21 Glossary¶
This section defines relevant terminology which is consistently used across the entire system.
21.1 Alert¶
An alert is an action which can be triggered by certain events. In most cases, this means the output of a notification, for example an e-mail in case of a finished scan.
21.2 Asset¶
Assets are hosts, operating systems, and TLS certificates that are discovered on the network during a vulnerability scan or entered manually by the user.
21.3 CERT-Bund Advisory¶
An advisory published by CERT-Bund. See https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Reaktion/CERT-Bund/cert-bund_node.html for more information.
21.4 Compliance Audit¶
A compliance audit is a scan task with the flag audit and used to check the fulfillment of compliances.
21.5 Compliance Policy¶
A compliance policy is a scan configuration with the flag policy and used to check the fulfillment of compliances.
21.6 CPE¶
Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems, platforms and packages.
A CPE name starts with “cpe:/”, followed by up to seven components separated by colons.
21.7 CVE¶
Common Vulnerabilities and Exposures (CVE) is a dictionary of publicly known information security vulnerabilities and exposures. Every vulnerability is assigned a unique identifier, consisting of the release year and a simple number, and serves as a central reference.
21.8 CVSS¶
The Common Vulnerability Scoring System (CVSS) is an industry standard for describing the severity of security risks in computer systems. Security risks are rated and compared using different criteria. This allows for the creation of a priority list of countermeasures.
21.9 DFN-CERT Advisory¶
An advisory published by DFN-CERT. See https://www.dfn-cert.de/ for more information.
21.10 Filter¶
A filter describes how to select a certain subset from a group of resources.
21.11 Group¶
A group is a collection of users.
21.12 Host¶
A host is a single system that is connected to a computer network and that can be scanned. One or many hosts form the basis of a scan target.
21.13 Note¶
A note is a textual comment associated with a VT. Notes show up in reports, below the results generated by the VT.
21.14 Vulnerability Test (VT)¶
A vulnerability test (VT) is a routine that checks a target system for the presence of a specific known or potential security problem.
VTs are grouped into families of similar VTs. The selection of families and/or single VTs is part of a scan configuration.
21.15 Override¶
An override is a rule to change the severity of items within one or many report(s).
Overrides are especially useful to mark report items as false positives (for example an incorrect or expected finding), or emphasize items that are of higher severity in the observed scenario.
21.16 Permission¶
A permission grants a user, role or group the right to perform a specific action.
21.17 Port List¶
A port list is a list of ports. Each target is associated with a port list. This determines which ports are scanned during a scan of the target.
21.18 Quality of Detection (QoD)¶
The Quality of Detection (QoD) is a value between 0 % and 100 % describing the reliability of the executed vulnerability detection or product detection. The value of 70 % is the default minimum used for filtering the displayed results in the reports.
For more information about the QoD see Chapter 11.2.6.
21.19 Remediation Ticket¶
Tickets are assignments for users to resolve or keep track of a vulnerability.
21.20 Report¶
A report is the result of a scan and contains a summary of what the selected VTs detected for each of the target hosts.
A report is always associated with a task. The scan configuration that determines the extent of the report is part of the associated task and cannot be modified. Therefore, for any report it is ensured that its execution configuration is preserved and available.
21.21 Report Format¶
A format in which a report can be downloaded.
An example is TXT which has the content type “text/plain”, meaning that the report is a plain text document.
21.22 Result¶
A single result generated by the scanner as part of a report, for example a vulnerability warning or a log message.
21.23 Role¶
A role defines a set of permissions that can be applied to a user or a group.
21.24 Scan¶
A scan is a task in progress. For each task only one scan can be active. The result of a scan is a report.
21.25 Scanner¶
A scanner is an OpenVAS Scanner daemon or compatible OSP daemon on which the scan will be run.
21.26 Scan Configuration¶
A scan configuration defines the set of VTs that are executed during a scan. It also contains general and very specific (expert) parameters for the scan server and for some of the VTs.
Not covered by a scan configuration is the selection of targets.
21.27 Schedule¶
A schedule sets the time when task should be automatically started, a period after which the task should run again and a maximum duration the task is allowed to take.
21.28 Severity¶
The severity is a qualitative measure of a vulnerability’s severity according to the Common Vulnerability Scoring System (CVSS). This includes a severity score, which is a number from 0.0 to 10.0, with 10.0 being the most severe, and a severity class based on the score (High, Medium and Low).
21.29 Solution Type¶
The solution type shows possible solutions for the remediation of the vulnerability (workaround, mitigation, vendor fix), or whether a vulnerability cannot or will not be fixed.
21.30 Tag¶
A tag is a short data package consisting of a name and a value that is attached to a resource of any kind and contains user defined information on this resource.
21.31 Target¶
A target defines a set of systems (hosts) that are scanned. The systems are identified either by their IP addresses, by their host names or with CIDR network notation.
21.32 Task¶
A task is fundamentally formed by a target and a scan configuration. Executing a task initiates a scan, which then produces a scan report containing the found vulnerabilities.
A container task is a task with the function to hold imported reports. Running a container task is not possible.
21.33 TLS Certificate¶
A TLS (Transport Layer Security) certificate is a certificate used for authentication when establishing a connection secured by TLS.
The scan report contains all TLS certificates collected during a vulnerability scan.