sort_field_order } get_overrides_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_overrides_response_overrides = element overrides { attribute start { integer } & attribute max { integer } } get_overrides_response_override_count = element override_count { get_overrides_response_override_count_filtered & get_overrides_response_override_count_page } get_overrides_response_override_count_filtered = element filtered { integer } get_overrides_response_override_count_page = element page { integer } get_overrides_response_override = element override # type override { attribute id { uuid } & override_permissions & override_owner & override_nvt & override_creation_time & override_modification_time & override_writable & override_in_use & override_active & override_text & override_threat & override_severity & override_new_threat & override_new_severity & override_orphan & override_permissions & override_user_tags? & ( override_hosts & override_port & override_task & override_end_time? & override_result? )? }
7.63.3 Example: Get one or many overrides
<get_overrides/>
<get_overrides_response status="200" status_text="OK"> <override id="b76b81a7-9df8-42df-afff-baa9d4620128"> <nvt oid="1.3.6.1.4.1.25623.1.0.75"> <name>Test NVT: long lines</name> </nvt> <creation_time>2013-01-09T09:50:10+01:00</creation_time> <modification_time>2013-01-09T09:50:10+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <active>1</active> <text excerpt="0">This is the full text of the override.</text> <new_threat>Log</new_threat> <new_severity>0.0</new_severity> <orphan>1</orphan> </override> ... </get_overrides_response>
7.63.3 Example: Get details of a single override
<get_overrides override_id="7f618bbb-4664-419e-9bbf-367d93954cb0" details="1"/>
<get_overrides_response status="200" status_text="OK"> <override id="7f618bbb-4664-419e-9bbf-367d93954cb0"> <nvt oid="1.3.6.1.4.1.25623.1.0.77"> <name>Test NVT: control chars in report result</name> </nvt> <creation_time>2015-07-15T15:05:55Z</creation_time> <modification_time>2015-07-15T15:05:55Z</modification_time> <writable>1</writable> <in_use>0</in_use> <active>1</active> <end_time/> <text>override fixed to result</text> <hosts>127.0.0.1</hosts> <port>general/tcp</port> <threat>Medium</threat> <new_threat>Low</new_threat> <new_severity>2.0</new_severity> <task id="40b236a9-2b0f-4813-b8c7-bc2b98d9d7e4"> <name>test</name> </task> <orphan>0</orphan> <result id="0c95e6b3-1100-4dfd-88f1-4bed1fad29de"/> </override> ... </get_overrides_response>
7.64 Command get_permissions
In short: Get one or many permissions.
The client uses the get_permissions command to get permission information.
7.64.1 Structure
-
Command
- @permission_id (uuid) ID of single permission to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column type (text) The resource type the permission is for
- column resource_uuid (text) UUID of the resource the permission is for
- column subject_type (text) Type of the subject of the permission
- column subject (text) Name of the subject of the permission
- column resource (text) Name of the resource the permission is for
- column subject_uuid (text) UUID of the subject of the permission
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan permissions instead.
-
Response
- @status (status)
- @status_text (text)
-
<permission>
*
- @id (uuid)
-
<owner>
Owner of the permission.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the permission.
-
<comment>
The comment on the permission.
-
<creation_time>
Date and time the permission was created.
-
<modification_time>
Date and time the permission was last modified.
-
<writable>
Whether the permission is writable.
-
<in_use>
Whether the permission is in use.
-
<permissions>
Permissions that the current user has on the permission.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the permission.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<resource>
The resource the permission applies to.
- @id (uuid) UUID if permission applies to a resource, else 0.
-
<name>
-
<permissions>
?Permissions the user has on the resource.
-
<type>
The GMP type of the resource.
-
<trash>
Whether the resource is in the trash.
-
<deleted>
Whether the resource has been deleted.
-
<subject>
The subject the permission applies to.
- @id (uuid) UUID of the subject.
-
<name>
-
<permissions>
?Permissions the user has on the subject.
-
<type>
The GMP type of the subject: group, role or user.
-
<trash>
Whether the subject is in the trash.
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <permissions>
-
<permission_count>
-
<filtered>
Number of permissions after filtering.
-
<page>
Number of permissions on current page.
-
<filtered>
7.64.2 RNC
get_permissions = element get_permissions { attribute permission_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? }
get_permissions_response = element get_permissions_response { attribute status { status } & attribute status_text { text } & get_permissions_response_permission* & get_permissions_response_filters & get_permissions_response_sort & get_permissions_response_permissions & get_permissions_response_permission_count } get_permissions_response_permission = element permission { attribute id { uuid } & get_permissions_response_permission_owner & get_permissions_response_permission_name & get_permissions_response_permission_comment & get_permissions_response_permission_creation_time & get_permissions_response_permission_modification_time & get_permissions_response_permission_writable & get_permissions_response_permission_in_use & get_permissions_response_permission_permissions & get_permissions_response_permission_user_tags? & get_permissions_response_permission_resource & get_permissions_response_permission_subject } get_permissions_response_permission_owner = element owner { get_permissions_response_permission_owner_name } get_permissions_response_permission_owner_name = element name { name } get_permissions_response_permission_name = element name { name } get_permissions_response_permission_comment = element comment { text } get_permissions_response_permission_creation_time = element creation_time { iso_time } get_permissions_response_permission_modification_time = element modification_time { iso_time } get_permissions_response_permission_resource = element resource { attribute id { uuid }? & get_permissions_response_permission_resource_name & get_permissions_response_permission_resource_permissions? & get_permissions_response_permission_resource_type & get_permissions_response_permission_resource_trash & get_permissions_response_permission_resource_deleted } get_permissions_response_permission_resource_name = element name { text } get_permissions_response_permission_resource_permissions = element permissions { "" } get_permissions_response_permission_resource_type = element type { text } get_permissions_response_permission_resource_trash = element trash { boolean } get_permissions_response_permission_resource_deleted = element deleted { boolean } get_permissions_response_permission_subject = element subject { attribute id { uuid }? & get_permissions_response_permission_subject_name & get_permissions_response_permission_subject_permissions? & get_permissions_response_permission_subject_type & get_permissions_response_permission_subject_trash } get_permissions_response_permission_subject_name = element name { text } get_permissions_response_permission_subject_permissions = element permissions { "" } get_permissions_response_permission_subject_type = element type { text } get_permissions_response_permission_subject_trash = element trash { boolean } get_permissions_response_permission_subject_deleted = element deleted { boolean } get_permissions_response_permission_writable = element writable { boolean } get_permissions_response_permission_in_use = element in_use { boolean } get_permissions_response_permission_permissions = element permissions { get_permissions_response_permission_permissions_permission* } get_permissions_response_permission_permissions_permission = element permission { get_permissions_response_permission_permissions_permission_name } get_permissions_response_permission_permissions_permission_name = element name { name } get_permissions_response_permission_user_tags = element user_tags { get_permissions_response_permission_user_tags_count & get_permissions_response_permission_user_tags_tag* } get_permissions_response_permission_user_tags_count = element count { integer } get_permissions_response_permission_user_tags_tag = element tag { attribute id { uuid } & get_permissions_response_permission_user_tags_tag_name & get_permissions_response_permission_user_tags_tag_value & get_permissions_response_permission_user_tags_tag_comment } get_permissions_response_permission_user_tags_tag_name = element name { text } get_permissions_response_permission_user_tags_tag_value = element value { text } get_permissions_response_permission_user_tags_tag_comment = element comment { text } get_permissions_response_filters = element filters { attribute id { uuid } & get_permissions_response_filters_term & get_permissions_response_filters_name? & get_permissions_response_filters_keywords } get_permissions_response_filters_term = element term { text } get_permissions_response_filters_name = element name { text } get_permissions_response_filters_keywords = element keywords { get_permissions_response_filters_keywords_keyword* } get_permissions_response_filters_keywords_keyword = element keyword { get_permissions_response_filters_keywords_keyword_column & get_permissions_response_filters_keywords_keyword_relation & get_permissions_response_filters_keywords_keyword_value } get_permissions_response_filters_keywords_keyword_column = element column { text } get_permissions_response_filters_keywords_keyword_relation = element relation { ERROR } get_permissions_response_filters_keywords_keyword_value = element value { text } get_permissions_response_sort = element sort { text & get_permissions_response_sort_field } get_permissions_response_sort_field = element field { get_permissions_response_sort_field_order } get_permissions_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_permissions_response_permissions = element permissions { attribute start { integer } & attribute max { integer } } get_permissions_response_permission_count = element permission_count { get_permissions_response_permission_count_filtered & get_permissions_response_permission_count_page } get_permissions_response_permission_count_filtered = element filtered { integer } get_permissions_response_permission_count_page = element page { integer }
7.64.3 Example: Get one or many permissions
<get_permissions/>
<get_permissions_response status="200" status_text="OK"> <permission id="b493b7a8-7489-11df-a3ec-002264764cea"> <name>Management</name> <comment>Managers</comment> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <writable>1</writable> <in_use>0</in_use> <users>sarah, frank</users> </permission> ... <filters id=""> <term>first=1 rows=-1 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> ... </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <permissions max="-1" start="1"/> <permission_count> 1 <filtered>1</filtered> <page>1</page> </permission_count> </get_permissions_response>
7.65 Command get_port_lists
In short: Get one or many port lists.
The client uses the get_port_lists command to get port list information.
7.65.1 Structure
-
Command
- @port_list_id (uuid) ID of single port list to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column total (integer) Total number of ports in the Port List
- column tcp (integer) Number of TCP ports in the Port List
- column udp (integer) Number of UDP ports in the Port List
- @filt_id (uuid) ID of filter to use to filter query.
- @details (boolean) Whether to include full port list details.
- @targets (boolean) Whether to include targets using this port list.
- @trash (boolean) Whether to get the trashcan port lists instead.
-
Response
- @status (status)
- @status_text (text)
-
<port_list>
*
- @id (uuid)
-
<owner>
Owner of the port list.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the port list.
-
<comment>
The comment on the port list.
-
<creation_time>
-
<modification_time>
-
<writable>
Whether the port list is writable.
-
<in_use>
Whether any targets are using the port list.
-
<permissions>
Permissions that the current user has on the port list.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the port list.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<port_count>
-
<all>
Total number of ports.
-
<tcp>
Total number of TCP ports.
-
<udp>
Total number of UDP ports.
-
<all>
-
<port_ranges>
?
-
<port_range>
*
- @id (uuid)
-
<start>
First port in range.
-
<end>
Last port in range.
-
<type>
The type of port: TCP, UDP, ....
-
<comment>
The comment on the port range.
-
<port_range>
*
-
<targets>
?The targets using the port list.
-
<target>
*
- @id (uuid)
-
<name>
The name of the target.
-
<permissions>
?Permissions the user has on the target.
-
<target>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <port_lists>
-
<port_list_count>
-
<filtered>
Number of port lists after filtering.
-
<page>
Number of port lists on current page.
-
<filtered>
7.65.2 RNC
get_port_lists = element get_port_lists { attribute port_list_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute details { boolean }? & attribute targets { boolean }? & attribute trash { boolean }? }
get_port_lists_response = element get_port_lists_response { attribute status { status } & attribute status_text { text } & get_port_lists_response_port_list* & get_port_lists_response_filters & get_port_lists_response_sort & get_port_lists_response_port_lists & get_port_lists_response_port_list_count } get_port_lists_response_port_list = element port_list { attribute id { uuid } & get_port_lists_response_port_list_owner & get_port_lists_response_port_list_name & get_port_lists_response_port_list_comment & get_port_lists_response_port_list_creation_time & get_port_lists_response_port_list_modification_time & get_port_lists_response_port_list_writable & get_port_lists_response_port_list_in_use & get_port_lists_response_port_list_permissions & get_port_lists_response_port_list_user_tags? & get_port_lists_response_port_list_port_count & get_port_lists_response_port_list_port_ranges? & get_port_lists_response_port_list_targets? } get_port_lists_response_port_list_owner = element owner { get_port_lists_response_port_list_owner_name } get_port_lists_response_port_list_owner_name = element name { name } get_port_lists_response_port_list_name = element name { name } get_port_lists_response_port_list_comment = element comment { text } get_port_lists_response_port_list_creation_time = element creation_time { iso_time } get_port_lists_response_port_list_modification_time = element modification_time { iso_time } get_port_lists_response_port_list_writable = element writable { boolean } get_port_lists_response_port_list_in_use = element in_use { boolean } get_port_lists_response_port_list_permissions = element permissions { get_port_lists_response_port_list_permissions_permission* } get_port_lists_response_port_list_permissions_permission = element permission { get_port_lists_response_port_list_permissions_permission_name } get_port_lists_response_port_list_permissions_permission_name = element name { name } get_port_lists_response_port_list_user_tags = element user_tags { get_port_lists_response_port_list_user_tags_count & get_port_lists_response_port_list_user_tags_tag* } get_port_lists_response_port_list_user_tags_count = element count { integer } get_port_lists_response_port_list_user_tags_tag = element tag { attribute id { uuid } & get_port_lists_response_port_list_user_tags_tag_name & get_port_lists_response_port_list_user_tags_tag_value & get_port_lists_response_port_list_user_tags_tag_comment } get_port_lists_response_port_list_user_tags_tag_name = element name { text } get_port_lists_response_port_list_user_tags_tag_value = element value { text } get_port_lists_response_port_list_user_tags_tag_comment = element comment { text } get_port_lists_response_port_list_port_count = element port_count { get_port_lists_response_port_list_port_count_all & get_port_lists_response_port_list_port_count_tcp & get_port_lists_response_port_list_port_count_udp } get_port_lists_response_port_list_port_count_all = element all { integer } get_port_lists_response_port_list_port_count_tcp = element tcp { integer } get_port_lists_response_port_list_port_count_udp = element udp { integer } get_port_lists_response_port_list_port_ranges = element port_ranges { get_port_lists_response_port_list_port_ranges_port_range* } get_port_lists_response_port_list_port_ranges_port_range = element port_range { attribute id { uuid } & get_port_lists_response_port_list_port_ranges_port_range_start & get_port_lists_response_port_list_port_ranges_port_range_end & get_port_lists_response_port_list_port_ranges_port_range_type & get_port_lists_response_port_list_port_ranges_port_range_comment } get_port_lists_response_port_list_port_ranges_port_range_start = element start { integer } get_port_lists_response_port_list_port_ranges_port_range_end = element end { integer } get_port_lists_response_port_list_port_ranges_port_range_type = element type { text } get_port_lists_response_port_list_port_ranges_port_range_comment = element comment { text } get_port_lists_response_port_list_targets = element targets { get_port_lists_response_port_list_targets_target* } get_port_lists_response_port_list_targets_target = element target { attribute id { uuid } & get_port_lists_response_port_list_targets_target_name & get_port_lists_response_port_list_targets_target_permissions? } get_port_lists_response_port_list_targets_target_name = element name { name } get_port_lists_response_port_list_targets_target_permissions = element permissions { "" } get_port_lists_response_filters = element filters { attribute id { uuid } & get_port_lists_response_filters_term & get_port_lists_response_filters_name? & get_port_lists_response_filters_keywords } get_port_lists_response_filters_term = element term { text } get_port_lists_response_filters_name = element name { text } get_port_lists_response_filters_keywords = element keywords { get_port_lists_response_filters_keywords_keyword* } get_port_lists_response_filters_keywords_keyword = element keyword { get_port_lists_response_filters_keywords_keyword_column & get_port_lists_response_filters_keywords_keyword_relation & get_port_lists_response_filters_keywords_keyword_value } get_port_lists_response_filters_keywords_keyword_column = element column { text } get_port_lists_response_filters_keywords_keyword_relation = element relation { ERROR } get_port_lists_response_filters_keywords_keyword_value = element value { text } get_port_lists_response_sort = element sort { text & get_port_lists_response_sort_field } get_port_lists_response_sort_field = element field { get_port_lists_response_sort_field_order } get_port_lists_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_port_lists_response_port_lists = element port_lists { attribute start { integer } & attribute max { integer } } get_port_lists_response_port_list_count = element port_list_count { get_port_lists_response_port_list_count_filtered & get_port_lists_response_port_list_count_page } get_port_lists_response_port_list_count_filtered = element filtered { integer } get_port_lists_response_port_list_count_page = element page { integer }
7.65.3 Example: Export a port list
<get_port_lists port_list_id="b993b6f5-f9fb-4e6e-9c94-dd46c00e058d" details="1" targets="1"/>
<get_port_lists_response status="200" status_text="OK"> <port_list id="b993b6f5-f9fb-4e6e-9c94-dd46c00e058d"> <name>All TCP</name> <comment>Every single TCP port.</comment> <creation_time>2012-12-31T16:38:45+01:00</creation_time> <modification_time>2012-12-31T16:38:45+01:00</modification_time> <writable>0</writable> <in_use>1</in_use> <port_count> <all>65535</all> <tcp>65535</tcp> <udp>0</udp> </port_count> <port_ranges> <port_range> <type>TCP</type> <start>1</start> <end>65535</end> </port_range> </port_ranges> <targets> <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9"> <name>Web server</name> </target> </targets> </port_list> </get_port_lists_response>
7.66 Command get_preferences
In short: Get one or many preferences.
The client uses the get_preferences command to get preference information. If the command sent by the client was valid, the manager will reply with a list of preferences to the client. If the manager cannot access a list of available NVTs at present, it will reply with the 503 response.
When the command includes a config_id attribute, the preference element includes the preference name, type and value, and the NVT to which the preference applies. Otherwise, the preference element includes just the name and value, with the NVT and type built into the name.
7.66.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
-
<preference>
*
-
<nvt>
NVT to which preference applies.
- @oid (oid)
-
<name>
The name of the NVT.
-
<name>
The name of the preference.
-
<id>
The ID of the preference.
-
<type>
The type of the preference.
-
<value>
The value of the preference.
-
<alt>
*An alternate value of the preference.
-
<default>
The default value of the preference.
-
<nvt>
7.66.2 RNC
get_preferences = element get_preferences { attribute nvt_oid { oid }? & attribute config_id { uuid }? & attribute preference { text }? }
get_preferences_response = element get_preferences_response { attribute status { status } & attribute status_text { text } & get_preferences_response_preference* } get_preferences_response_preference = element preference { get_preferences_response_preference_nvt & get_preferences_response_preference_name & get_preferences_response_preference_id & get_preferences_response_preference_type & get_preferences_response_preference_value & get_preferences_response_preference_alt* & get_preferences_response_preference_default } get_preferences_response_preference_nvt = element nvt { attribute oid { oid } & get_preferences_response_preference_nvt_name } get_preferences_response_preference_nvt_name = element name { name } get_preferences_response_preference_name = element name { name } get_preferences_response_preference_id = element id { text } get_preferences_response_preference_type = element type { text } get_preferences_response_preference_value = element value { text } get_preferences_response_preference_alt = element alt { text } get_preferences_response_preference_default = element default { text }
7.66.3 Example: Get default preferences for all NVTs
<get_preferences/>
<get_preferences_response status="200" status_text="OK"> <preference> <name> 1.3.6.1.4.1.25623.1.0.10330:1:entry:Network connection timeout : </name> <value>5</value> </preference> ... </get_preferences_response>
7.66.3 Example: Get default preferences for a single NVT
<get_preferences nvt_oid="1.3.6.1.4.1.25623.1.0.10330"/>
<get_preferences_response status="200" status_text="OK"> <preference> <name> 1.3.6.1.4.1.25623.1.0.10330:1:entry:Network connection timeout : </name> <value>5</value> <default>5</default> </preference> ... </get_preferences_response>
7.66.3 Example: Get preferences from a config for all NVTs
<get_preferences config_id="daba56c8-73ec-11df-a475-002264764cea"/>
<get_preferences_response status="200" status_text="OK"> <preference> <nvt oid="1.3.6.1.4.1.25623.1.0.10330"> <name>Services</name> </nvt> <id>1</id> <name>Network connection timeout :</name> <type>entry</type> <value>5</value> </preference> ... </get_preferences_response>
7.66.3 Example: Get preferences from a config for a single NVT
<get_preferences config_id="daba56c8-73ec-11df-a475-002264764cea" nvt_oid="1.3.6.1.4.1.25623.1.0.10330"/>
<get_preferences nvt_oid="1.3.6.1.4.1.25623.1.0.10330"> <preference> <nvt oid="1.3.6.1.4.1.25623.1.0.10330"> <name>Services</name> </nvt> <id>1</id> <name>Network connection timeout :</name> <type>entry</type> <value>5</value> <default>5</default> </preference> </get_preferences>
7.67 Command get_reports
In short: Get one or many reports.
The client uses the get_reports command to get report information.
The XML report format is sent as XML. All other formats are sent in Base64 encoding.
The "lean" attribute requests a reduced report. This option is specifically to support GSA performance when loading big reports, so the effect of "lean" may change between versions, even between minor versions.
Currently "lean" skips certain result elements (MODIFICATION_TIME, SCAN_NVT_VERSION, THREAT, ORIGINAL_THREAT), skips SOURCE/TYPE of host details, skips certain host details ("EXIT_CODE" when equal to "EXIT_NONVULN", "scanned_with_scanner", "scanned_with_feedtype", "scanned_with_feedversion", "OS" and "traceroute"), skips certain elements when they are empty (REFS, QOD/TYPE, ...), and skips ORIGINAL_SEVERITY when it is the same as SEVERITY.
"lean" will always work with the XML report format, but will not necessarily work with any others.
7.67.1 Structure
-
Command
- @report_id (uuid) ID of single report to get.
-
@filter
(text)
Filter term to use to filter results, when getting a single report.
Keywords
- option apply_overrides (boolean) Whether to apply Overrides
- option autofp ("0", "1" or "2") Whether to trust vendor security updates. 1 full match, 2 partial
- option levels (levels) Severity levels to select
- option min_qod (integer) Minimum QoD of the results
- option notes (boolean) Whether to include Notes in the report
- option overrides (boolean) Whether to include Override descriptions in the report
- option timezone (text) The timezone to use for the report
- column uuid (uuid) Unique ID
- column name (name) Name of the NVT
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column host (text) Host IP address of the result
- column hostname (text) Hostname of the result
- column location (text) Port and protocol of the result
- column nvt (text) Unique ID of the test that produced the result
- column type (threat) Severity type of the result with overrides and autofp
- column original_type (threat) Original severity type of the result
- column auto_type (boolean) Whether autofp applies to the result
- column description (text) Description of the result
- column task (text) Name of the task
- column report (number) Internal ID of the report
- column cvss_base (severity) CVSS base score of the NVT that generated the result
- column nvt_version (text) Version of the NVT that generated the result
- column severity (severity) Severity of the result with overrides and autofp
- column original_severity (severity) Original severity of the result
- column vulnerability (text) Name of the NVT that generated result
- column date (iso_time) Time the result was generated
- column report_id (uuid) UUID of the report
- column solution_type (text) Solution type of the result
- column qod (integer) QoD of the result
- column qod_type (text) QoD type of the result
- column task_id (uuid) UUID of the task
- column cve (text) List of CVEs of the result
- @filt_id (uuid) ID of filter to use to filter results, when getting a single report.
-
@report_filter
(text)
Filter term to use to filter reports.
Keywords
- option apply_overrides (boolean) Whether to apply Overrides
- option min_qod (integer) Minimum QoD of the results
- column uuid (uuid) Unique ID
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column task_id (uuid) UUID of the Task of the Report
- column name (iso_time) Time the scan was started
- column date (iso_time) Time of the scan
- column status (text) Status of scan
- column task (text) Name of the Task the report belongs to
- column severity (severity) Highest severity of the results in the report
- column false_positive (integer) Number of false positive results
- column log (integer) Number of log results
- column low (integer) Number of low severity results
- column medium (integer) Number of medium severity results
- column high (integer) Number of high severity results
- column hosts (integer) Total number of hosts
- column result_hosts (integer) Number of hosts with results matching the min_qod
- column fp_per_host (integer) Number of false positive results per host with results
- column log_per_host (integer) Number of log results per host with results
- column low_per_host (integer) Number of low severity results per host with results
- column medium_per_host (integer) Number of medium severity results per host with results
- column high_per_host (integer) Number of high severity results per host with results
- @report_filt_id (uuid) ID of filter to use to filter reports.
- @details (boolean) Whether to get the details of the reports including the results, hosts, ports etc..
- @format_id (uuid) ID of required report format.
- @alert_id (uuid) ID of alert to pass generated report to.
- @lean (boolean) Whether to return a streamlined response.
- @notes_details (boolean) If notes are included, whether to include note details.
- @overrides_details (boolean) If overrides are included, whether to include override details.
- @result_tags (boolean) Whether to include tags in the results.
- @delta_report_id (uuid) ID of second report, for producing a delta report.
- @ignore_pagination (boolean) Whether to ignore info used to split the report into pages like the filter terms "first" and "rows"..
-
Response
- @status (status)
- @status_text (text)
-
<report>
*(report)Actually attributes and either base64 or a report.
-
The group?
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<filter>
*A severity level that is included in the report.
-
<host>
?Single host selected for delta report.
-
<ip>
IP address of the host.
-
<ip>
-
<delta>
?Delta states.
-
<changed>
Whether changed results are included.
-
<gone>
Whether results that have vanished are included.
-
<new>
Whether new results are included.
-
<same>
Whether results that are equal are included.
-
<changed>
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <reports>
-
<report_count>
-
<filtered>
Number of reports after filtering.
-
<page>
Number of reports on current page.
-
<filtered>
-
<filters>
7.67.2 RNC
get_reports = element get_reports { attribute report_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute report_filter { text }? & attribute report_filt_id { uuid }? & attribute details { boolean }? & attribute format_id { uuid }? & attribute alert_id { uuid }? & attribute lean { boolean }? & attribute notes_details { boolean }? & attribute overrides_details { boolean }? & attribute result_tags { boolean }? & attribute delta_report_id { uuid }? & attribute ignore_pagination { boolean }? }
get_reports_response = element get_reports_response { attribute status { status } & attribute status_text { text } & get_reports_response_report* & ( get_reports_response_filters & get_reports_response_sort & get_reports_response_reports & get_reports_response_report_count )? } get_reports_response_report = element report # type report { text # RNC limitation: base64 & attribute id { uuid } & attribute format_id { uuid } & attribute extension { text } & attribute content_type { text } & attribute type { xsd:token { pattern = "scan|assets" } }? & report_owner & report_name & report_comment & report_creation_time & report_modification_time & report_writable & report_in_use & report_task & report_report_format & report_report } get_reports_response_filters = element filters { attribute id { uuid } & get_reports_response_filters_term & get_reports_response_filters_name? & get_reports_response_filters_filter* & get_reports_response_filters_host? & get_reports_response_filters_delta? & get_reports_response_filters_keywords } get_reports_response_filters_term = element term { text } get_reports_response_filters_name = element name { text } get_reports_response_filters_filter = element filter { xsd:token { pattern = "High|Medium|Low|Log|Debug" } } get_reports_response_filters_host = element host { get_reports_response_filters_host_ip } get_reports_response_filters_host_ip = element ip { text } get_reports_response_filters_delta = element delta { text & get_reports_response_filters_delta_changed & get_reports_response_filters_delta_gone & get_reports_response_filters_delta_new & get_reports_response_filters_delta_same } get_reports_response_filters_delta_changed = element changed { boolean } get_reports_response_filters_delta_gone = element gone { boolean } get_reports_response_filters_delta_new = element new { boolean } get_reports_response_filters_delta_same = element same { boolean } get_reports_response_filters_keywords = element keywords { get_reports_response_filters_keywords_keyword* } get_reports_response_filters_keywords_keyword = element keyword { get_reports_response_filters_keywords_keyword_column & get_reports_response_filters_keywords_keyword_relation & get_reports_response_filters_keywords_keyword_value } get_reports_response_filters_keywords_keyword_column = element column { text } get_reports_response_filters_keywords_keyword_relation = element relation { ERROR } get_reports_response_filters_keywords_keyword_value = element value { text } get_reports_response_sort = element sort { text & get_reports_response_sort_field } get_reports_response_sort_field = element field { get_reports_response_sort_field_order } get_reports_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_reports_response_reports = element reports { attribute start { integer } & attribute max { integer } } get_reports_response_report_count = element report_count { get_reports_response_report_count_filtered & get_reports_response_report_count_page } get_reports_response_report_count_filtered = element filtered { integer } get_reports_response_report_count_page = element page { integer }
7.67.3 Example: Get a report in PDF
<get_reports report_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" format_id="1a60a67e-97d0-4cbf-bc77-f71b08e7043d"/>
<get_reports_response status="200" status_text="OK"> <report id="267a3405-e84a-47da-97b2-5fa0d2e8995e" format_id="1a60a67e-97d0-4cbf-bc77-f71b08e7043d" extension="pdf" content_type="application/pdf">hsisn3qaVFhkjFRG4...</report> </get_reports_response>
7.67.3 Example: Get a report in XML
<get_reports report_id="f0fdf522-276d-4893-9274-fb8699dc2270"/>
<get_reports_response status="200" status_text="OK"> <report id="f0fdf522-276d-4893-9274-fb8699dc2270" format_id="d5da9f67-8551-4e51-807b-b6a873d70e34" extension="xml" content_type="text/xml"> <report id="f0fdf522-276d-4893-9274-fb8699dc2270"> <gmp> <version>9.0</version> </gmp> <sort> <field> type <order>descending</order> </field> </sort> <filters id="0"> <term>first=1 rows=-1 sort=name</term> <filter>High</filter> <filter>Medium</filter> <filter>Low</filter> <filter>Log</filter> <filter>Debug</filter> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> <keyword> <column>rows</column> <relation>=</relation> <value>-1</value> </keyword> <keyword> <column>sort</column> <relation>=</relation> <value>name</value> </keyword> </keywords> </filters> <scan_run_status>Done</scan_run_status> <hosts> <count>1</count> </hosts> <closed_cves> <count>0</count> </closed_cves> <vulns> <count>3</count> </vulns> <os> <count>1</count> </os> <apps> <count>2</count> </apps> <ssl_certs> <count>0</count> </ssl_certs> <result_count> <full>10</full> <filtered>10</filtered> <debug> <full>0</full> <filtered>0</filtered> </debug> <hole> <full>0</full> <filtered>0</filtered> </hole> <info> <full>7</full> <filtered>7</filtered> </info> <log> <full>0</full> <filtered>0</filtered> </log> <warning> <full>3</full> <filtered>3</filtered> </warning> </result_count> <task id="13bb418a-4220-4575-b35b-ec398bff7417"> <name>dik mm</name> </task> <scan> <task/> </scan> <timestamp>2010-02-02T19:11:21+00:00</timestamp> <scan_start>2010-02-02T19:11:21+00:00</scan_start> <timezone>UTC</timezone> <timezone_abbrev>UTC</timezone_abbrev> <ports start="1" max="-1"> <port> general/tcp <host>127.0.1.1</host> <severity>5.0</severity> <threat>Medium</threat> </port> ... </ports> <results start="1" max="-1"> <result id="634f7a2e-8ca1-43b7-b6d7-0d4841449508"> <host>127.0.1.1</host> <port>general/tcp</port> <nvt oid="1.3.6.1.4.1.25623.1.0.74"> <name>Test NVT: fields with ISO-8859-1 chars ()</name> <cvss_base>5.0</cvss_base> <tags>NOTAGS</tags> <refs> <ref id="CVE-2013-1406" type="cve"/> <ref id="51702" type="bid"/> <ref id="DFN-CERT-2013-0246" type="dfn-cert"/> </refs> </nvt> <threat>Medium</threat> <description>Test with umlaut Warning Port 0.</description> </result> ... </results> <host> <ip>127.0.1.1</ip> <asset asset_id="167a7f18-df86-4695-a6ff-2516ffe2ad43"/> <start>2010-02-21T15:35:31Z</start> <end>2010-02-21T16:31:13Z</end> ... </host> <scan_end>2010-02-02T19:11:52+00:00</scan_end> <errors> <count>0</count> </errors> </report> </report> </get_reports_response>
7.68 Command get_report_formats
In short: Get one or many report formats.
The client uses the get_report_formats command to get report format information.
7.68.1 Structure
-
Command
- @report_format_id (uuid) ID of single report format to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column extension (text) File extension of the report format
- column content_type (text) Content type of the report format
- column summary (text) Short summary of the report format
- column description (text) Description of the report format
- column trust (boolean) Whether the report format is trusted
- column trust_time (iso_time) Time the report format was last verified
- column active (boolean) Whether the report format is active
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan report formats instead.
- @alerts (boolean) Whether to include alerts that use the report format.
- @params (boolean) Whether to include report format parameters.
- @details (boolean) Include report format file, signature and parameters.
-
Response
- @status (status)
- @status_text (text)
-
<report_format>
*
- @id (uuid)
-
<owner>
Owner of the report format.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the report format.
-
<creation_time>
-
<modification_time>
-
<writable>
Whether the report format is global or in use.
-
<in_use>
Whether any alerts are using the report format.
-
<permissions>
Permissions that the current user has on the report format.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the report format.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<extension>
-
<content_type>
-
<summary>
-
<description>
-
<predefined>
-
<alerts>
?Alerts using the report format.
-
<alert>
*
- @id (uuid) UUID of the alert.
-
<name>
Name of the alert.
-
<permissions>
?Permissions the user has on the permission.
-
<alert>
*
-
The group?
-
<file>
*One of the files used to generate the report.
- @name (text)
-
<signature>
The report format signature.
-
<file>
*
-
<trust>
Whether signature verification succeeded.
- @name (text)
-
<time>
The time the trust was checked.
-
<active>
Whether the report format is active.
-
<param>
*
-
<name>
The name of the param.
-
<type>
The type of the param.
-
<min>
?Minimum.
-
<max>
?Maximum.
-
<options>
?Selection options.
-
<option>
*Option value.
-
<option>
*
-
<min>
?
-
<value>
The value of the param.
-
<report_format>
*Report format info if type is report_format_list.
- @id (uuid)
-
<name>
Name of the report format if available.
-
<report_format>
*
-
<default>
The fallback value of the param.
-
<name>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <report_formats>
-
<report_format_count>
-
<filtered>
Number of report formats after filtering.
-
<page>
Number of report formats on current page.
-
<filtered>
7.68.2 RNC
get_report_formats = element get_report_formats { attribute report_format_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute alerts { boolean }? & attribute params { boolean }? & attribute details { boolean }? }
get_report_formats_response = element get_report_formats_response { attribute status { status } & attribute status_text { text } & get_report_formats_response_report_format* & get_report_formats_response_filters & get_report_formats_response_sort & get_report_formats_response_report_formats & get_report_formats_response_report_format_count } get_report_formats_response_report_format = element report_format { attribute id { uuid } & get_report_formats_response_report_format_owner & get_report_formats_response_report_format_name & get_report_formats_response_report_format_creation_time & get_report_formats_response_report_format_modification_time & get_report_formats_response_report_format_writable & get_report_formats_response_report_format_in_use & get_report_formats_response_report_format_permissions & get_report_formats_response_report_format_user_tags? & get_report_formats_response_report_format_extension & get_report_formats_response_report_format_content_type & get_report_formats_response_report_format_summary & get_report_formats_response_report_format_description & get_report_formats_response_report_format_predefined & get_report_formats_response_report_format_alerts? & ( get_report_formats_response_report_format_file* & get_report_formats_response_report_format_signature )? & get_report_formats_response_report_format_trust & get_report_formats_response_report_format_active & get_report_formats_response_report_format_param* } get_report_formats_response_report_format_owner = element owner { get_report_formats_response_report_format_owner_name } get_report_formats_response_report_format_owner_name = element name { name } get_report_formats_response_report_format_name = element name { name } get_report_formats_response_report_format_creation_time = element creation_time { iso_time } get_report_formats_response_report_format_modification_time = element modification_time { iso_time } get_report_formats_response_report_format_writable = element writable { boolean } get_report_formats_response_report_format_in_use = element in_use { boolean } get_report_formats_response_report_format_permissions = element permissions { get_report_formats_response_report_format_permissions_permission* } get_report_formats_response_report_format_permissions_permission = element permission { get_report_formats_response_report_format_permissions_permission_name } get_report_formats_response_report_format_permissions_permission_name = element name { name } get_report_formats_response_report_format_user_tags = element user_tags { get_report_formats_response_report_format_user_tags_count & get_report_formats_response_report_format_user_tags_tag* } get_report_formats_response_report_format_user_tags_count = element count { integer } get_report_formats_response_report_format_user_tags_tag = element tag { attribute id { uuid } & get_report_formats_response_report_format_user_tags_tag_name & get_report_formats_response_report_format_user_tags_tag_value & get_report_formats_response_report_format_user_tags_tag_comment } get_report_formats_response_report_format_user_tags_tag_name = element name { text } get_report_formats_response_report_format_user_tags_tag_value = element value { text } get_report_formats_response_report_format_user_tags_tag_comment = element comment { text } get_report_formats_response_report_format_summary = element summary { text } get_report_formats_response_report_format_description = element description { text } get_report_formats_response_report_format_extension = element extension { text } get_report_formats_response_report_format_content_type = element content_type { text } get_report_formats_response_report_format_predefined = element predefined { boolean } get_report_formats_response_report_format_alerts = element alerts { get_report_formats_response_report_format_alerts_alert* } get_report_formats_response_report_format_alerts_alert = element alert { attribute id { uuid } & get_report_formats_response_report_format_alerts_alert_name & get_report_formats_response_report_format_alerts_alert_permissions? } get_report_formats_response_report_format_alerts_alert_name = element name { name } get_report_formats_response_report_format_alerts_alert_permissions = element permissions { "" } get_report_formats_response_report_format_param = element param { get_report_formats_response_report_format_param_name & get_report_formats_response_report_format_param_type & get_report_formats_response_report_format_param_value & get_report_formats_response_report_format_param_default } get_report_formats_response_report_format_param_name = element name { name } get_report_formats_response_report_format_param_type = element type { text # RNC limitation: xsd:token { pattern = "boolean|integer|selection|string|text|report_format_list" } & get_report_formats_response_report_format_param_type_min? & get_report_formats_response_report_format_param_type_max? & get_report_formats_response_report_format_param_type_options? } get_report_formats_response_report_format_param_type_min = element min { text } get_report_formats_response_report_format_param_type_max = element max { text } get_report_formats_response_report_format_param_type_options = element options { get_report_formats_response_report_format_param_type_options_option* } get_report_formats_response_report_format_param_type_options_option = element option { text } get_report_formats_response_report_format_param_value = element value { get_report_formats_response_report_format_param_value_report_format* } get_report_formats_response_report_format_param_value_report_format = element report_format { attribute id { uuid } & get_report_formats_response_report_format_param_value_report_format_name } get_report_formats_response_report_format_param_value_report_format_name = element name { text } get_report_formats_response_report_format_param_default = element default { text } get_report_formats_response_report_format_file = element file { text # RNC limitation: base64 & attribute name { text } } get_report_formats_response_report_format_signature = element signature { text } get_report_formats_response_report_format_trust = element trust { text # RNC limitation: xsd:token { pattern = "yes|no|unknown" } & attribute name { text } & get_report_formats_response_report_format_trust_time } get_report_formats_response_report_format_trust_time = element time { iso_time } get_report_formats_response_report_format_active = element active { boolean } get_report_formats_response_filters = element filters { attribute id { uuid } & get_report_formats_response_filters_term & get_report_formats_response_filters_name? & get_report_formats_response_filters_keywords } get_report_formats_response_filters_term = element term { text } get_report_formats_response_filters_name = element name { text } get_report_formats_response_filters_keywords = element keywords { get_report_formats_response_filters_keywords_keyword* } get_report_formats_response_filters_keywords_keyword = element keyword { get_report_formats_response_filters_keywords_keyword_column & get_report_formats_response_filters_keywords_keyword_relation & get_report_formats_response_filters_keywords_keyword_value } get_report_formats_response_filters_keywords_keyword_column = element column { text } get_report_formats_response_filters_keywords_keyword_relation = element relation { ERROR } get_report_formats_response_filters_keywords_keyword_value = element value { text } get_report_formats_response_sort = element sort { text & get_report_formats_response_sort_field } get_report_formats_response_sort_field = element field { get_report_formats_response_sort_field_order } get_report_formats_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_report_formats_response_report_formats = element report_formats { attribute start { integer } & attribute max { integer } } get_report_formats_response_report_format_count = element report_format_count { get_report_formats_response_report_format_count_filtered & get_report_formats_response_report_format_count_page } get_report_formats_response_report_format_count_filtered = element filtered { integer } get_report_formats_response_report_format_count_page = element page { integer }
7.68.3 Example: Get information about a report format
<get_report_formats report_format_id="b993b6f5-f9fb-4e6e-9c94-dd46c00e058d"/>
<get_report_formats_response status="200" status_text="OK"> <report_format id="b993b6f5-f9fb-4e6e-9c94-dd46c00e058d"> <name>HTML</name> <creation_time>2013-01-31T16:46:32+01:00</creation_time> <modification_time>2013-01-31T16:46:32+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <extension>html</extension> <content_type>text/html</content_type> <summary>Single page HTML report.</summary> <description> A single HTML page listing results of a scan. Style information ... </description> <predefined>1</predefined> <trust> no <time>Thu Dec 2 13:22:26 2010</time> </trust> <active>1</active> </report_format> ... </get_report_formats_response>
7.68.3 Example: Export a report format
<get_report_formats report_format_id="b993b6f5-f9fb-4e6e-9c94-dd46c00e058d" details="1"/>
<get_report_formats_response status="200" status_text="OK"> <report_format id="b993b6f5-f9fb-4e6e-9c94-dd46c00e058d"> <name>HTML</name> <comment/> <creation_time>2013-01-18T18:23:53+01:00</creation_time> <modification_time>2013-01-18T18:24:10+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <extension>html</extension> <content_type>text/html</content_type> <summary>Single page HTML report.</summary> <description> A single HTML page listing results of a scan. Style information ... </description> <predefined>1</predefined> <file name="HTML.xsl"> PD9ldD4K ... </file> <file name="generate"> IyEvAk ... </file> <signature/> </report_format> ... </get_report_formats_response>
7.69 Command get_results
In short: Get results.
The client uses the get_results command to get result information.
If the request includes a notes flag, an overrides flag or an apply_overrides flag and any of these is true, then the request must also include a task ID.
7.69.1 Structure
-
Command
- @result_id (uuid) ID of single result to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- option apply_overrides (boolean) Whether to apply Overrides
- option autofp ("0", "1" or "2") Whether to trust vendor security updates. 1 full match, 2 partial
- option levels (levels) Severity levels to select
- option min_qod (integer) Minimum QoD of the results
- option notes (boolean) Whether to include Notes in the report
- option overrides (boolean) Whether to include Override descriptions in the report
- option timezone (text) The timezone to use for the report
- column uuid (uuid) Unique ID
- column name (name) Name of the NVT
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column host (text) Host IP address of the result
- column hostname (text) Hostname of the result
- column location (text) Port and protocol of the result
- column nvt (text) Unique ID of the test that produced the result
- column type (threat) Severity type of the result with overrides and autofp
- column original_type (threat) Original severity type of the result
- column auto_type (boolean) Whether autofp applies to the result
- column description (text) Description of the result
- column task (text) Name of the task
- column report (number) Internal ID of the report
- column cvss_base (severity) CVSS base score of the NVT that generated the result
- column nvt_version (text) Version of the NVT that generated the result
- column severity (severity) Severity of the result with overrides and autofp
- column original_severity (severity) Original severity of the result
- column vulnerability (text) Name of the NVT that generated result
- column date (iso_time) Time the result was generated
- column report_id (uuid) UUID of the report
- column solution_type (text) Solution type of the result
- column qod (integer) QoD of the result
- column qod_type (text) QoD type of the result
- column task_id (uuid) UUID of the task
- column cve (text) List of CVEs of the result
- @filt_id (uuid) ID of filter to use to filter query.
- @task_id (uuid) ID of task for note and override handling.
- @notes_details (boolean) If notes are included, whether to include note details.
- @overrides_details (boolean) If overrides are included, whether to include override details.
- @details (boolean) Whether to include additional details of the results.
- @get_counts (boolean) Whether to include result counts.
-
Response
- @status (status)
- @status_text (text)
-
<result>
*(result)
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <results>
-
<result_count>
?
-
<filtered>
Number of results after filtering.
-
<page>
Number of results on current page.
-
<filtered>
7.69.2 RNC
get_results = element get_results { attribute result_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute task_id { uuid }? & attribute notes_details { boolean }? & attribute overrides_details { boolean }? & attribute details { boolean }? & attribute get_counts { boolean }? }
get_results_response = element get_results_response { attribute status { status } & attribute status_text { text } & get_results_response_result* & get_results_response_filters & get_results_response_sort & get_results_response_results & get_results_response_result_count? } get_results_response_result = element result # type result { attribute id { uuid } & result_name & result_owner & result_comment & result_creation_time & result_modification_time & result_user_tags? & result_report? & result_task? & result_host & result_port & result_nvt & result_scan_nvt_version & result_threat & result_severity & result_qod & result_original_threat? & result_original_severity? & result_description & result_delta? & result_detection? & result_notes? & result_overrides? & result_tickets? } get_results_response_filters = element filters { attribute id { uuid } & get_results_response_filters_term & get_results_response_filters_name? & get_results_response_filters_keywords } get_results_response_filters_term = element term { text } get_results_response_filters_name = element name { text } get_results_response_filters_keywords = element keywords { get_results_response_filters_keywords_keyword* } get_results_response_filters_keywords_keyword = element keyword { get_results_response_filters_keywords_keyword_column & get_results_response_filters_keywords_keyword_relation & get_results_response_filters_keywords_keyword_value } get_results_response_filters_keywords_keyword_column = element column { text } get_results_response_filters_keywords_keyword_relation = element relation { ERROR } get_results_response_filters_keywords_keyword_value = element value { text } get_results_response_sort = element sort { text & get_results_response_sort_field } get_results_response_sort_field = element field { get_results_response_sort_field_order } get_results_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_results_response_results = element results { attribute start { integer } & attribute max { integer } } get_results_response_result_count = element result_count { get_results_response_result_count_filtered & get_results_response_result_count_page } get_results_response_result_count_filtered = element filtered { integer } get_results_response_result_count_page = element page { integer }
7.69.3 Example: Get one or many results
<get_results/>
<get_results_response status="200" status_text="OK"> <result id="634f7a2e-8ca1-43b7-b6d7-0d4841449508"> <owner> <name>admin</name> </owner> <comment/> <creation_time>2014-05-23T09:22:12Z</creation_time> <modification_time>2014-05-23T09:22:12Z</modification_time> <host>127.0.1.1</host> <port>general/tcp</port> <nvt oid="1.3.6.1.4.1.25623.1.0.74"> <name>Test NVT: fields with ISO-8859-1 chars</name> <cvss_base>5.0</cvss_base> <tags>NOTAGS</tags> <refs> <ref type="cve" id="CVE-2009-3095"/> <ref type="bid" id="36254"/> </refs> </nvt> <threat>Medium</threat> <description>Test with umlaut.</description> </result> ... <filters id=""> <term>first=1 rows=-1 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> ... </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <results max="-1" start="1"/> <result_count> 124 <filtered>124</filtered> <page>124</page> </result_count> </get_results_response>
7.69.3 Example: Get a result, including notes and overrides
<get_results result_id="cac9e7c8-c726-49fd-a710-5f99079ab93e" task_id="40b236a9-2b0f-4813-b8c7-bc2b98d9d7e4" filter="notes=1 overrides=1"/>
<get_results_response status="200" status_text="OK"> <result id="cac9e7c8-c726-49fd-a710-5f99079ab93e"> <owner> <name>admin</name> </owner> <comment/> <creation_time>2014-05-23T09:22:12Z</creation_time> <modification_time>2014-05-23T09:22:12Z</modification_time> <host>127.0.0.1</host> <port>general/tcp</port> <nvt oid="1.3.6.1.4.1.25623.1.0.75"> <name>Test NVT: long lines</name> <cvss_base>9</cvss_base> <tags>NOTAGS</tags> <refs> <ref type="cve" id="CVE-2009-3095"/> <ref type="bid" id="36254"/> </refs> </nvt> <threat>High</threat> <description>Test with very long warning.</description> <original_threat>Medium</original_threat> <notes/> <overrides> <override id="b0832812-75f1-45eb-b676-99c6e6bf2b24"> <nvt oid="1.3.6.1.4.1.25623.1.0.75"> <name>Test NVT: long lines</name> </nvt> <text excerpt="0">Test override</text> <new_threat>High</new_threat> <orphan>0</orphan> </override> </overrides> </result> <filters id=""> <term>first=1 rows=-1 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> ... </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <results max="-1" start="1"/> <result_count> 1 <filtered>1</filtered> <page>1</page> </result_count> </get_results_response>
7.70 Command get_roles
In short: Get one or many roles.
The client uses the get_roles command to get role information.
7.70.1 Structure
- Command
-
Response
- @status (status)
- @status_text (text)
-
<role>
*
- @id (uuid)
-
<owner>
Owner of the role.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the role.
-
<comment>
The comment on the role.
-
<creation_time>
Date and time the role was created.
-
<modification_time>
Date and time the role was last modified.
-
<writable>
Whether the role is writable.
-
<in_use>
Whether the role is in use.
-
<permissions>
Permissions that the current user has on the role.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the role.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<users>
A comma-separated list of the users who have this role.
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <roles>
-
<role_count>
-
<filtered>
Number of roles after filtering.
-
<page>
Number of roles on current page.
-
<filtered>
7.70.2 RNC
get_roles = element get_roles { attribute role_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? }
get_roles_response = element get_roles_response { attribute status { status } & attribute status_text { text } & get_roles_response_role* & get_roles_response_filters & get_roles_response_sort & get_roles_response_roles & get_roles_response_role_count } get_roles_response_role = element role { attribute id { uuid } & get_roles_response_role_owner & get_roles_response_role_name & get_roles_response_role_comment & get_roles_response_role_creation_time & get_roles_response_role_modification_time & get_roles_response_role_writable & get_roles_response_role_in_use & get_roles_response_role_permissions & get_roles_response_role_user_tags? & get_roles_response_role_users } get_roles_response_role_owner = element owner { get_roles_response_role_owner_name } get_roles_response_role_owner_name = element name { name } get_roles_response_role_name = element name { name } get_roles_response_role_comment = element comment { text } get_roles_response_role_creation_time = element creation_time { iso_time } get_roles_response_role_modification_time = element modification_time { iso_time } get_roles_response_role_users = element users { text } get_roles_response_role_writable = element writable { boolean } get_roles_response_role_in_use = element in_use { boolean } get_roles_response_role_permissions = element permissions { get_roles_response_role_permissions_permission* } get_roles_response_role_permissions_permission = element permission { get_roles_response_role_permissions_permission_name } get_roles_response_role_permissions_permission_name = element name { name } get_roles_response_role_user_tags = element user_tags { get_roles_response_role_user_tags_count & get_roles_response_role_user_tags_tag* } get_roles_response_role_user_tags_count = element count { integer } get_roles_response_role_user_tags_tag = element tag { attribute id { uuid } & get_roles_response_role_user_tags_tag_name & get_roles_response_role_user_tags_tag_value & get_roles_response_role_user_tags_tag_comment } get_roles_response_role_user_tags_tag_name = element name { text } get_roles_response_role_user_tags_tag_value = element value { text } get_roles_response_role_user_tags_tag_comment = element comment { text } get_roles_response_filters = element filters { attribute id { uuid } & get_roles_response_filters_term & get_roles_response_filters_name? & get_roles_response_filters_keywords } get_roles_response_filters_term = element term { text } get_roles_response_filters_name = element name { text } get_roles_response_filters_keywords = element keywords { get_roles_response_filters_keywords_keyword* } get_roles_response_filters_keywords_keyword = element keyword { get_roles_response_filters_keywords_keyword_column & get_roles_response_filters_keywords_keyword_relation & get_roles_response_filters_keywords_keyword_value } get_roles_response_filters_keywords_keyword_column = element column { text } get_roles_response_filters_keywords_keyword_relation = element relation { ERROR } get_roles_response_filters_keywords_keyword_value = element value { text } get_roles_response_sort = element sort { text & get_roles_response_sort_field } get_roles_response_sort_field = element field { get_roles_response_sort_field_order } get_roles_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_roles_response_roles = element roles { attribute start { integer } & attribute max { integer } } get_roles_response_role_count = element role_count { get_roles_response_role_count_filtered & get_roles_response_role_count_page } get_roles_response_role_count_filtered = element filtered { integer } get_roles_response_role_count_page = element page { integer }
7.70.3 Example: Get one or many roles
<get_roles/>
<get_roles_response status="200" status_text="OK"> <role id="b493b7a8-7489-11df-a3ec-002264764cea"> <name>Management</name> <comment>Managers</comment> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <writable>1</writable> <in_use>0</in_use> <users>sarah, frank</users> </role> ... <filters id=""> <term>first=1 rows=-1 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> ... </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <roles max="-1" start="1"/> <role_count> 1 <filtered>1</filtered> <page>1</page> </role_count> </get_roles_response>
7.71 Command get_scanners
In short: Get one or many scanners.
The client uses the get_scanners command to get scanner information.
7.71.1 Structure
-
Command
- @scanner_id (uuid) ID of single scanner to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column host (text) Host of the scanner
- column port (integer) Port of the scanner
- column type ("1" or "2") Scanner type: '1' for OSP, '2' for OpenVAS (classic)
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan scanners instead.
- @details (boolean) Whether to include extra details like tasks using this scanner.
-
Response
- @status (status)
- @status_text (text)
-
<scanner>
*
- @id (uuid)
-
<owner>
Owner of the scanner.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the scanner.
-
<comment>
The comment on the scanner.
-
<copy>
?The UUID of an existing scanner.
-
<creation_time>
-
<modification_time>
-
<writable>
Whether the scanner is writable.
-
<in_use>
Whether any tasks are using the scanner.
-
<permissions>
Permissions that the current user has on the scanner.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the chedule.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<ca_pub_info>
Info about the CA certificate.
-
<certificate_info>
Info about the certificate.
-
<host>
Host of the scanner.
-
<port>
Port of the scanner.
-
<type>
Type of the scanner.
-
<ca_pub>
CA Certificate to verify the scanner's certificate.
-
<credential>
Client certificate credential for the Scanner.
- @id (uuid)
-
<name>
Name of the credential.
-
<trash>
Whether the credential is in the trashcan.
-
<configs>
?
-
<config>
*
- @id (uuid)
-
<name>
The name of the config.
-
<permissions>
?Permissions the user has on the config.
-
<config>
*
-
<tasks>
?
-
<task>
*
- @id (uuid)
-
<name>
The name of the task.
-
<permissions>
?Permissions the user has on the task.
-
<task>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <scanners>
-
<scanner_count>
-
<filtered>
Number of scanners after filtering.
-
<page>
Number of scanners on current page.
-
<filtered>
7.71.2 RNC
get_scanners = element get_scanners { attribute scanner_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute details { boolean }? }
get_scanners_response = element get_scanners_response { attribute status { status } & attribute status_text { text } & get_scanners_response_scanner* & get_scanners_response_filters & get_scanners_response_sort & get_scanners_response_scanners & get_scanners_response_scanner_count } get_scanners_response_scanner = element scanner { attribute id { uuid } & get_scanners_response_scanner_owner & get_scanners_response_scanner_name & get_scanners_response_scanner_comment & get_scanners_response_scanner_copy? & get_scanners_response_scanner_creation_time & get_scanners_response_scanner_modification_time & get_scanners_response_scanner_writable & get_scanners_response_scanner_in_use & get_scanners_response_scanner_permissions & get_scanners_response_scanner_user_tags? & get_scanners_response_scanner_ca_pub_info & get_scanners_response_scanner_certificate_info & get_scanners_response_scanner_host & get_scanners_response_scanner_port & get_scanners_response_scanner_type & get_scanners_response_scanner_ca_pub & get_scanners_response_scanner_credential & get_scanners_response_scanner_configs? & get_scanners_response_scanner_tasks? } get_scanners_response_scanner_owner = element owner { get_scanners_response_scanner_owner_name } get_scanners_response_scanner_owner_name = element name { name } get_scanners_response_scanner_name = element name { name } get_scanners_response_scanner_comment = element comment { text } get_scanners_response_scanner_copy = element copy { uuid } get_scanners_response_scanner_creation_time = element creation_time { iso_time } get_scanners_response_scanner_modification_time = element modification_time { iso_time } get_scanners_response_scanner_writable = element writable { boolean } get_scanners_response_scanner_in_use = element in_use { boolean } get_scanners_response_scanner_permissions = element permissions { get_scanners_response_scanner_permissions_permission* } get_scanners_response_scanner_permissions_permission = element permission { get_scanners_response_scanner_permissions_permission_name } get_scanners_response_scanner_permissions_permission_name = element name { name } get_scanners_response_scanner_user_tags = element user_tags { get_scanners_response_scanner_user_tags_count & get_scanners_response_scanner_user_tags_tag* } get_scanners_response_scanner_user_tags_count = element count { integer } get_scanners_response_scanner_user_tags_tag = element tag { attribute id { uuid } & get_scanners_response_scanner_user_tags_tag_name & get_scanners_response_scanner_user_tags_tag_value & get_scanners_response_scanner_user_tags_tag_comment } get_scanners_response_scanner_user_tags_tag_name = element name { text } get_scanners_response_scanner_user_tags_tag_value = element value { text } get_scanners_response_scanner_user_tags_tag_comment = element comment { text } get_scanners_response_scanner_ca_pub_info = element ca_pub_info # type certificate_info { certificate_info_time_status & certificate_info_activation_time & certificate_info_expiration_time & certificate_info_issuer & certificate_info_md5_fingerprint } get_scanners_response_scanner_certificate_info = element certificate_info # type certificate_info { certificate_info_time_status & certificate_info_activation_time & certificate_info_expiration_time & certificate_info_issuer & certificate_info_md5_fingerprint } get_scanners_response_scanner_host = element host { text } get_scanners_response_scanner_port = element port { text } get_scanners_response_scanner_type = element type { text } get_scanners_response_scanner_ca_pub = element ca_pub { text } get_scanners_response_scanner_credential = element credential { attribute id { uuid } & get_scanners_response_scanner_credential_name & get_scanners_response_scanner_credential_trash } get_scanners_response_scanner_credential_name = element name { text } get_scanners_response_scanner_credential_login = element login { text } get_scanners_response_scanner_credential_trash = element trash { boolean } get_scanners_response_scanner_configs = element configs { get_scanners_response_scanner_configs_config* } get_scanners_response_scanner_configs_config = element config { attribute id { uuid } & get_scanners_response_scanner_configs_config_name & get_scanners_response_scanner_configs_config_permissions? } get_scanners_response_scanner_configs_config_name = element name { name } get_scanners_response_scanner_configs_config_permissions = element permissions { "" } get_scanners_response_scanner_tasks = element tasks { get_scanners_response_scanner_tasks_task* } get_scanners_response_scanner_tasks_task = element task { attribute id { uuid } & get_scanners_response_scanner_tasks_task_name & get_scanners_response_scanner_tasks_task_permissions? } get_scanners_response_scanner_tasks_task_name = element name { name } get_scanners_response_scanner_tasks_task_permissions = element permissions { "" } get_scanners_response_filters = element filters { attribute id { uuid } & get_scanners_response_filters_term & get_scanners_response_filters_name? & get_scanners_response_filters_keywords } get_scanners_response_filters_term = element term { text } get_scanners_response_filters_name = element name { text } get_scanners_response_filters_keywords = element keywords { get_scanners_response_filters_keywords_keyword* } get_scanners_response_filters_keywords_keyword = element keyword { get_scanners_response_filters_keywords_keyword_column & get_scanners_response_filters_keywords_keyword_relation & get_scanners_response_filters_keywords_keyword_value } get_scanners_response_filters_keywords_keyword_column = element column { text } get_scanners_response_filters_keywords_keyword_relation = element relation { ERROR } get_scanners_response_filters_keywords_keyword_value = element value { text } get_scanners_response_sort = element sort { text & get_scanners_response_sort_field } get_scanners_response_sort_field = element field { get_scanners_response_sort_field_order } get_scanners_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_scanners_response_scanners = element scanners { attribute start { integer } & attribute max { integer } } get_scanners_response_scanner_count = element scanner_count { get_scanners_response_scanner_count_filtered & get_scanners_response_scanner_count_page } get_scanners_response_scanner_count_filtered = element filtered { integer } get_scanners_response_scanner_count_page = element page { integer }
7.71.3 Example: Get full details of a single scanner
<get_scanners details="1" scanner_id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"/>
<get_scanners_response status="200" status_text="OK"> <scanner id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"> <name>Default Scanner</name> <comment/> <creation_time>2014-01-01T13:57:25+01:00</creation_time> <modification_time>2014-01-18T12:07:36+01:00</modification_time> <writable>0</writable> <in_use>1</in_use> <host>localhost</host> <port>9391</port> <type>2</type> <ca_pub>...</ca_pub> <key_pub>...</key_pub> <tasks> <task id="813864a9-d3fd-44b3-8717-972bfb01dfc0"> <name>Debian desktops</name> </task> ... </tasks> </scanner> <truncate>...</truncate> </get_scanners_response>
7.72 Command get_schedules
In short: Get one or many schedules.
The client uses the get_schedules command to get schedule information.
7.72.1 Structure
-
Command
- @schedule_id (uuid) ID of single schedule to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column first_time (iso_time) First time the schedule ran or will run
- column period (integer) Time period between runs in seconds
- column period_months (integer) Time period between runs in months
- column duration (integer) Maximum duration of scans run with the schedule
- column timezone (text) Timezone the schedule uses
- column initial_offset (integer) Initial offset in seconds
- column first_run (iso_time) Alias for first_time
- column next_run (iso_time) The next time the schedule will run
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan schedules instead.
- @tasks (boolean) Whether to include tasks using the schedules.
-
Response
- @status (status)
- @status_text (text)
-
<schedule>
*
- @id (uuid)
-
<owner>
Owner of the schedule.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the schedule.
-
<comment>
The comment on the schedule.
-
<creation_time>
-
<modification_time>
-
<writable>
Whether the schedule is writable.
-
<in_use>
Whether any tasks are using the schedule.
-
<permissions>
Permissions that the current user has on the schedule.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the schedule.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<first_time>
First time the task ran or will run.
-
<next_time>
The next time the task will run.
-
<icalendar>
iCalendar text containing the time data..
-
<timezone>
The timezone that the schedule follows.
-
<timezone_abbrev>
The abbreviated name of the timezone.
-
<period>
How often the task will run, in seconds.
-
<period_months>
How often the task will run, months portion.
-
<simple_period>
Simple representation of period, if available.
-
<unit>
?
-
<unit>
?
-
<duration>
How long the task will run for (0 for entire task).
-
<simple_duration>
Simple representation of duration, if available.
-
<unit>
?
-
<unit>
?
-
<tasks>
?
-
<task>
*
- @id (uuid)
-
<name>
The name of the task.
-
<permissions>
?Permissions the user has on the task.
-
<task>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <schedules>
-
<schedule_count>
-
<filtered>
Number of schedules after filtering.
-
<page>
Number of schedules on current page.
-
<filtered>
7.72.2 RNC
get_schedules = element get_schedules { attribute schedule_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute tasks { boolean }? }
get_schedules_response = element get_schedules_response { attribute status { status } & attribute status_text { text } & get_schedules_response_schedule* & get_schedules_response_filters & get_schedules_response_sort & get_schedules_response_schedules & get_schedules_response_schedule_count } get_schedules_response_schedule = element schedule { attribute id { uuid } & get_schedules_response_schedule_owner & get_schedules_response_schedule_name & get_schedules_response_schedule_comment & get_schedules_response_schedule_creation_time & get_schedules_response_schedule_modification_time & get_schedules_response_schedule_writable & get_schedules_response_schedule_in_use & get_schedules_response_schedule_permissions & get_schedules_response_schedule_user_tags? & get_schedules_response_schedule_first_time & get_schedules_response_schedule_next_time & get_schedules_response_schedule_icalendar & get_schedules_response_schedule_timezone & get_schedules_response_schedule_timezone_abbrev & get_schedules_response_schedule_period & get_schedules_response_schedule_period_months & get_schedules_response_schedule_simple_period & get_schedules_response_schedule_duration & get_schedules_response_schedule_simple_duration & get_schedules_response_schedule_tasks? } get_schedules_response_schedule_owner = element owner { get_schedules_response_schedule_owner_name } get_schedules_response_schedule_owner_name = element name { name } get_schedules_response_schedule_name = element name { name } get_schedules_response_schedule_comment = element comment { text } get_schedules_response_schedule_creation_time = element creation_time { iso_time } get_schedules_response_schedule_modification_time = element modification_time { iso_time } get_schedules_response_schedule_writable = element writable { boolean } get_schedules_response_schedule_in_use = element in_use { boolean } get_schedules_response_schedule_permissions = element permissions { get_schedules_response_schedule_permissions_permission* } get_schedules_response_schedule_permissions_permission = element permission { get_schedules_response_schedule_permissions_permission_name } get_schedules_response_schedule_permissions_permission_name = element name { name } get_schedules_response_schedule_user_tags = element user_tags { get_schedules_response_schedule_user_tags_count & get_schedules_response_schedule_user_tags_tag* } get_schedules_response_schedule_user_tags_count = element count { integer } get_schedules_response_schedule_user_tags_tag = element tag { attribute id { uuid } & get_schedules_response_schedule_user_tags_tag_name & get_schedules_response_schedule_user_tags_tag_value & get_schedules_response_schedule_user_tags_tag_comment } get_schedules_response_schedule_user_tags_tag_name = element name { text } get_schedules_response_schedule_user_tags_tag_value = element value { text } get_schedules_response_schedule_user_tags_tag_comment = element comment { text } get_schedules_response_schedule_first_time = element first_time { iso_time } get_schedules_response_schedule_next_time = element next_time { iso_time } get_schedules_response_schedule_icalendar = element icalendar { text } get_schedules_response_schedule_timezone = element timezone { timezone } get_schedules_response_schedule_timezone_abbrev = element timezone_abbrev { text } get_schedules_response_schedule_period = element period { integer } get_schedules_response_schedule_period_months = element period_months { integer } get_schedules_response_schedule_simple_period = element simple_period { text & get_schedules_response_schedule_simple_period_unit? } get_schedules_response_schedule_simple_period_unit = element unit { time_unit } get_schedules_response_schedule_duration = element duration { integer } get_schedules_response_schedule_simple_duration = element simple_duration { text & get_schedules_response_schedule_simple_duration_unit? } get_schedules_response_schedule_simple_duration_unit = element unit { time_unit } get_schedules_response_schedule_tasks = element tasks { get_schedules_response_schedule_tasks_task* } get_schedules_response_schedule_tasks_task = element task { attribute id { uuid } & get_schedules_response_schedule_tasks_task_name & get_schedules_response_schedule_tasks_task_permissions? } get_schedules_response_schedule_tasks_task_name = element name { name } get_schedules_response_schedule_tasks_task_permissions = element permissions { "" } get_schedules_response_filters = element filters { attribute id { uuid } & get_schedules_response_filters_term & get_schedules_response_filters_name? & get_schedules_response_filters_keywords } get_schedules_response_filters_term = element term { text } get_schedules_response_filters_name = element name { text } get_schedules_response_filters_keywords = element keywords { get_schedules_response_filters_keywords_keyword* } get_schedules_response_filters_keywords_keyword = element keyword { get_schedules_response_filters_keywords_keyword_column & get_schedules_response_filters_keywords_keyword_relation & get_schedules_response_filters_keywords_keyword_value } get_schedules_response_filters_keywords_keyword_column = element column { text } get_schedules_response_filters_keywords_keyword_relation = element relation { ERROR } get_schedules_response_filters_keywords_keyword_value = element value { text } get_schedules_response_sort = element sort { text & get_schedules_response_sort_field } get_schedules_response_sort_field = element field { get_schedules_response_sort_field_order } get_schedules_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_schedules_response_schedules = element schedules { attribute start { integer } & attribute max { integer } } get_schedules_response_schedule_count = element schedule_count { get_schedules_response_schedule_count_filtered & get_schedules_response_schedule_count_page } get_schedules_response_schedule_count_filtered = element filtered { integer } get_schedules_response_schedule_count_page = element page { integer }
7.72.3 Example: Get full details of a single schedule
<get_schedules schedule_id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"/>
<get_schedules_response status="200" status_text="OK"> <schedule id="c33864a9-d3fd-44b3-8717-972bfb01dfcf"> <name>Overnight</name> <comment>3 hours, starting at 12h00.</comment> <creation_time>2013-01-01T13:57:25+01:00</creation_time> <modification_time>2013-01-18T12:07:36+01:00</modification_time> <writable>0</writable> <in_use>1</in_use> <first_time>2010-07-29T00:00:00+02:00</first_time> <next_time>2010-07-29T00:00:00+02:00</next_time> <icalendar>[...]</icalendar> <period>86400</period> <period_months>0</period_months> <simple_period> 1 <unit>day</unit> </simple_period> <duration>10800</duration> <simple_duration> 3 <unit>hour</unit> </simple_duration> <timezone>Europe/Berlin</timezone> <timezone_abbrev>CEST</timezone_abbrev> <tasks> <task id="d4daf4c4-25c7-40ac-87d3-38e489f34330"> <name>Task 1</name> </task> </tasks> </schedule> <truncate>...</truncate> </get_schedules_response>
7.73 Command get_settings
In short: Get one or many settings.
The client uses the get_settings command to get the settings.
7.73.1 Structure
-
Command
- @setting_id (uuid) ID of single setting to get.
-
@filter
(text)
Filter term.
Keywords
- column name (name) Name
- column comment (text) Comment text
- column value (text) Current value of the setting
- @first (integer) First result.
- @max (integer) Maximum number of results in response.
- @sort_order (sort_order)
- @sort_field (text)
- Response
7.73.2 RNC
get_settings = element get_settings { attribute setting_id { uuid }? & attribute filter { text }? & attribute first { integer }? & attribute max { integer }? & attribute sort_order { sort_order }? & attribute sort_field { text }? }
get_settings_response = element get_settings_response { attribute status { status } & attribute status_text { text } & get_settings_response_filters & get_settings_response_settings & get_settings_response_setting* & get_settings_response_setting_count } get_settings_response_filters = element filters { get_settings_response_filters_term } get_settings_response_filters_term = element term { text } get_settings_response_settings = element settings { attribute start { integer } & attribute max { integer } } get_settings_response_setting = element setting { get_settings_response_setting_name & get_settings_response_setting_comment & get_settings_response_setting_value } get_settings_response_setting_name = element name { text } get_settings_response_setting_comment = element comment { text } get_settings_response_setting_value = element value { text } get_settings_response_setting_count = element setting_count { get_settings_response_setting_count_filtered & get_settings_response_setting_count_page } get_settings_response_setting_count_filtered = element filtered { integer } get_settings_response_setting_count_page = element page { integer }
7.73.3 Example: Get one or many settings
<get_settings/>
<get_settings_response status="200" status_text="OK"> <settings> <setting id="5f5a8712-8017-11e1-8556-406186ea4fc5"> <name>Rows Per Page</name> <value>15</value> </setting> </settings> </get_settings_response>
7.74 Command get_system_reports
In short: Get one or many system reports.
The client uses the get_system_reports command to get system reports.
7.74.1 Structure
-
Command
- @name (text) A string describing the required report.
- @duration (integer) The number of seconds into the past that the report should include.
- @start_time (iso_time) The start of the time interval the report should include.
- @end_time (iso_time) The end of the time interval the report should include.
- @brief (boolean) Whether to include the actual reports.
- @slave_id (uuid) GMP scanner from which to get report.
- Response
7.74.2 RNC
get_system_reports = element get_system_reports { attribute name { text }? & attribute duration { integer }? & attribute start_time { iso_time }? & attribute end_time { iso_time }? & attribute brief { boolean }? & attribute slave_id { uuid }? }
get_system_reports_response = element get_system_reports_response { attribute status { status } & attribute status_text { text } & get_system_reports_response_system_report* } get_system_reports_response_system_report = element system_report { get_system_reports_response_system_report_name & get_system_reports_response_system_report_title & get_system_reports_response_system_report_report? } get_system_reports_response_system_report_name = element name { name } get_system_reports_response_system_report_title = element title { text } get_system_reports_response_system_report_report = element report { text # RNC limitation: base64 & attribute format { xsd:token { pattern = "png|txt" } } & attribute duration { integer } }
7.74.3 Example: Get listing of available system reports
<get_system_reports brief="1"/>
<get_system_reports_response status="200" status_text="OK"> <system_report> <name>proc</name> <title>Processes</title> </system_report> <system_report> <name>load</name> <title>System Load</title> </system_report> <system_report> <name>cpu_0</name> <title>CPU Usage: CPU 0</title> </system_report> ... </get_system_reports_response>
7.74.3 Example: Get a system report
<get_system_reports name="proc"/>
<get_system_reports_response status="200" status_text="OK"> <system_report> <name>proc</name> <title>Processes</title> <report format="png" duration="86400"> iVBORw0KGgoAAAANSUhEUgAAArkAAAE...2bEdAAAAAElFTkSuQmCC </report> </system_report> </get_system_reports_response>
7.75 Command get_tags
In short: Get one or many tags.
The client uses the get_tags command to get tag information.
7.75.1 Structure
-
Command
- @tag_id (uuid) ID of single tag to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column active (boolean) Whether the tag is active
- column resources (name) Total number of resources the tag is attached to
- column resource_type (text) Type of resource the tag applies to
- column value (name) Value of the tag
- @filt_id (text) ID of filter to use to filter query.
- @trash (boolean) Whether to get tags from the trashcan instead.
- @names_only (boolean) Whether to get only distinct tag names.
-
Response
- @status (status)
- @status_text (text)
-
<tag>
*Information on a single tag.
- @id (uuid) uuid of the tag (omitted when using names_only).
-
<name>
Name of the tag (usually namespace:predicate).
-
The group?
-
<permissions>
Permissions that the current user has on the tag.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<owner>
Owner of the tag.
-
<name>
The name of the owner.
-
<name>
-
<comment>
Comment for the tag.
-
<creation_time>
Date and time the tag was created.
-
<modification_time>
Date and time the tag was last modified.
-
<writable>
Whether the tag is writable.
-
<in_use>
Whether any tasks are using the tag.
-
<resources>
Identifies the resources the tag is to be attached to.
-
<resource>
*
- @id (uuid) ID of a resource the tag is attached to.
-
<name>
Name of the attached resource if available, empty otherwise.
-
<trash>
Whether the resource is in the trashcan.
-
<permissions>
?Permissions the user has on the resource.
-
<type>
GMP type of the resources the tag is attached to.
-
<resource>
*
-
<value>
Value associated with the tag.
-
<active>
Whether the tag is active.
-
<orphan>
Whether the tag is attached to a nonexistent resource.
-
<permissions>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <tags>
-
<tag_count>
-
<filtered>
Number of tags after filtering.
-
<page>
Number of tags on current page.
-
<filtered>
7.75.2 RNC
get_tags = element get_tags { attribute tag_id { uuid }? & attribute filter { text }? & attribute filt_id { text }? & attribute trash { boolean }? & attribute names_only { boolean }? }
get_tags_response = element get_tags_response { attribute status { status } & attribute status_text { text } & get_tags_response_tag* & get_tags_response_filters & get_tags_response_sort & get_tags_response_tags & get_tags_response_tag_count } get_tags_response_tag = element tag { attribute id { uuid }? & get_tags_response_tag_name & ( get_tags_response_tag_permissions & get_tags_response_tag_owner & get_tags_response_tag_comment & get_tags_response_tag_creation_time & get_tags_response_tag_modification_time & get_tags_response_tag_writable & get_tags_response_tag_in_use & get_tags_response_tag_resources & get_tags_response_tag_value & get_tags_response_tag_active & get_tags_response_tag_orphan )? } get_tags_response_tag_permissions = element permissions { get_tags_response_tag_permissions_permission* } get_tags_response_tag_permissions_permission = element permission { get_tags_response_tag_permissions_permission_name } get_tags_response_tag_permissions_permission_name = element name { name } get_tags_response_tag_owner = element owner { get_tags_response_tag_owner_name } get_tags_response_tag_owner_name = element name { name } get_tags_response_tag_name = element name { text } get_tags_response_tag_comment = element comment { text } get_tags_response_tag_creation_time = element creation_time { iso_time } get_tags_response_tag_modification_time = element modification_time { iso_time } get_tags_response_tag_writable = element writable { boolean } get_tags_response_tag_in_use = element in_use { boolean } get_tags_response_tag_resources = element resources { get_tags_response_tag_resources_resource* & get_tags_response_tag_resources_type } get_tags_response_tag_resources_resource = element resource { attribute id { uuid } & get_tags_response_tag_resources_resource_name & get_tags_response_tag_resources_resource_trash & get_tags_response_tag_resources_resource_permissions? } get_tags_response_tag_resources_resource_name = element name { text } get_tags_response_tag_resources_resource_trash = element trash { boolean } get_tags_response_tag_resources_resource_permissions = element permissions { "" } get_tags_response_tag_resources_type = element type { text } get_tags_response_tag_value = element value { text } get_tags_response_tag_active = element active { boolean } get_tags_response_tag_orphan = element orphan { boolean } get_tags_response_filters = element filters { attribute id { uuid } & get_tags_response_filters_term & get_tags_response_filters_name? & get_tags_response_filters_keywords } get_tags_response_filters_term = element term { text } get_tags_response_filters_name = element name { text } get_tags_response_filters_keywords = element keywords { get_tags_response_filters_keywords_keyword* } get_tags_response_filters_keywords_keyword = element keyword { get_tags_response_filters_keywords_keyword_column & get_tags_response_filters_keywords_keyword_relation & get_tags_response_filters_keywords_keyword_value } get_tags_response_filters_keywords_keyword_column = element column { text } get_tags_response_filters_keywords_keyword_relation = element relation { ERROR } get_tags_response_filters_keywords_keyword_value = element value { text } get_tags_response_sort = element sort { text & get_tags_response_sort_field } get_tags_response_sort_field = element field { get_tags_response_sort_field_order } get_tags_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_tags_response_tags = element tags { attribute start { integer } & attribute max { integer } } get_tags_response_tag_count = element tag_count { get_tags_response_tag_count_filtered & get_tags_response_tag_count_page } get_tags_response_tag_count_filtered = element filtered { integer } get_tags_response_tag_count_page = element page { integer }
7.75.3 Example: Get one or many tags
<get_tags/>
<get_tags_response status="200" status_text="OK"> <tag id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"> <name>geo:long</name> <comment/> <creation_time>2016-03-03T11:46:56Z</creation_time> <modification_time>2016-03-03T11:46:56Z</modification_time> <writable>1</writable> <in_use>0</in_use> <resource id="b493b7a8-7489-11df-a3ec-002264764cea"> <type>target</type> <name>Server 1</name> <trash>0</trash> </resource> <value>52.2788</value> <active>1</active> </tag> ... </get_tags_response>
7.76 Command get_targets
In short: Get one or many targets.
The client uses the get_targets command to get target information.
7.76.1 Structure
-
Command
- @target_id (uuid) ID of single target to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column hosts (text) Comma-separated list of hosts
- column exclude_hosts (text) Comma-separated list of excluded hosts
- column ips (integer) Number of hosts
- column port_list (name) Name of the port list
- column ssh_credential (name) Name of the SSH credential
- column smb_credential (name) Name of the SMB credential
- column esxi_credential (name) Name of the ESXi credential
- column snmp_credential (name) Name of the SNMP credential
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan targets instead.
- @tasks (boolean) Whether to include list of tasks that use the target.
-
Response
- @status (status)
- @status_text (text)
-
<target>
*
- @id (uuid)
-
<owner>
Owner of the target.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the target.
-
<comment>
The comment on the target.
-
<creation_time>
Date and time the target was created.
-
<modification_time>
Date and time the target was last modified.
-
<writable>
Whether the target is writable.
-
<in_use>
Whether any tasks are using the target.
-
<permissions>
Permissions that the current user has on the target.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the target.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<hosts>
A list of hosts.
-
<exclude_hosts>
A list of hosts to exclude.
-
<max_hosts>
The maximum number of hosts defined by the target.
-
<ssh_credential>
- @id (uuid_or_empty)
-
<name>
The name of the SSH LSC credential.
-
<permissions>
?Permissions the user has on the task.
-
<port>
The port the LSCs will use.
-
<trash>
Whether the LSC credential is in the trashcan.
-
<smb_credential>
- @id (uuid_or_empty)
-
<name>
The name of the SMB LSC credential.
-
<permissions>
?Permissions the user has on the task.
-
<trash>
Whether the LSC credential is in the trashcan.
-
<esxi_credential>
- @id (uuid_or_empty)
-
<name>
The name of the ESXi LSC credential.
-
<permissions>
?Permissions the user has on the task.
-
<trash>
Whether the LSC credential is in the trashcan.
-
<snmp_credential>
- @id (uuid_or_empty)
-
<name>
The name of the SNMP credential.
-
<permissions>
?Permissions the user has on the credential.
-
<trash>
Whether the credential is in the trashcan.
-
<permissions>
Permissions that the current user has on the target.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<port_range>
Port range of the target.
-
<port_list>
- @id (uuid)
-
<name>
The name of the port_list.
-
<permissions>
?Permissions the user has on the task.
-
<trash>
Whether the port_list is in the trashcan.
-
<alive_tests>
Which alive tests to use.
-
<reverse_lookup_only>
Whether to scan only hosts that have names.
-
<reverse_lookup_unify>
Whether to scan only one IP when multiple IPs have the same name.
-
<tasks>
?All tasks using the target.
-
<task>
*
- @id (uuid)
-
<name>
The name of the task.
-
<permissions>
?Permissions the user has on the task.
-
<task>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <targets>
-
<target_count>
-
<filtered>
Number of targets after filtering.
-
<page>
Number of targets on current page.
-
<filtered>
7.76.2 RNC
get_targets = element get_targets { attribute target_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute tasks { boolean }? }
get_targets_response = element get_targets_response { attribute status { status } & attribute status_text { text } & get_targets_response_target* & get_targets_response_filters & get_targets_response_sort & get_targets_response_targets & get_targets_response_target_count } get_targets_response_target = element target { attribute id { uuid } & get_targets_response_target_owner & get_targets_response_target_name & get_targets_response_target_comment & get_targets_response_target_creation_time & get_targets_response_target_modification_time & get_targets_response_target_writable & get_targets_response_target_in_use & get_targets_response_target_permissions & get_targets_response_target_user_tags? & get_targets_response_target_hosts & get_targets_response_target_exclude_hosts & get_targets_response_target_max_hosts & get_targets_response_target_ssh_credential & get_targets_response_target_smb_credential & get_targets_response_target_esxi_credential & get_targets_response_target_snmp_credential & get_targets_response_target_permissions & get_targets_response_target_port_range & get_targets_response_target_port_list & get_targets_response_target_alive_tests & get_targets_response_target_reverse_lookup_only & get_targets_response_target_reverse_lookup_unify & get_targets_response_target_tasks? } get_targets_response_target_owner = element owner { get_targets_response_target_owner_name } get_targets_response_target_owner_name = element name { name } get_targets_response_target_name = element name { name } get_targets_response_target_comment = element comment { text } get_targets_response_target_creation_time = element creation_time { iso_time } get_targets_response_target_modification_time = element modification_time { iso_time } get_targets_response_target_hosts = element hosts { text } get_targets_response_target_exclude_hosts = element exclude_hosts { text } get_targets_response_target_max_hosts = element max_hosts { integer } get_targets_response_target_writable = element writable { boolean } get_targets_response_target_in_use = element in_use { boolean } get_targets_response_target_permissions = element permissions { get_targets_response_target_permissions_permission* } get_targets_response_target_permissions_permission = element permission { get_targets_response_target_permissions_permission_name } get_targets_response_target_permissions_permission_name = element name { name } get_targets_response_target_user_tags = element user_tags { get_targets_response_target_user_tags_count & get_targets_response_target_user_tags_tag* } get_targets_response_target_user_tags_count = element count { integer } get_targets_response_target_user_tags_tag = element tag { attribute id { uuid } & get_targets_response_target_user_tags_tag_name & get_targets_response_target_user_tags_tag_value & get_targets_response_target_user_tags_tag_comment } get_targets_response_target_user_tags_tag_name = element name { text } get_targets_response_target_user_tags_tag_value = element value { text } get_targets_response_target_user_tags_tag_comment = element comment { text } get_targets_response_target_ssh_credential = element ssh_credential { attribute id { uuid_or_empty } & get_targets_response_target_ssh_credential_name & get_targets_response_target_ssh_credential_permissions? & get_targets_response_target_ssh_credential_port & get_targets_response_target_ssh_credential_trash } get_targets_response_target_ssh_credential_name = element name { name } get_targets_response_target_ssh_credential_permissions = element permissions { "" } get_targets_response_target_ssh_credential_port = element port { text } get_targets_response_target_ssh_credential_trash = element trash { boolean } get_targets_response_target_smb_credential = element smb_credential { attribute id { uuid_or_empty } & get_targets_response_target_smb_credential_name & get_targets_response_target_smb_credential_permissions? & get_targets_response_target_smb_credential_trash } get_targets_response_target_smb_credential_name = element name { name } get_targets_response_target_smb_credential_permissions = element permissions { "" } get_targets_response_target_smb_credential_trash = element trash { boolean } get_targets_response_target_esxi_credential = element esxi_credential { attribute id { uuid_or_empty } & get_targets_response_target_esxi_credential_name & get_targets_response_target_esxi_credential_permissions? & get_targets_response_target_esxi_credential_trash } get_targets_response_target_esxi_credential_name = element name { name } get_targets_response_target_esxi_credential_permissions = element permissions { "" } get_targets_response_target_esxi_credential_trash = element trash { boolean } get_targets_response_target_snmp_credential = element snmp_credential { attribute id { uuid_or_empty } & get_targets_response_target_snmp_credential_name & get_targets_response_target_snmp_credential_permissions? & get_targets_response_target_snmp_credential_trash } get_targets_response_target_snmp_credential_name = element name { name } get_targets_response_target_snmp_credential_permissions = element permissions { "" } get_targets_response_target_snmp_credential_trash = element trash { boolean } get_targets_response_target_port_range = element port_range { name } get_targets_response_target_port_list = element port_list { attribute id { uuid } & get_targets_response_target_port_list_name & get_targets_response_target_port_list_permissions? & get_targets_response_target_port_list_trash } get_targets_response_target_port_list_name = element name { name } get_targets_response_target_port_list_permissions = element permissions { "" } get_targets_response_target_port_list_trash = element trash { boolean } get_targets_response_target_alive_tests = element alive_tests { alive_test } get_targets_response_target_reverse_lookup_only = element reverse_lookup_only { boolean } get_targets_response_target_reverse_lookup_unify = element reverse_lookup_unify { boolean } get_targets_response_target_tasks = element tasks { get_targets_response_target_tasks_task* } get_targets_response_target_tasks_task = element task { attribute id { uuid } & get_targets_response_target_tasks_task_name & get_targets_response_target_tasks_task_permissions? } get_targets_response_target_tasks_task_name = element name { name } get_targets_response_target_tasks_task_permissions = element permissions { "" } get_targets_response_filters = element filters { attribute id { uuid } & get_targets_response_filters_term & get_targets_response_filters_name? & get_targets_response_filters_keywords } get_targets_response_filters_term = element term { text } get_targets_response_filters_name = element name { text } get_targets_response_filters_keywords = element keywords { get_targets_response_filters_keywords_keyword* } get_targets_response_filters_keywords_keyword = element keyword { get_targets_response_filters_keywords_keyword_column & get_targets_response_filters_keywords_keyword_relation & get_targets_response_filters_keywords_keyword_value } get_targets_response_filters_keywords_keyword_column = element column { text } get_targets_response_filters_keywords_keyword_relation = element relation { ERROR } get_targets_response_filters_keywords_keyword_value = element value { text } get_targets_response_sort = element sort { text & get_targets_response_sort_field } get_targets_response_sort_field = element field { get_targets_response_sort_field_order } get_targets_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_targets_response_targets = element targets { attribute start { integer } & attribute max { integer } } get_targets_response_target_count = element target_count { get_targets_response_target_count_filtered & get_targets_response_target_count_page } get_targets_response_target_count_filtered = element filtered { integer } get_targets_response_target_count_page = element page { integer }
7.76.3 Example: Get one or many targets
<get_targets/>
<get_targets_response status="200" status_text="OK"> <target id="b493b7a8-7489-11df-a3ec-002264764cea"> <name>Localhost</name> <comment/> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <writable>0</writable> <in_use>7</in_use> <hosts>localhost</hosts> <max_hosts>1</max_hosts> <ssh_credential id=""> <name/> </ssh_credential> <smb_credential id=""> <name/> </smb_credential> <esxi_credential id=""> <name/> </esxi_credential> </target> ... </get_targets_response>
7.76.3 Example: Get a single target, including tasks using the target
<get_targets target_id="1f28d970-17ef-4c69-ba8a-13827059f2b9" tasks="1"/>
<get_targets_response status="200" status_text="OK"> <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9"> <name>dik</name> <comment>dik mm</comment> <creation_time>2018-08-29T20:21:33Z</creation_time> <modification_time>2018-08-29T20:21:33Z</modification_time> <writable>0</writable> <in_use>4</in_use> <hosts>dik.example.org</hosts> <max_hosts>1</max_hosts> <ssh_credential id="58ff2793-2dc7-43fe-85f9-20bfac5a87e4"> <name>mm</name> </ssh_credential> <smb_credential id=""> <name/> </smb_credential> <esxi_credential id=""> <name/> </esxi_credential> <tasks> <task id="13bb418a-4220-4575-b35b-ec398bff7417"> <name>dik mm</name> </task> ... </tasks> </target> </get_targets_response>
7.77 Command get_tasks
In short: Get one or many tasks.
The client uses the get_tasks command to get task information.
As a convenience for clients the response includes a task count and the values of the sort order, sort field and apply overrides flag that the manager applied when selecting the tasks.
A task may be a "container" task. This means the task may not be run, but reports may be uploaded to the task with the command create_report. Container tasks are identified by having an empty id attribute in the target element.
7.77.1 Structure
-
Command
- @task_id (uuid) ID of single task to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- option apply_overrides (boolean) Whether to apply Overrides
- option min_qod (integer) Minimum QoD of the results
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column status (text) Status of the current scan
- column total (integer) Total number of results
- column first_report (uuid) UUID of the first report
- column last_report (uuid) UUID of the last finished report
- column threat (threat) Severity level of the last finished report
- column trend ("up", "down", "more", "less" or "same") Trend of the task
- column severity (severity) Severity of the last finished report
- column schedule (name) Name of the schedule
- column next_due (iso_time) Time the task is next due to run
- column first (iso_time) Timestamp of the first report
- column last (iso_time) Timestamp of the last finished report
- column false_positive (integer) Number of false positive results
- column log (integer) Number of log results
- column low (integer) Number of low severity results
- column medium (integer) Number of medium severity results
- column high (integer) Number of high severity results
- column hosts (integer) Total number of hosts
- column result_hosts (integer) Number of hosts with results matching the min_qod
- column fp_per_host (integer) Number of false positive results per host with results
- column log_per_host (integer) Number of log results per host with results
- column low_per_host (integer) Number of low severity results per host with results
- column medium_per_host (integer) Number of medium severity results per host with results
- column high_per_host (integer) Number of high severity results per host with results
- column target (name) Name of the target
- column usage_type ("scan" or "audit") Usage type
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan tasks instead.
- @details (boolean) Whether to include full task details.
- @ignore_pagination (boolean) Whether to ignore info used to split the report into pages like the filter terms "first" and "rows"..
- @schedules_only (boolean) Whether to only include id, name and schedule details.
- @usage_type ("scan", "audit" or "") Optional usage type to limit the tasks to. Affects total count unlike filter.
-
Response
- @status (status)
- @status_text (text)
-
<apply_overrides>
-
<task>
*
- @id (uuid)
-
One of
-
The group
-
<owner>
Owner of the task.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the task.
-
<comment>
The comment on the task.
-
<creation_time>
Creation time of the task.
-
<modification_time>
Last time the task was modified.
-
<writable>
Whether the task is writable.
-
<in_use>
Whether this task is currently in use.
-
<permissions>
Permissions that the current user has on the task.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the task.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<status>
The run status of the task.
-
<progress>
The percentage of the task that is complete.
-
<host_progress>
*Percentage complete for a particular host.
-
<host>
-
<host>
-
<host_progress>
*
-
<alterable>
Whether the task is an Alterable Task.
-
<usage_type>
The usage type of the task (scan or audit).
-
<config>
The scan configuration used by the task.
- @id (uuid)
-
<name>
The name of the config.
-
<permissions>
?Permissions the user has on the config.
-
<trash>
Whether the config is in the trashcan.
-
<target>
The hosts scanned by the task.
- @id (uuid) ID of target. Empty for container tasks.
-
<name>
The name of the target.
-
<permissions>
?Permissions the user has on the target.
-
<trash>
Whether the target is in the trashcan.
-
<hosts_ordering>
The order hosts are scanned in.
-
<scanner>
The scanner used to scan the target.
- @id (uuid)
-
<name>
The name of the scanner.
-
<permissions>
?Permissions the user has on the task.
-
<type>
Type of the scanner.
-
<alert>
An alert that applies to the task.
- @id (uuid_or_empty)
-
<name>
The name of the alert.
-
<permissions>
?Permissions the user has on the alert.
-
<trash>
Whether the alert is in the trashcan.
-
<observers>
Users allowed to observe this task.
-
<schedule>
When the task will run.
- @id (uuid_or_empty)
-
<name>
The name of the schedule.
-
<trash>
Whether the schedule is in the trashcan.
-
<first_time>
?The first time was or will be run.
-
<next_time>
?The next date and time the schedule will be run in ISO format or "over"..
-
<icalendar>
?iCalendar text containing the time data..
-
<period>
?The time period between repeated runs of the schedule. Run only once if this and period_months is 0.
-
<period_months>
?The number of months between repeated runs of the schedule. Run only once if this and period is 0.
-
<duration>
?The maximum duration of the task in seconds or 0 for unlimited.
-
<timezone>
?The timezone the schedule will follow..
-
<schedule_periods>
A limit to the number of times the task will be scheduled, or 0 for no limit.
-
<report_count>
Number of reports.
-
<finished>
Number of reports where the scan completed.
-
<finished>
-
<trend>
-
<current_report>
?
-
<report>
- @id (uuid)
-
<timestamp>
-
<report>
-
<last_report>
?
-
<report>
- @id (uuid)
-
<timestamp>
-
<scan_end>
-
<result_count>
Result counts for this report.
-
<debug>
-
<false_positive>
-
<log>
-
<info>
-
<warning>
-
<hole>
-
<debug>
-
<severity>
Maximum severity of the report.
-
<report>
-
<reports>
*
-
<report>
*
- @id (uuid)
-
<timestamp>
-
<scan_end>
-
<scan_run_status>
Run status of task scan.
-
<result_count>
Result counts for this report.
-
<debug>
-
<false_positive>
-
<log>
-
<info>
-
<warning>
-
<hole>
-
<debug>
-
<severity>
Maximum severity of the report.
-
<report>
*
-
<average_duration>
?Average scan duration in seconds.
-
<result_count>
Result count for the entire task.
-
<preferences>
-
<preference>
*
-
<name>
Full name of preference, suitable for end users.
-
<scanner_name>
Compact name of preference, from scanner.
-
<value>
-
<name>
-
<preference>
*
-
<owner>
-
The group
-
<name>
The name of the task.
-
<schedule>
When the task will run.
- @id (uuid_or_empty)
-
<name>
The name of the schedule.
-
<trash>
Whether the schedule is in the trashcan.
-
<first_time>
?The first time was or will be run.
-
<next_time>
?The next date and time the schedule will be run in ISO format or "over"..
-
<icalendar>
?iCalendar text containing the time data..
-
<period>
?The time period between repeated runs of the schedule. Run only once if this and period_months is 0.
-
<period_months>
?The number of months between repeated runs of the schedule. Run only once if this and period is 0.
-
<duration>
?The maximum duration of the task in seconds or 0 for unlimited.
-
<timezone>
?The timezone the schedule will follow..
-
<schedule_periods>
A limit to the number of times the task will be scheduled, or 0 for no limit.
-
<name>
-
The group
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <tasks>
-
<task_count>
-
<filtered>
Number of tasks after filtering.
-
<page>
Number of tasks on current page.
-
<filtered>
7.77.2 RNC
get_tasks = element get_tasks { attribute task_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? & attribute details { boolean }? & attribute ignore_pagination { boolean }? & attribute schedules_only { boolean }? & attribute usage_type { xsd:token { pattern = "scan|audit|" } }? }
get_tasks_response = element get_tasks_response { attribute status { status } & attribute status_text { text } & get_tasks_response_apply_overrides & get_tasks_response_task* & get_tasks_response_filters & get_tasks_response_sort & get_tasks_response_tasks & get_tasks_response_task_count } get_tasks_response_apply_overrides = element apply_overrides { xsd:token { pattern = "0|1" } } get_tasks_response_task = element task { attribute id { uuid } & ( ( get_tasks_response_task_owner & get_tasks_response_task_name & get_tasks_response_task_comment & get_tasks_response_task_creation_time & get_tasks_response_task_modification_time & get_tasks_response_task_writable & get_tasks_response_task_in_use & get_tasks_response_task_permissions & get_tasks_response_task_user_tags? & get_tasks_response_task_status & get_tasks_response_task_progress & get_tasks_response_task_alterable & get_tasks_response_task_usage_type & get_tasks_response_task_config & get_tasks_response_task_target & get_tasks_response_task_hosts_ordering & get_tasks_response_task_scanner & get_tasks_response_task_alert & get_tasks_response_task_observers & get_tasks_response_task_schedule & get_tasks_response_task_schedule_periods & get_tasks_response_task_report_count & get_tasks_response_task_trend & get_tasks_response_task_current_report? & get_tasks_response_task_last_report? & get_tasks_response_task_reports* & get_tasks_response_task_average_duration? & get_tasks_response_task_result_count & get_tasks_response_task_preferences ) | ( get_tasks_response_task_name & get_tasks_response_task_schedule & get_tasks_response_task_schedule_periods ) ) } get_tasks_response_task_owner = element owner { get_tasks_response_task_owner_name } get_tasks_response_task_owner_name = element name { name } get_tasks_response_task_name = element name { name } get_tasks_response_task_comment = element comment { text } get_tasks_response_task_creation_time = element creation_time { iso_time } get_tasks_response_task_modification_time = element modification_time { iso_time } get_tasks_response_task_writable = element writable { boolean } get_tasks_response_task_in_use = element in_use { boolean } get_tasks_response_task_permissions = element permissions { get_tasks_response_task_permissions_permission* } get_tasks_response_task_permissions_permission = element permission { get_tasks_response_task_permissions_permission_name } get_tasks_response_task_permissions_permission_name = element name { name } get_tasks_response_task_user_tags = element user_tags { get_tasks_response_task_user_tags_count & get_tasks_response_task_user_tags_tag* } get_tasks_response_task_user_tags_count = element count { integer } get_tasks_response_task_user_tags_tag = element tag { attribute id { uuid } & get_tasks_response_task_user_tags_tag_name & get_tasks_response_task_user_tags_tag_value & get_tasks_response_task_user_tags_tag_comment } get_tasks_response_task_user_tags_tag_name = element name { text } get_tasks_response_task_user_tags_tag_value = element value { text } get_tasks_response_task_user_tags_tag_comment = element comment { text } get_tasks_response_task_status = element status { task_status } get_tasks_response_task_progress = element progress { text # RNC limitation: integer & get_tasks_response_task_progress_host_progress* } get_tasks_response_task_progress_host_progress = element host_progress { text # RNC limitation: integer & get_tasks_response_task_progress_host_progress_host } get_tasks_response_task_progress_host_progress_host = element host { text } get_tasks_response_task_alterable = element alterable { boolean } get_tasks_response_task_usage_type = element usage_type { xsd:token { pattern = "scan|audit" } } get_tasks_response_task_config = element config { attribute id { uuid } & get_tasks_response_task_config_name & get_tasks_response_task_config_permissions? & get_tasks_response_task_config_trash } get_tasks_response_task_config_name = element name { name } get_tasks_response_task_config_permissions = element permissions { "" } get_tasks_response_task_config_trash = element trash { boolean } get_tasks_response_task_target = element target { attribute id { uuid } & get_tasks_response_task_target_name & get_tasks_response_task_target_permissions? & get_tasks_response_task_target_trash } get_tasks_response_task_target_name = element name { name } get_tasks_response_task_target_permissions = element permissions { "" } get_tasks_response_task_target_trash = element trash { boolean } get_tasks_response_task_hosts_ordering = element hosts_ordering { text } get_tasks_response_task_scanner = element scanner { attribute id { uuid } & get_tasks_response_task_scanner_name & get_tasks_response_task_scanner_permissions? & get_tasks_response_task_scanner_type } get_tasks_response_task_scanner_name = element name { name } get_tasks_response_task_scanner_type = element type { integer } get_tasks_response_task_scanner_permissions = element permissions { "" } get_tasks_response_task_alert = element alert { attribute id { uuid_or_empty } & get_tasks_response_task_alert_name & get_tasks_response_task_alert_permissions? & get_tasks_response_task_alert_trash } get_tasks_response_task_alert_name = element name { name } get_tasks_response_task_alert_permissions = element permissions { "" } get_tasks_response_task_alert_trash = element trash { boolean } get_tasks_response_task_observers = element observers { text # RNC limitation: user_list & get_tasks_response_task_observers_group* & get_tasks_response_task_observers_role* } get_tasks_response_task_observers_group = element group { attribute id { uuid } & get_tasks_response_task_observers_group_name } get_tasks_response_task_observers_group_name = element name { name } get_tasks_response_task_observers_role = element role { attribute id { uuid } & get_tasks_response_task_observers_role_name } get_tasks_response_task_observers_role_name = element name { name } get_tasks_response_task_schedule = element schedule { attribute id { uuid_or_empty } & get_tasks_response_task_schedule_name & get_tasks_response_task_schedule_trash & get_tasks_response_task_schedule_first_time? & get_tasks_response_task_schedule_next_time? & get_tasks_response_task_schedule_icalendar? & get_tasks_response_task_schedule_period? & get_tasks_response_task_schedule_period_months? & get_tasks_response_task_schedule_duration? & get_tasks_response_task_schedule_timezone? } get_tasks_response_task_schedule_name = element name { name } get_tasks_response_task_schedule_trash = element trash { boolean } get_tasks_response_task_schedule_first_time = element first_time { iso_time } get_tasks_response_task_schedule_next_time = element next_time { iso_time } get_tasks_response_task_schedule_icalendar = element icalendar { iso_time } get_tasks_response_task_schedule_period = element period { integer } get_tasks_response_task_schedule_period_months = element period_months { integer } get_tasks_response_task_schedule_duration = element duration { integer } get_tasks_response_task_schedule_timezone = element timezone { text } get_tasks_response_task_schedule_periods = element schedule_periods { integer } get_tasks_response_task_report_count = element report_count { text # RNC limitation: integer & get_tasks_response_task_report_count_finished } get_tasks_response_task_report_count_finished = element finished { integer } get_tasks_response_task_trend = element trend { task_trend } get_tasks_response_task_current_report = element current_report { get_tasks_response_task_current_report_report } get_tasks_response_task_current_report_report = element report { attribute id { uuid } & get_tasks_response_task_current_report_report_timestamp } get_tasks_response_task_current_report_report_timestamp = element timestamp { iso_time } get_tasks_response_task_last_report = element last_report { get_tasks_response_task_last_report_report } get_tasks_response_task_last_report_report = element report { attribute id { uuid } & get_tasks_response_task_last_report_report_timestamp & get_tasks_response_task_last_report_report_scan_end & get_tasks_response_task_last_report_report_result_count & get_tasks_response_task_last_report_report_severity } get_tasks_response_task_last_report_report_timestamp = element timestamp { iso_time } get_tasks_response_task_last_report_report_scan_end = element scan_end { iso_time } get_tasks_response_task_last_report_report_result_count = element result_count { get_tasks_response_task_last_report_report_result_count_debug & get_tasks_response_task_last_report_report_result_count_false_positive & get_tasks_response_task_last_report_report_result_count_log & get_tasks_response_task_last_report_report_result_count_info & get_tasks_response_task_last_report_report_result_count_warning & get_tasks_response_task_last_report_report_result_count_hole } get_tasks_response_task_last_report_report_result_count_debug = element debug { integer } get_tasks_response_task_last_report_report_result_count_false_positive = element false_positive { integer } get_tasks_response_task_last_report_report_result_count_log = element log { integer } get_tasks_response_task_last_report_report_result_count_info = element info { integer } get_tasks_response_task_last_report_report_result_count_warning = element warning { integer } get_tasks_response_task_last_report_report_result_count_hole = element hole { integer } get_tasks_response_task_last_report_report_severity = element severity { severity } get_tasks_response_task_reports = element reports { get_tasks_response_task_reports_report* } get_tasks_response_task_reports_report = element report { attribute id { uuid } & get_tasks_response_task_reports_report_timestamp & get_tasks_response_task_reports_report_scan_end & get_tasks_response_task_reports_report_scan_run_status & get_tasks_response_task_reports_report_result_count & get_tasks_response_task_reports_report_severity } get_tasks_response_task_reports_report_timestamp = element timestamp { iso_time } get_tasks_response_task_reports_report_scan_end = element scan_end { iso_time } get_tasks_response_task_reports_report_scan_run_status = element scan_run_status { task_status } get_tasks_response_task_reports_report_result_count = element result_count { get_tasks_response_task_reports_report_result_count_debug & get_tasks_response_task_reports_report_result_count_false_positive & get_tasks_response_task_reports_report_result_count_log & get_tasks_response_task_reports_report_result_count_info & get_tasks_response_task_reports_report_result_count_warning & get_tasks_response_task_reports_report_result_count_hole } get_tasks_response_task_reports_report_result_count_debug = element debug { integer } get_tasks_response_task_reports_report_result_count_false_positive = element false_positive { integer } get_tasks_response_task_reports_report_result_count_log = element log { integer } get_tasks_response_task_reports_report_result_count_info = element info { integer } get_tasks_response_task_reports_report_result_count_warning = element warning { integer } get_tasks_response_task_reports_report_result_count_hole = element hole { integer } get_tasks_response_task_reports_report_severity = element severity { severity } get_tasks_response_task_average_duration = element average_duration { text } get_tasks_response_task_result_count = element result_count { text } get_tasks_response_task_preferences = element preferences { get_tasks_response_task_preferences_preference* } get_tasks_response_task_preferences_preference = element preference { get_tasks_response_task_preferences_preference_name & get_tasks_response_task_preferences_preference_scanner_name & get_tasks_response_task_preferences_preference_value } get_tasks_response_task_preferences_preference_name = element name { text } get_tasks_response_task_preferences_preference_scanner_name = element scanner_name { text } get_tasks_response_task_preferences_preference_value = element value { text } get_tasks_response_filters = element filters { attribute id { uuid } & get_tasks_response_filters_term & get_tasks_response_filters_name? & get_tasks_response_filters_keywords } get_tasks_response_filters_term = element term { text } get_tasks_response_filters_name = element name { text } get_tasks_response_filters_keywords = element keywords { get_tasks_response_filters_keywords_keyword* } get_tasks_response_filters_keywords_keyword = element keyword { get_tasks_response_filters_keywords_keyword_column & get_tasks_response_filters_keywords_keyword_relation & get_tasks_response_filters_keywords_keyword_value } get_tasks_response_filters_keywords_keyword_column = element column { text } get_tasks_response_filters_keywords_keyword_relation = element relation { ERROR } get_tasks_response_filters_keywords_keyword_value = element value { text } get_tasks_response_sort = element sort { text & get_tasks_response_sort_field } get_tasks_response_sort_field = element field { get_tasks_response_sort_field_order } get_tasks_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_tasks_response_tasks = element tasks { attribute start { integer } & attribute max { integer } } get_tasks_response_task_count = element task_count { get_tasks_response_task_count_filtered & get_tasks_response_task_count_page } get_tasks_response_task_count_filtered = element filtered { integer } get_tasks_response_task_count_page = element page { integer }
7.77.3 Example: Get one or many tasks
<get_tasks/>
<get_tasks_response status="200" status_text="OK"> <apply_overrides>0</apply_overrides> <task id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"> <name>Scan Webserver</name> <comment>Scan of the web server.</comment> <creation_time>2013-01-03T13:50:03+01:00</creation_time> <modification_time>2013-01-11T16:03:24+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <owner> <name>admin</name> </owner> <observers/> <alterable>0</alterable> <config id="daba56c8-73ec-11df-a475-002264764cea"> <name>Full and fast</name> </config> <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9"> <name>dik</name> </target> <scanner id="34891919-37ff-5c69-1a2a-089e9018308a"> <name>foo scanner</name> <type>2</type> </scanner> <status>Done</status> <progress>-1</progress> <report_count> 2 <finished>2</finished> </report_count> <trend/> <schedule id=""> <name/> <next_time>over</next_time> </schedule> <last_report> <report id="f0fdf522-276d-4893-9274-fb8699dc2270"> <timestamp>Mon Feb 1 19:11:20 2010</timestamp> <result_count> <debug>0</debug> <hole>0</hole> <info>7</info> <log>0</log> <warning>3</warning> </result_count> <severity>5.0</severity> </report> </last_report> <alert id=""> <name/> </alert> <preferences> <preference> <name>Maximum concurrently executed NVTs per host</name> <scanner_name>max_checks</scanner_name> <value>4</value> </preference> <preference> <name>Maximum concurrently scanned hosts</name> <scanner_name>max_hosts</scanner_name> <value>20</value> </preference> <preference> <name>Add results to Asset Management</name> <scanner_name>in_assets</scanner_name> <value>yes</value> </preference> </preferences> </task> <task id="f14747d3-a4d7-4e79-99bb-a0a1276cb78c"> <name>Scan Mailserver</name> ... </task> </get_tasks_response>
7.77.3 Example: Get a single task, including all reports
<get_tasks task_id="f14747d3-a4d7-4e79-99bb-a0a1276cb78c" details="1"/>
<get_tasks_response status="200" status_text="OK"> <apply_overrides>0</apply_overrides> <task id="13bb418a-4220-4575-b35b-ec398bff7417"> <name>Scan Mailserver</name> <comment>Scan of the web server.</comment> <creation_time>2013-01-03T13:50:03+01:00</creation_time> <modification_time>2013-01-11T16:03:24+01:00</modification_time> <writable>1</writable> <in_use>0</in_use> <owner> <name>admin</name> </owner> <observers/> <alterable>1</alterable> <config id="daba56c8-73ec-11df-a475-002264764cea"> <name>Full and fast</name> </config> <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9"> <name>dik</name> </target> <status>Done</status> <progress>-1</progress> <report_count> 2 <finished>2</finished> </report_count> <trend/> <schedule id=""> <name/> <next_time>over</next_time> </schedule> <last_report> <report id="2688e6c7-db29-4505-80f1-0fd4a09e1011"> <timestamp>Mon Feb 1 19:11:20 2010</timestamp> <result_count> <debug>0</debug> <hole>0</hole> <info>7</info> <log>0</log> <warning>3</warning> </result_count> <severity>5.0</severity> </report> </last_report> <alert id=""> <name/> </alert> <reports> <report id="f0fdf522-276d-4893-9274-fb8699dc2270"> <timestamp>Mon Feb 1 18:51:38 2010</timestamp> <scan_run_status>Done</scan_run_status> <result_count> <debug>0</debug> <hole>0</hole> <info>7</info> <log>0</log> <warning>3</warning> </result_count> </report> <report id="2688e6c7-db29-4505-80f1-0fd4a09e1011"> <timestamp>Mon Feb 1 19:11:20 2010</timestamp> <scan_run_status>Done</scan_run_status> <result_count> <debug>0</debug> <hole>0</hole> <info>7</info> <log>0</log> <warning>3</warning> </result_count> <severity>5.0</severity> </report> <preferences> <preference> <name>Maximum concurrently executed NVTs per host</name> <scanner_name>max_checks</scanner_name> <value>4</value> </preference> <preference> <name>Maximum concurrently scanned hosts</name> <scanner_name>max_hosts</scanner_name> <value>20</value> </preference> <preference> <name>Add results to Asset Management</name> <scanner_name>in_assets</scanner_name> <value>yes</value> </preference> </preferences> </reports> </task> <filters id="0"> <term/> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <tasks max="-1" start="1"/> <task_count> 3 <filtered>1</filtered> <page>1</page> </task_count> </get_tasks_response>
7.77.3 Example: Get a single container task
<get_tasks task_id="f404781f-6d2b-420c-b7a1-0d3f27f1a43b"/>
<get_tasks_response status="200" status_text="OK"> <apply_overrides>0</apply_overrides> <task id="f404781f-6d2b-420c-b7a1-0d3f27f1a43b"> <owner> <name>m</name> </owner> <name>Container Example</name> <comment>This task provides for uploading reports</comment> <creation_time>2019-08-13T12:28:43+02:00</creation_time> <modification_time>2019-08-13T12:28:44+02:00</modification_time> <writable>1</writable> <in_use>0</in_use> <permissions> <permission> <name>Everything</name> </permission> </permissions> <alterable>0</alterable> <usage_type>scan</usage_type> <config id=""> <name/> <type>-1</type> <trash>0</trash> </config> <target id=""> <name/> <trash>0</trash> </target> <hosts_ordering/> <scanner id=""> <name/> <type>0</type> <trash>0</trash> </scanner> <status>Done</status> <progress>-1</progress> <report_count> 1 <finished>1</finished> </report_count> <trend/> <schedule id=""> <name/> <next_time>over</next_time> <trash>0</trash> </schedule> <last_report> <report id="5496f417-9b3b-4582-b450-c05ca99009d8"> <timestamp>2019-08-13T12:29:25+02:00</timestamp> <scan_start>2019-04-24T14:26:01+02:00</scan_start> <scan_end>2019-04-24T14:50:59+02:00</scan_end> <result_count> <debug>0</debug> <hole>1</hole> <info>0</info> <log>77</log> <warning>8</warning> <false_positive>0</false_positive> </result_count> <severity>9.0</severity> </report> </last_report> <observers/> <preferences> <preference> <name>Maximum concurrently executed NVTs per host</name> <scanner_name>max_checks</scanner_name> <value>4</value> </preference> ... </preferences> </task> <filters id=""> <term> apply_overrides=0 min_qod=70 uuid=f404781f-6d2b-420c-b7a1-0d3f27f1a43b first=1 rows=10 sort=name </term> <keywords> <keyword> <column>apply_overrides</column> <relation>=</relation> <value>0</value> </keyword> ... </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <tasks start="1" max="10"/> <task_count> 21 <filtered>1</filtered> <page>1</page> </task_count> </get_tasks_response>
7.78 Command get_tickets
In short: Get one or many tickets.
The client uses the get_tickets command to get ticket information.
7.78.1 Structure
-
Command
- @ticket_id (uuid) ID of single ticket to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column severity (severity) Severity of the ticket result
- column host (text) Host of the ticket result
- column location (text) Location of the ticket result
- column solution_type (text) Solution type of the ticket result
- column status (ticket_status) Ticket status
- column opened (iso_time) Time ticket was opened
- column fixed (iso_time) Time ticket was fixed
- column closed (iso_time) Time ticket was closed
- @filt_id (uuid) ID of filter to use to filter query.
- @trash (boolean) Whether to get the trashcan tickets instead.
-
Response
- @status (status)
- @status_text (text)
-
<ticket>
*
- @id (uuid)
-
<owner>
Owner of the ticket.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of ticket result's NVT.
-
<comment>
The comment on the ticket.
-
<creation_time>
Date and time the ticket was created.
-
<modification_time>
Date and time the ticket was last modified.
-
<writable>
Whether the ticket is writable.
-
<in_use>
Whether the ticket is in use.
-
<permissions>
Permissions that the current user has on the ticket.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the ticket.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<nvt>
The NVT the ticket refers to.
- @oid (oid) OID of the NVT.
-
<result>
?The ticket's result.
- @id (uuid)
-
<assigned_to>
-
<user>
The user the ticket is assigned to.
- @id (uuid)
-
<user>
-
<task>
?The ticket's task.
- @id (uuid)
-
<report>
?The ticket's report.
- @id (uuid)
-
<severity>
The ticket result's severity.
-
<host>
The ticket result's host.
-
<location>
The ticket result's location.
-
<solution_type>
The ticket result's solution_type.
-
<status>
The ticket's status.
-
<open_time>
Date and time the ticket was opened.
-
<open_note>
A note on the Closed status.
-
<fixed_time>
?Date and time the ticket was set to fixed.
-
<fixed_note>
?The note on the Fixed status.
-
<closed_time>
?Date and time the ticket was closed.
-
<closed_note>
?The note on the Closed status.
-
<fix_verified_time>
?Date and time the ticket was verified.
-
<fix_verified_report>
?The report that verified the ticket.
- @id (uuid)
-
<orphan>
Whether the ticket is an orphan.
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <tickets>
-
<ticket_count>
-
<filtered>
Number of tickets after filtering.
-
<page>
Number of tickets on current page.
-
<filtered>
7.78.2 RNC
get_tickets = element get_tickets { attribute ticket_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute trash { boolean }? }
get_tickets_response = element get_tickets_response { attribute status { status } & attribute status_text { text } & get_tickets_response_ticket* & get_tickets_response_filters & get_tickets_response_sort & get_tickets_response_tickets & get_tickets_response_ticket_count } get_tickets_response_ticket = element ticket { attribute id { uuid } & get_tickets_response_ticket_owner & get_tickets_response_ticket_name & get_tickets_response_ticket_comment & get_tickets_response_ticket_creation_time & get_tickets_response_ticket_modification_time & get_tickets_response_ticket_writable & get_tickets_response_ticket_in_use & get_tickets_response_ticket_permissions & get_tickets_response_ticket_user_tags? & get_tickets_response_ticket_nvt & get_tickets_response_ticket_result? & get_tickets_response_ticket_assigned_to & get_tickets_response_ticket_task? & get_tickets_response_ticket_report? & get_tickets_response_ticket_severity & get_tickets_response_ticket_host & get_tickets_response_ticket_location & get_tickets_response_ticket_solution_type & get_tickets_response_ticket_status & get_tickets_response_ticket_open_time & get_tickets_response_ticket_open_note & get_tickets_response_ticket_fixed_time? & get_tickets_response_ticket_fixed_note? & get_tickets_response_ticket_closed_time? & get_tickets_response_ticket_closed_note? & get_tickets_response_ticket_fix_verified_time? & get_tickets_response_ticket_fix_verified_report? & get_tickets_response_ticket_orphan } get_tickets_response_ticket_owner = element owner { get_tickets_response_ticket_owner_name } get_tickets_response_ticket_owner_name = element name { name } get_tickets_response_ticket_name = element name { name } get_tickets_response_ticket_comment = element comment { text } get_tickets_response_ticket_creation_time = element creation_time { iso_time } get_tickets_response_ticket_modification_time = element modification_time { iso_time } get_tickets_response_ticket_writable = element writable { boolean } get_tickets_response_ticket_in_use = element in_use { boolean } get_tickets_response_ticket_permissions = element permissions { get_tickets_response_ticket_permissions_permission* } get_tickets_response_ticket_permissions_permission = element permission { get_tickets_response_ticket_permissions_permission_name } get_tickets_response_ticket_permissions_permission_name = element name { name } get_tickets_response_ticket_user_tags = element user_tags { get_tickets_response_ticket_user_tags_count & get_tickets_response_ticket_user_tags_tag* } get_tickets_response_ticket_user_tags_count = element count { integer } get_tickets_response_ticket_user_tags_tag = element tag { attribute id { uuid } & get_tickets_response_ticket_user_tags_tag_name & get_tickets_response_ticket_user_tags_tag_value & get_tickets_response_ticket_user_tags_tag_comment } get_tickets_response_ticket_user_tags_tag_name = element name { text } get_tickets_response_ticket_user_tags_tag_value = element value { text } get_tickets_response_ticket_user_tags_tag_comment = element comment { text } get_tickets_response_ticket_nvt = element nvt { attribute oid { oid } } get_tickets_response_ticket_result = element result { attribute id { uuid } } get_tickets_response_ticket_assigned_to = element assigned_to { get_tickets_response_ticket_assigned_to_user } get_tickets_response_ticket_assigned_to_user = element user { attribute id { uuid } } get_tickets_response_ticket_task = element task { attribute id { uuid } } get_tickets_response_ticket_report = element report { attribute id { uuid } } get_tickets_response_ticket_severity = element severity { severity } get_tickets_response_ticket_host = element host { text } get_tickets_response_ticket_location = element location { text } get_tickets_response_ticket_solution_type = element solution_type { text } get_tickets_response_ticket_status = element status { ticket_status } get_tickets_response_ticket_open_time = element open_time { iso_time } get_tickets_response_ticket_open_note = element open_note { text } get_tickets_response_ticket_fixed_time = element fixed_time { iso_time } get_tickets_response_ticket_fixed_note = element fixed_note { text } get_tickets_response_ticket_closed_time = element closed_time { iso_time } get_tickets_response_ticket_closed_note = element closed_note { text } get_tickets_response_ticket_fix_verified_time = element fix_verified_time { iso_time } get_tickets_response_ticket_fix_verified_report = element fix_verified_report { attribute id { uuid } } get_tickets_response_ticket_orphan = element orphan { boolean } get_tickets_response_filters = element filters { attribute id { uuid } & get_tickets_response_filters_term & get_tickets_response_filters_name? & get_tickets_response_filters_keywords } get_tickets_response_filters_term = element term { text } get_tickets_response_filters_name = element name { text } get_tickets_response_filters_keywords = element keywords { get_tickets_response_filters_keywords_keyword* } get_tickets_response_filters_keywords_keyword = element keyword { get_tickets_response_filters_keywords_keyword_column & get_tickets_response_filters_keywords_keyword_relation & get_tickets_response_filters_keywords_keyword_value } get_tickets_response_filters_keywords_keyword_column = element column { text } get_tickets_response_filters_keywords_keyword_relation = element relation { ERROR } get_tickets_response_filters_keywords_keyword_value = element value { text } get_tickets_response_sort = element sort { text & get_tickets_response_sort_field } get_tickets_response_sort_field = element field { get_tickets_response_sort_field_order } get_tickets_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_tickets_response_tickets = element tickets { attribute start { integer } & attribute max { integer } } get_tickets_response_ticket_count = element ticket_count { get_tickets_response_ticket_count_filtered & get_tickets_response_ticket_count_page } get_tickets_response_ticket_count_filtered = element filtered { integer } get_tickets_response_ticket_count_page = element page { integer }
7.78.3 Example: Get all tickets
<get_tickets/>
<get_tickets_response status_text="OK" status="200"> <ticket id="93cd2f71-48c3-4cf2-b542-5b256f59cae0"> <owner> <name>joe</name> </owner> <name>OpenSSH Denial of Service Vulnerability - Jan16</name> <comment/> <creation_time>2018-11-29T16:18:56Z</creation_time> <modification_time>2018-11-29T16:18:56Z</modification_time> <writable>1</writable> <in_use>0</in_use> <permissions> <permission> <name>Everything</name> </permission> </permissions> <assigned_to> <user id="33e92d3e-a379-4c46-a4cf-88c8201ab710"/> </assigned_to> <task id="6f559abf-23ca-4dc8-a90a-3acba021f4ff"/> <report id="f0f063cd-07e4-470a-8c66-b5d095d190cd"/> <severity>5.0</severity> <host>127.0.0.1</host> <location>1111/tcp</location> <solution_type>VendorFix</solution_type> <status>Open</status> <open_time>2018-11-29T16:18:56Z</open_time> <open_note>Probably the new version fixes this</open_note> <result id="138c1216-4acb-4ded-bef3-7fab80eac8c7"/> </ticket> <filters id=""> <term>first=1 rows=1000 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> <keyword> <column>rows</column> <relation>=</relation> <value>1000</value> </keyword> <keyword> <column>sort</column> <relation>=</relation> <value>name</value> </keyword> </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <tickets max="1000" start="1"/> <ticket_count> 2 <filtered>2</filtered> <page>2</page> </ticket_count> </get_tickets_response>
7.79 Command get_users
In short: Get one or many users.
The client uses the "get_users" command to retrieve the list of user accounts on the Scanner.
7.79.1 Structure
-
Command
- @user_id (uuid) ID of single user to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column method (text) Methods allowed for authentication
- column roles (text) Comma-separated list of roles
- column groups (text) Comma-separated list of groups
- column hosts (text) List of host that are either allowed of forbidden
- column ifaces (text) List of ifaces that are either allowed of forbidden
- @filt_id (uuid) ID of filter to use to filter query.
-
Response
- @status (status)
- @status_text (text)
-
<user>
*
- @id (uuid) ID of user.
-
<owner>
Owner of the user.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the user.
-
<comment>
The comment on the user.
-
<creation_time>
Creation time of the user.
-
<modification_time>
Last time the user was modified.
-
<writable>
Whether the user is writable.
-
<in_use>
Whether this user is currently in use.
-
<role>
*The role of the user.
- @id (uuid)
-
<name>
Name of role.
-
<permissions>
?Permissions the user has on the role.
-
<groups>
The groups the user belongs to.
-
<group>
- @id (uuid)
-
<name>
Name of group.
-
<permissions>
?Permissions the user has on the group.
-
<group>
-
<hosts>
Host access rule for the user.
- @allow ("0", "1", "2" or "3") 0 forbidden, 1 allowed, 2 all allowed, 3 custom.
-
<ifaces>
Iface access rule for the user.
- @allow ("0", "1", "2" or "3") 0 forbidden, 1 allowed, 2 all allowed, 3 custom.
-
<permissions>
Permissions that the current user has on the user.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<user_tags>
?Info on tags attached to the user.
-
<count>
Number of attached tags.
-
<tag>
*Short info on an individual tag (only if details were requested).
- @id (uuid) UUID of the tag.
-
<name>
Name of the tag (usually namespace:predicate).
-
<value>
Value of the tag.
-
<comment>
Comment for the tag.
-
<count>
-
<sources>
(sources)Sources allowed for authentication for this user.
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <users>
-
<user_count>
-
<filtered>
Number of users after filtering.
-
<page>
Number of users on current page.
-
<filtered>
7.79.2 RNC
get_users = element get_users { attribute user_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? }
get_users_response = element get_users_response { attribute status { status } & attribute status_text { text } & get_users_response_user* & get_users_response_filters & get_users_response_sort & get_users_response_users & get_users_response_user_count } get_users_response_user = element user { attribute id { uuid } & get_users_response_user_owner & get_users_response_user_name & get_users_response_user_comment & get_users_response_user_creation_time & get_users_response_user_modification_time & get_users_response_user_writable & get_users_response_user_in_use & get_users_response_user_role* & get_users_response_user_groups & get_users_response_user_hosts & get_users_response_user_ifaces & get_users_response_user_permissions & get_users_response_user_user_tags? & get_users_response_user_sources } get_users_response_user_owner = element owner { get_users_response_user_owner_name } get_users_response_user_owner_name = element name { name } get_users_response_user_name = element name { text } get_users_response_user_comment = element comment { text } get_users_response_user_creation_time = element creation_time { iso_time } get_users_response_user_modification_time = element modification_time { iso_time } get_users_response_user_writable = element writable { boolean } get_users_response_user_in_use = element in_use { boolean } get_users_response_user_role = element role { attribute id { uuid } & get_users_response_user_role_name & get_users_response_user_role_permissions? } get_users_response_user_role_name = element name { name } get_users_response_user_role_permissions = element permissions { "" } get_users_response_user_groups = element groups { get_users_response_user_groups_group } get_users_response_user_groups_group = element group { attribute id { uuid } & get_users_response_user_groups_group_name & get_users_response_user_groups_group_permissions? } get_users_response_user_groups_group_name = element name { name } get_users_response_user_groups_group_permissions = element permissions { "" } get_users_response_user_hosts = element hosts { text & attribute allow { xsd:token { pattern = "0|1|2|3" } } } get_users_response_user_ifaces = element ifaces { text & attribute allow { xsd:token { pattern = "0|1|2|3" } } } get_users_response_user_permissions = element permissions { get_users_response_user_permissions_permission* } get_users_response_user_permissions_permission = element permission { get_users_response_user_permissions_permission_name } get_users_response_user_permissions_permission_name = element name { name } get_users_response_user_user_tags = element user_tags { get_users_response_user_user_tags_count & get_users_response_user_user_tags_tag* } get_users_response_user_user_tags_count = element count { integer } get_users_response_user_user_tags_tag = element tag { attribute id { uuid } & get_users_response_user_user_tags_tag_name & get_users_response_user_user_tags_tag_value & get_users_response_user_user_tags_tag_comment } get_users_response_user_user_tags_tag_name = element name { text } get_users_response_user_user_tags_tag_value = element value { text } get_users_response_user_user_tags_tag_comment = element comment { text } get_users_response_user_sources = element sources # type sources { } get_users_response_filters = element filters { attribute id { uuid } & get_users_response_filters_term & get_users_response_filters_name? & get_users_response_filters_keywords } get_users_response_filters_term = element term { text } get_users_response_filters_name = element name { text } get_users_response_filters_keywords = element keywords { get_users_response_filters_keywords_keyword* } get_users_response_filters_keywords_keyword = element keyword { get_users_response_filters_keywords_keyword_column & get_users_response_filters_keywords_keyword_relation & get_users_response_filters_keywords_keyword_value } get_users_response_filters_keywords_keyword_column = element column { text } get_users_response_filters_keywords_keyword_relation = element relation { ERROR } get_users_response_filters_keywords_keyword_value = element value { text } get_users_response_sort = element sort { text & get_users_response_sort_field } get_users_response_sort_field = element field { get_users_response_sort_field_order } get_users_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_users_response_users = element users { attribute start { integer } & attribute max { integer } } get_users_response_user_count = element user_count { get_users_response_user_count_filtered & get_users_response_user_count_page } get_users_response_user_count_filtered = element filtered { integer } get_users_response_user_count_page = element page { integer }
7.79.3 Example: Get the users
<get_users/>
<get_users_response status="200" status_text="OK"> <user> <name>foobar</name> <role id="8d453140-b74d-11e2-b0be-406186ea4fc5"> <name>User</name> </role> <hosts allow="2"/> <sources> <source>file</source> </sources> </user> </get_users_response>
7.80 Command get_tls_certificates
In short: Get one or many TLS certificates.
The client uses the "get_tls_certificates" command to retrieve one or more TLS certificates.
7.80.1 Structure
-
Command
- @tls_certificate_id (uuid) ID of single TLS certificate to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column comment (text) Comment text
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column owner (name) Name of the owner
- column subject_dn (text) Distinguished name (DN) of the certificate subject
- column issuer_dn (text) Distinguished name (DN) of the certificate issuer
- column sha256_fingerprint (text) SHA256 fingerprint of the certificate
- column md5_fingerprint (text) MD5 fingerprint of the certificate
- column time_status () Whether the certificate is valid, expired or not active yet
- column activates (iso_time) Time before which the certificate is not valid
- column expires (iso_time) Time after which the certificate is not valid
- column valid (boolean) Whether the certificate is currently valid
- column serial (text) Hexadecimal serial number of the certificate
- column last_seen (iso_time) Most recent time the TLS certificate was imported or found in a scan
- option host_id (uuid) UUID of the host asset where the certificate must be found
- option report_id (uuid) UUID of the report the cerificate must appear in
- @filt_id (uuid) ID of filter to use to filter query.
- @include_certificate_data (boolean) Whether to include certificate_data even if details are not requested.
- @details (boolean) Whether to include full TLS certificate details.
-
Response
- @status (status)
- @status_text (text)
-
<tls_certificate>
*
- @id (uuid) ID of TLS certificate.
-
<owner>
Owner of the TLS certificate.
-
<name>
The name of the owner.
-
<name>
-
<name>
The name of the TLS certificate.
-
<comment>
The comment on the TLS certificate.
-
<creation_time>
Creation time of the TLS certificate.
-
<modification_time>
Last time the TLS certificate was modified.
-
<writable>
Whether the TLS certificate is writable.
-
<in_use>
Whether this TLS certificate is currently in use.
-
<permissions>
Permissions that the current user has on the TLS certificate.
-
<permission>
*
-
<name>
The name of the permission.
-
<name>
-
<permission>
*
-
<certificate>
The Base64 encoded certificate data if details are requested, empty otherwise.
- @format ("DER", "PEM" or "unknown") The format of the certificate.
-
<sha256_fingerprint>
The SHA256 fingerprint of the certificate.
-
<md5_fingerprint>
The MD5 fingerprint of the certificate.
-
<trust>
Whether the certificate is trusted.
-
<time_status>
Whether the certificate is valid, expired or not active yet.
-
<activation_time>
Time before which the certificate is not valid.
-
<expiration_time>
Time after which the certificate is not valid.
-
<subject_dn>
Distinguished name (DN) of the certificate subject.
-
<issuer_dn>
Distinguished name (DN) of the certificate issuer.
-
<serial>
Hexadecimal serial number of the certificate.
-
<last_seen>
Most recent time the TLS certificate was imported or found in a scan.
-
<sources>
?List of sources.
-
<source>
*A certificate source.
- @id (uuid) UUID of the source.
-
<timestamp>
Time the certificate was found or imported.
-
<tls_versions>
SSL and TLS versions of the service using the certificate, separated with ", ".
-
<location>
?A location where the certificate was found.
-
<origin>
Origin of the certificate data, e.g. a scan report.
- @id (uuid) UUID of the location.
-
<origin_type>
Type of origin, e.g. "Import" or "Report".
-
<origin_id>
Identifier of origin, e.g. a report UUID.
-
<origin_data>
Extra origin data, e.g. OID of the detection NVT.
-
<report>
?Report data if the origin is a report.
-
<source>
*
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <tls_certificates>
-
<tls_certificate_count>
-
<filtered>
Number of TLS certificate after filtering.
-
<page>
Number of TLS certificate on current page.
-
<filtered>
7.80.2 RNC
get_tls_certificates = element get_tls_certificates { attribute tls_certificate_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? & attribute include_certificate_data { boolean }? }
get_tls_certificates_response = element get_tls_certificates_response { attribute status { status } & attribute status_text { text } & get_tls_certificates_response_tls_certificate* & get_tls_certificates_response_filters & get_tls_certificates_response_sort & get_tls_certificates_response_tls_certificates & get_tls_certificates_response_tls_certificate_count } get_tls_certificates_response_tls_certificate = element tls_certificate { attribute id { uuid } & get_tls_certificates_response_tls_certificate_owner & get_tls_certificates_response_tls_certificate_name & get_tls_certificates_response_tls_certificate_comment & get_tls_certificates_response_tls_certificate_creation_time & get_tls_certificates_response_tls_certificate_modification_time & get_tls_certificates_response_tls_certificate_writable & get_tls_certificates_response_tls_certificate_in_use & get_tls_certificates_response_tls_certificate_permissions & get_tls_certificates_response_tls_certificate_certificate & get_tls_certificates_response_tls_certificate_sha256_fingerprint & get_tls_certificates_response_tls_certificate_md5_fingerprint & get_tls_certificates_response_tls_certificate_trust & get_tls_certificates_response_tls_certificate_time_status & get_tls_certificates_response_tls_certificate_activation_time & get_tls_certificates_response_tls_certificate_expiration_time & get_tls_certificates_response_tls_certificate_subject_dn & get_tls_certificates_response_tls_certificate_issuer_dn & get_tls_certificates_response_tls_certificate_serial & get_tls_certificates_response_tls_certificate_last_seen & get_tls_certificates_response_tls_certificate_sources? } get_tls_certificates_response_tls_certificate_owner = element owner { get_tls_certificates_response_tls_certificate_owner_name } get_tls_certificates_response_tls_certificate_owner_name = element name { name } get_tls_certificates_response_tls_certificate_name = element name { text } get_tls_certificates_response_tls_certificate_comment = element comment { text } get_tls_certificates_response_tls_certificate_creation_time = element creation_time { iso_time } get_tls_certificates_response_tls_certificate_modification_time = element modification_time { iso_time } get_tls_certificates_response_tls_certificate_writable = element writable { boolean } get_tls_certificates_response_tls_certificate_in_use = element in_use { boolean } get_tls_certificates_response_tls_certificate_permissions = element permissions { get_tls_certificates_response_tls_certificate_permissions_permission* } get_tls_certificates_response_tls_certificate_permissions_permission = element permission { get_tls_certificates_response_tls_certificate_permissions_permission_name } get_tls_certificates_response_tls_certificate_permissions_permission_name = element name { name } get_tls_certificates_response_tls_certificate_certificate = element certificate { attribute format { xsd:token { pattern = "DER|PEM|unknown" } } } get_tls_certificates_response_tls_certificate_md5_fingerprint = element md5_fingerprint { text } get_tls_certificates_response_tls_certificate_sha256_fingerprint = element sha256_fingerprint { text } get_tls_certificates_response_tls_certificate_trust = element trust { boolean } get_tls_certificates_response_tls_certificate_valid = element valid { boolean } get_tls_certificates_response_tls_certificate_time_status = element time_status { xsd:token { pattern = "expired|inactive|unknown|valid" } } get_tls_certificates_response_tls_certificate_activation_time = element activation_time { iso_time } get_tls_certificates_response_tls_certificate_expiration_time = element expiration_time { iso_time } get_tls_certificates_response_tls_certificate_subject_dn = element subject_dn { text } get_tls_certificates_response_tls_certificate_issuer_dn = element issuer_dn { text } get_tls_certificates_response_tls_certificate_serial = element serial { text } get_tls_certificates_response_tls_certificate_last_seen = element last_seen { iso_time } get_tls_certificates_response_tls_certificate_sources = element sources { get_tls_certificates_response_tls_certificate_sources_source* } get_tls_certificates_response_tls_certificate_sources_source = element source { attribute id { uuid } & get_tls_certificates_response_tls_certificate_sources_source_timestamp & get_tls_certificates_response_tls_certificate_sources_source_tls_versions & get_tls_certificates_response_tls_certificate_sources_source_location? & get_tls_certificates_response_tls_certificate_sources_source_origin } get_tls_certificates_response_tls_certificate_sources_source_timestamp = element timestamp { iso_time } get_tls_certificates_response_tls_certificate_sources_source_tls_versions = element tls_versions { text } get_tls_certificates_response_tls_certificate_sources_source_location = element location { attribute id { uuid } & get_tls_certificates_response_tls_certificate_sources_source_location_host & get_tls_certificates_response_tls_certificate_sources_source_location_port } get_tls_certificates_response_tls_certificate_sources_source_location_host = element host { get_tls_certificates_response_tls_certificate_sources_source_location_host_ip & get_tls_certificates_response_tls_certificate_sources_source_location_host_asset } get_tls_certificates_response_tls_certificate_sources_source_location_host_ip = element ip { text } get_tls_certificates_response_tls_certificate_sources_source_location_host_asset = element asset { attribute id { uuid }? } get_tls_certificates_response_tls_certificate_sources_source_location_port = element port { integer } get_tls_certificates_response_tls_certificate_sources_source_origin = element origin { attribute id { uuid } & get_tls_certificates_response_tls_certificate_sources_source_origin_origin_type & get_tls_certificates_response_tls_certificate_sources_source_origin_origin_id & get_tls_certificates_response_tls_certificate_sources_source_origin_origin_data & get_tls_certificates_response_tls_certificate_sources_source_origin_report? } get_tls_certificates_response_tls_certificate_sources_source_origin_origin_type = element origin_type { text } get_tls_certificates_response_tls_certificate_sources_source_origin_origin_id = element origin_id { text } get_tls_certificates_response_tls_certificate_sources_source_origin_origin_data = element origin_data { text } get_tls_certificates_response_tls_certificate_sources_source_origin_report = element report { attribute id { uuid }? & get_tls_certificates_response_tls_certificate_sources_source_origin_report_date & get_tls_certificates_response_tls_certificate_sources_source_origin_report_task } get_tls_certificates_response_tls_certificate_sources_source_origin_report_date = element date { iso_time } get_tls_certificates_response_tls_certificate_sources_source_origin_report_task = element task { attribute id { uuid } & get_tls_certificates_response_tls_certificate_sources_source_origin_report_task_name } get_tls_certificates_response_tls_certificate_sources_source_origin_report_task_name = element name { text } get_tls_certificates_response_filters = element filters { attribute id { uuid } & get_tls_certificates_response_filters_term & get_tls_certificates_response_filters_name? & get_tls_certificates_response_filters_keywords } get_tls_certificates_response_filters_term = element term { text } get_tls_certificates_response_filters_name = element name { text } get_tls_certificates_response_filters_keywords = element keywords { get_tls_certificates_response_filters_keywords_keyword* } get_tls_certificates_response_filters_keywords_keyword = element keyword { get_tls_certificates_response_filters_keywords_keyword_column & get_tls_certificates_response_filters_keywords_keyword_relation & get_tls_certificates_response_filters_keywords_keyword_value } get_tls_certificates_response_filters_keywords_keyword_column = element column { text } get_tls_certificates_response_filters_keywords_keyword_relation = element relation { ERROR } get_tls_certificates_response_filters_keywords_keyword_value = element value { text } get_tls_certificates_response_sort = element sort { text & get_tls_certificates_response_sort_field } get_tls_certificates_response_sort_field = element field { get_tls_certificates_response_sort_field_order } get_tls_certificates_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_tls_certificates_response_tls_certificates = element tls_certificates { attribute start { integer } & attribute max { integer } } get_tls_certificates_response_tls_certificate_count = element tls_certificate_count { get_tls_certificates_response_tls_certificate_count_filtered & get_tls_certificates_response_tls_certificate_count_page } get_tls_certificates_response_tls_certificate_count_filtered = element filtered { integer } get_tls_certificates_response_tls_certificate_count_page = element page { integer }
7.80.3 Example: Get the TLS certificates
<get_tls_certificates/>
<get_tls_certificates_response status="200" status_text="OK"> <tls_certificate id="ba36ed15-92fa-4ae0-af53-bad8ce472f18"> <owner> <name>admin</name> </owner> <name>Example Certificate</name> <comment/> <creation_time>2019-06-12T14:36:53Z</creation_time> <modification_time>2019-06-13T08:56:36Z</modification_time> <writable>1</writable> <in_use>0</in_use> <permissions> <permission> <name>Everything</name> </permission> </permissions> <certificate format="DER">MIIDNjCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELM[...]</certificate> <md5_fingerprint>ba:ec:16:30:27:ca:99:17:ff:df:a4:4c:bc:bf:1b:98</md5_fingerprint> <trust>1</trust> <valid>1</valid> <activation_time>2019-02-26T14:24:15Z</activation_time> <expiration_time>2021-02-25T14:24:15Z</expiration_time> <subject_dn>CN=localhost,O=GVM Users,L=Osnabrueck,C=DE</subject_dn> <issuer_dn> OU=Certificate Authority for localhost,O=GVM Users,L=Osnabrueck,C=DE </issuer_dn> </tls_certificate> <filters id=""> <term>first=1 rows=10 sort=name</term> <keywords> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> <keyword> <column>rows</column> <relation>=</relation> <value>1000</value> </keyword> <keyword> <column>sort</column> <relation>=</relation> <value>name</value> </keyword> </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <tls_certificates start="1" max="10"/> <tls_certificate_count> 1 <filtered>1</filtered> <page>1</page> </tls_certificate_count> </get_tls_certificates_response>
7.81 Command get_version
In short: Get the Greenbone Management Protocol version.
7.81.1 Structure
-
Command
- Empty single element.
-
Response
- @status (status)
- @status_text (text)
-
<version>
7.81.2 RNC
get_version = element get_version { "" }
get_version_response = element get_version_response { attribute status { status } & attribute status_text { text } & get_version_response_version } get_version_response_version = element version { text }
7.81.3 Example: Get the version
<get_version/>
<get_version_response status="200" status_text="OK"> <version>1.0</version> </get_version_response>
7.82 Command get_vulns
In short: Get one or many vulnerabilities.
The client uses the "get_vulns" command to retrieve the list of vulnerabilities occurring in reports.
7.82.1 Structure
-
Command
- @vuln_id (uuid) ID of single vulnerability to get.
-
@filter
(text)
Filter term to use to filter query.
Keywords
- column uuid (uuid) Unique ID
- column name (name) Name
- column created (iso_time) Creation time
- column modified (iso_time) Modification time
- column results (integer) Number of results
- column hosts (integer) Number of hosts
- column severity (severity) Severity of the vulnerability
- column qod (integer) QoD of the vulnerability
- column oldest (iso_time) Timestamp of the oldest result
- column newest (iso_time) Timestamp of the newest result
- column type (text) Type of vulnerability like NVT or CVE
- @filt_id (uuid) ID of filter to use to filter query.
-
Response
- @status (status)
- @status_text (text)
-
<vuln>
*
- @id (uuid) ID of vulnerability.
-
<name>
The name of the user.
-
<creation_time>
Creation time of the user.
-
<modification_time>
Last time the user was modified.
-
<severity>
Severity of the vulnerability.
-
<qod>
Quality of detection (QoD) of the vulnerability.
-
<results>
-
<count>
The number of results for the vulnerability.
-
<oldest>
Timestamp of the oldest result.
-
<newest>
Timestamp of the newest result.
-
<count>
-
<hosts>
-
<count>
The number of hosts where the vulnerability was detected.
-
<count>
-
<filters>
- @id (uuid) UUID of filter if any, else 0.
-
<term>
Filter term.
-
<name>
?Filter name, if applicable.
-
<keywords>
Filter broken down into keywords.
-
<keyword>
*
-
<column>
Column prefix.
-
<relation>
Relation operator.
-
<value>
The filter text.
-
<column>
-
<keyword>
*
-
<sort>
-
<field>
-
<order>
-
<order>
-
<field>
- <vulns>
-
<vuln_count>
-
<filtered>
Number of vulnerabilities after filtering.
-
<page>
Number of vulnerabilities on current page.
-
<filtered>
7.82.2 RNC
get_vulns = element get_vulns { attribute vuln_id { uuid }? & attribute filter { text }? & attribute filt_id { uuid }? }
get_vulns_response = element get_vulns_response { attribute status { status } & attribute status_text { text } & get_vulns_response_vuln* & get_vulns_response_filters & get_vulns_response_sort & get_vulns_response_vulns & get_vulns_response_vuln_count } get_vulns_response_vuln = element vuln { attribute id { uuid } & get_vulns_response_vuln_name & get_vulns_response_vuln_creation_time & get_vulns_response_vuln_modification_time & get_vulns_response_vuln_severity & get_vulns_response_vuln_qod & get_vulns_response_vuln_results & get_vulns_response_vuln_hosts } get_vulns_response_vuln_name = element name { text } get_vulns_response_vuln_type = element type { ERROR } get_vulns_response_vuln_creation_time = element creation_time { iso_time } get_vulns_response_vuln_modification_time = element modification_time { iso_time } get_vulns_response_vuln_severity = element severity { severity } get_vulns_response_vuln_qod = element qod { integer } get_vulns_response_vuln_results = element results { get_vulns_response_vuln_results_count & get_vulns_response_vuln_results_oldest & get_vulns_response_vuln_results_newest } get_vulns_response_vuln_results_count = element count { integer } get_vulns_response_vuln_results_oldest = element oldest { iso_time } get_vulns_response_vuln_results_newest = element newest { iso_time } get_vulns_response_vuln_hosts = element hosts { get_vulns_response_vuln_hosts_count } get_vulns_response_vuln_hosts_count = element count { integer } get_vulns_response_filters = element filters { attribute id { uuid } & get_vulns_response_filters_term & get_vulns_response_filters_name? & get_vulns_response_filters_keywords } get_vulns_response_filters_term = element term { text } get_vulns_response_filters_name = element name { text } get_vulns_response_filters_keywords = element keywords { get_vulns_response_filters_keywords_keyword* } get_vulns_response_filters_keywords_keyword = element keyword { get_vulns_response_filters_keywords_keyword_column & get_vulns_response_filters_keywords_keyword_relation & get_vulns_response_filters_keywords_keyword_value } get_vulns_response_filters_keywords_keyword_column = element column { text } get_vulns_response_filters_keywords_keyword_relation = element relation { ERROR } get_vulns_response_filters_keywords_keyword_value = element value { text } get_vulns_response_sort = element sort { text & get_vulns_response_sort_field } get_vulns_response_sort_field = element field { get_vulns_response_sort_field_order } get_vulns_response_sort_field_order = element order { xsd:token { pattern = "ascending|descending" } } get_vulns_response_vulns = element vulns { attribute start { integer } & attribute max { integer } } get_vulns_response_vuln_count = element vuln_count { get_vulns_response_vuln_count_filtered & get_vulns_response_vuln_count_page } get_vulns_response_vuln_count_filtered = element filtered { integer } get_vulns_response_vuln_count_page = element page { integer }
7.82.3 Example: Get the vulnerabilities
<get_vulns/>
<get_vulns_response status="200" status_text="OK"> <vuln id="1.3.6.1.4.1.25623.1.0.808160"> <name> 7Zip UDF CInArchive::ReadFileItem Code Execution Vulnerability </name> <type>nvt</type> <creation_time>2016-06-13T12:57:54+01:00</creation_time> <modification_time>2016-12-07T07:43:41+01:00</modification_time> <severity>6.8</severity> <qod>97</qod> <results> <count>12</count> <oldest>2017-03-21T09:27:44+01:00</oldest> <newest>2017-03-21T09:46:42+01:00</newest> </results> <hosts> <count>1</count> </hosts> </vuln> <truncate>...</truncate> <filters id="0"> <term>rows=10 first=1 sort=name</term> <keywords> <keyword> <column>rows</column> <relation>=</relation> <value>10</value> </keyword> <keyword> <column>first</column> <relation>=</relation> <value>1</value> </keyword> <keyword> <column>sort</column> <relation>=</relation> <value>name</value> </keyword> </keywords> </filters> <sort> <field> name <order>ascending</order> </field> </sort> <vulns start="1" max="10"/> <vuln_count> 1648 <filtered>1396</filtered> <page>10</page> </vuln_count> </get_vulns_response>
7.83 Command help
In short: Get the help text.
7.83.1 Structure
-
Command
- @format ("html", "HTML", "rnc", "RNC", "text", "TEXT", "xml" or "XML") Required help format.
- @type ("brief" or "") Help type, currently only blank or "brief" for XML format.
-
Response
- @status (status)
- @status_text (text)
-
<schema>
?
-
<protocol>
- @format (text) The help format.
- @extension (text) The suggested file extension for the help.
- @content_type (text) The MIME content-type of the help.
-
<name>
The full name of the protocol.
-
<abbreviation>
?The abbreviated name of the protocol.
-
<summary>
?A summary of the protocol.
-
<version>
?The version number of the protocol.
-
<type>
*A data type.
-
<name>
The name of the data type.
-
<summary>
?A summary of the data type.
-
<description>
?A description of the data type.
-
<p>
*A paragraph.
-
<p>
*
-
<pattern>
The RNC pattern for the data type.
-
<name>
-
<command>
*
A command.
-
<protocol>
7.83.2 RNC
help = element help { attribute format { xsd:token { pattern = "html|HTML|rnc|RNC|text|TEXT|xml|XML" } }? & attribute type { xsd:token { pattern = "brief|" } }? }
help_response = element help_response { text & attribute status { status } & attribute status_text { text } & help_response_schema? } help_response_schema = element schema { help_response_schema_protocol } help_response_schema_protocol = element protocol { attribute format { text }? & attribute extension { text }? & attribute content_type { text }? & help_response_schema_protocol_name & help_response_schema_protocol_abbreviation? & help_response_schema_protocol_summary? & help_response_schema_protocol_version? & help_response_schema_protocol_type* & help_response_schema_protocol_command* } help_response_schema_protocol_name = element name { text } help_response_schema_protocol_abbreviation = element abbreviation { text } help_response_schema_protocol_summary = element summary { text } help_response_schema_protocol_version = element version { text } help_response_schema_protocol_type = element type { help_response_schema_protocol_type_name & help_response_schema_protocol_type_summary? & help_response_schema_protocol_type_description? & help_response_schema_protocol_type_pattern } help_response_schema_protocol_type_name = element name { type_name } help_response_schema_protocol_type_summary = element summary { text } help_response_schema_protocol_type_description = element description { text & help_response_schema_protocol_type_description_p* } help_response_schema_protocol_type_description_p = element p { text } help_response_schema_protocol_type_pattern = element pattern { text } help_response_schema_protocol_command = element command # type command_definition { command_definition_name & command_definition_summary? & command_definition_description? & ( ( command_definition_pattern & command_definition_response ) | ( command_definition_type & command_definition_ele* ) ) & command_definition_example* }
7.83.3 Example: Get the help text
<help/>
<help_response status="200" status_text="OK"> AUTHENTICATE Authenticate with the manager. COMMANDS Run a list of commands. CREATE_AGENT Create an agent. ... VERIFY_SCANNER Verify a scanner. </help_response>
7.83.3 Example: Get the GMP schema
<help format="XML"/>
<help_response status="200" status_text="OK"> <schema format="XML" extension="xml" content_type="text/xml"> <protocol> <name>Greenbone Management Protocol</name> <abbreviation>GMP</abbreviation> <summary> The management protocol of the Greenbone Vulnerability Manager </summary> <version>9.0</version> ... <type> <name>base64</name> <summary>Base64 encoded data</summary> <pattern>xsd:base64Binary</pattern> </type> ... <command> <name>authenticate</name> <summary>Authenticate with the manager</summary> ... </command> ... </protocol> </schema> </help_response>
7.84 Command modify_agent
In short: Modify an existing agent.
The client uses the modify_agent command to change an existing agent.
7.84.1 Structure
-
Command
- @agent_id (uuid) ID of agent to modify.
-
<name>
?Name of agent.
-
<comment>
?Comment on agent.
-
Response
- @status (status)
- @status_text (text)
7.84.2 RNC
modify_agent = element modify_agent { attribute agent_id { uuid } & modify_agent_name? & modify_agent_comment? } modify_agent_comment = element comment { text } modify_agent_name = element name { name }
modify_agent_response = element modify_agent_response { attribute status { status } & attribute status_text { text } }
7.84.3 Example: Modify the comment on an agent
<modify_agent agent_id="c737f787-9473-410d-8956-9d7b57bdd11f"> <comment>Old Agent 1</comment> </modify_agent>
<modify_agent_response status="200" status_text="OK"/>
7.85 Command modify_alert
In short: Modify an existing alert.
The client uses the modify_alert command to change an existing alert.
7.85.1 Structure
-
Command
- @alert_id (uuid) ID of alert to modify.
-
<name>
?Name of alert.
-
<comment>
?Comment on alert.
-
<filter>
?Filter to apply when executing alert.
- @id (uuid)
-
<event>
?The event that must happen for the alert to occur.
-
<data>
*Some data that defines the event.
-
<name>
The name of the event data.
-
<name>
-
<data>
*
-
<condition>
?The condition that must be satisfied for the alert to occur.
-
<data>
*Some data that defines the condition.
-
<name>
The name of the condition data.
-
<name>
-
<data>
*
-
<method>
?The method by which the user is alerted.
-
<data>
*Some data that defines the method.
-
<name>
The name of the method data.
-
<name>
-
<data>
*
-
Response
- @status (status)
- @status_text (text)
7.85.2 RNC
modify_alert = element modify_alert { attribute alert_id { uuid } & modify_alert_name? & modify_alert_comment? & modify_alert_filter? & modify_alert_event? & modify_alert_condition? & modify_alert_method? } modify_alert_name = element name { name } modify_alert_comment = element comment { text } modify_alert_condition = element condition { text & modify_alert_condition_data* } modify_alert_condition_data = element data {