8 Getting to Know the Web Interface¶

8.1 Logging into the Web Interface¶

The main interface of the appliance is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as follows:

Open the web browser.
Enter the IP address of the appliance’s web interface.

Tip

The web interface’s IP address is displayed in the console login prompt (see Chapter 7.1.2.2.1) or in the GOS administration menu when selecting About and pressing Enter.
Log in with the web administrator account created during the setup (see Chapter 5).

8.2 Using Dashboards¶

Many pages of the web interface contain dashboards at the top of the page. These dashboards consist of individually compiled and organized charts and tables. The charts and tables available depend on the page content.

For each page, there is a default setting of charts and/or tables. The default setting can be restored by clicking on the right side above the dashboard.

8.2.1 Adding a Dashboard Display¶

A new display can be added to a dashboard as follows:

Click on the right side above the dashboard.
Select the desired display from the drop-down list (see Fig. 8.1).

Tip

The input box above the list can be used to filter the options.

Fig. 8.1 Adding a display¶
Click Add.

8.2.2 Deleting a Dashboard Display¶

A display can be deleted by clicking in the upper right corner of the display (see Fig. 8.2).

_images/delete_display.png — Fig. 8.2 Deleting a display¶

8.2.3 Editing a Dashboard Display¶

Depending on the display, there are several options that can be selected by moving the cursor to the right edge of the display (see Fig. 8.3):

_images/dashboard_further_options.png — Fig. 8.3 Choosing further options for a display¶

Apply a filter to the chart or table. The filter must be configured and saved for the displayed resource type beforehand (see Chapter 8.3.2).
Download the chart as an SVG file (only for charts).
Download the table as a CSV file (only for tables).
Hide or show a legend (only for charts).
Switch between 2D and 3D presentation (only for charts).

8.2.4 Organizing Dashboards Displays¶

On the Dashboards page, dashboard displays can be grouped and arranged. Displays can be put together individually, but there are also predefined dashboards that can be selected.

There can be up to 10 dashboards. By default, there is only the Overview dashboard, which provides a brief outline of tasks, CVEs and VTs (see Fig. 8.4).

_images/main_dashboard.png — Fig. 8.4 Overview dashboard¶

8.2.4.1 Adding a New Dashboard¶

A new dashboard can be created as follows:

Click in the tabs above the dashboard (see Fig. 8.5).

Fig. 8.5 Adding a new dashboard¶
Enter a name for the dashboard in the Dashboard Title input box.
Select the displays that should be shown by default from the Initial Displays drop-down list (see Fig. 8.6).

The following default sets of displays are available:
- Default: the dashboard contains the same displays as the overview dashboard.
- Scan Displays: the dashboard contains displays concerning tasks, results and reports.
- Asset Displays: the dashboard contains displays concerning hosts and operating systems.
- SecInfo Displays: the dashboard contains displays concerning VTs, CVEs, and CERT-Bund Advisories.
- Empty: the dashboard contains no displays.
Additionally, already existing dashboards can be chosen.

Tip

The displays can also be edited later (see Chapters 8.2.1, 8.2.2 and 8.2.3).

Fig. 8.6 Adding a new dashboard¶
Click Add.

→ The dashboard is added and shown in the tab bar (see Fig. 8.7).

Fig. 8.7 Tabs of available dashboards¶

8.2.4.2 Editing a Dashboard¶

Displays can be added to or deleted from a dashboard as described in Chapters 8.2.1 and 8.2.2.
The displays in a dashboard can be edited as described in Chapter 8.2.3.
A dashboard can be renamed as follows:
1. Click in the tab of the dashboard in the tab bar (see Fig. 8.8).
  
  Fig. 8.8 Renaming or deleting a dashboard¶
2. Change the name in the Dashboard Title input box.
3. Click Save.

8.2.4.3 Deleting a Dashboard¶

A dashboard can be deleted by clicking in the dashboard tab (see Fig. 8.8).

8.3 Filtering the Page Content¶

Almost every page of the web interface offers the possibility to filter the displayed content.

Filter expressions consist of a keyword, an operator and a value. Multiple filter expressions can be freely combined.

Note

The filter is context-aware which means that the possible filter expressions depend on the page currently open.

The filter is not case-sensitive. All uppercase letters are transformed to lowercase letters before the filter is applied.

8.3.1 Using the Filter Bar¶

The filter bar in the upper right corner (see Fig. 8.9) offers the following options:

The filter expression that should be applied to the currently open page can be entered directly in the input box. The specific syntax of the filter must be used (see Chapter 8.3.3).
Update the filter with the current input.
Remove the currently applied filter.
Reset the filter expressions to the default settings.
Open the corresponding chapter of the user manual.
Modify the filter that should be applied to the currently open page (see below).
A saved filter can be applied by selecting it from the drop-down list.

_images/filterbar.png — Fig. 8.9 Filter bar at the top of the page¶

The filter can be modified (and saved) as follows:

Click in the filter bar.
Select and modify the filter expressions (see Fig. 8.10).

Filter expressions that should be searched for can be entered in the Filter input box.

Fig. 8.10 Adjusting the filter¶
If the filter should be stored for future use, activate the Store filter as checkbox and enter a name for the filter in the input box.
Click Update.

→ The filter is applied and, if selected, saved. A saved filter can be applied using the drop-down list in the filter bar (see Fig. 8.11).

Fig. 8.11 Selecting a saved filter¶

Tip

If a specific filter should always be activated on a page, it can be set as the default filter in the user settings (see Chapter 8.7).

8.3.2 Creating a Filter on the Filters Page¶

Filters can be created using the Filter page as follows:

Select Configuration > Filters in the menu bar.
Click in the upper left corner.
Fill in the input boxes (see Fig. 8.12):

Name
The name can be chosen freely. A descriptive name should be chosen if possible.

This input box is mandatory.

Comment
The optional comment allows specifying further details and background information.

Term
Filter expressions that should be applied (see Chapter 8.3.3).

If no term is entered, the basic filter first=1 rows=10 sort=name is used.

Type
Resource type to which the filter should by applied.

Note

The filter can only be used on the page for which it was created.

Fig. 8.12 Creating a new filter¶
Click Save.

→ The filter can be applied using the drop-down list in the filter bar (see Fig. 8.13).

Fig. 8.13 Selecting a saved filter¶

Tip

If a specific filter should always be activated on a page, it can be set as the default filter in the user settings (see Chapter 8.7).

8.3.3 Filter Expressions¶

When applied, the filter expressions are shown in the lower left corner of the page (see Fig. 8.14).

The filter uses a specific syntax that must be considered.

_images/filter_syntax.png — Fig. 8.14 Applied filter expressions¶

Tip

A full list of all filter keywords with possible values sorted by page/resource type can be found here.

8.3.3.1 Global Keywords¶

In general, the specification of the following keywords is always possible.

Note

These keywords apply to the whole filter request and should only be mentioned once.

Example: filter requests like name~test and rows=20 or name~def and rows=30 are not allowed. In this case, only rows=30 would be applied.

rows

Number of rows that are displayed per page.

The default value is rows=10.
Entering a value of -1 will display all results.
Entering a value of -2 will use the value that was set in the user settings for Rows Per Page (see Chapter 8.7).

Note

Using rows=-1 can cause performance issues when large amounts of data need to be processed.

If long page loading times occur, a different row filter should be used.

first

Specification of the first resource displayed.

Example: rows=10 first=11 displays the resources 11 to 20.

sort

Specification of the column used for sorting the resources. The resources are sorted ascending.

Example: sort=name sorts the resources by name.

The sorting can also be done by clicking the title of the column.
After applying the filter, uppercase letters of the column names are changed to lowercase letters and spaces are changed to underscores.
Typical columns are:
- name
- severity
- host
- location
- qod (quality of detection)
- comment
- modified
- created

Note

sort is not applicable for report details pages (see Chapter 11.2.1).

sort-reverse

Specification of the column used for sorting the resources. The same rules as for sort apply (see above). The resources are sorted descending.

Note

sort-reverse is not applicable for report details pages (see Chapter 11.2.1).

tag

Selection of resources with a specific tag (see Chapter 8.4).

Either only the tag name (tag="server") or a specific tag value (tag="server=mail") can be used for filtering.
Regular expressions are also allowed.
With tags, custom categories can be created and used in the filters. This allows for a versatile and granular filter functionality.

tag_id

Selection of resources with a specific tag (see Chapter 8.4).

The UUID of the tag is used for filtering. The UUID of a tag can be found on the tag’s details page (see Chapter 8.4.4).
The filter stays valid, even if the name of the tag is changed.

8.3.3.2 Filter Operators¶

When specifying the filter expressions, the following operators are used:

= equals, for example rows=10
~ contains, for example name~admin
< less than, for example created<-1w → older than a week
> greater than, for example created>-1w → newer than a week
regexp regular expression, for example regexp 192.168.[0-9]+.[0-9]

The following operators are not supported:

<=
>=
( )

There are a couple of special cases:

If no value follows =, all resources without a value for the specified keyword are displayed.

Example: comment= shows all resources without a comment.
If a value should be found but it is not defined which column should be searched, all columns are searched.

Example: =192.168.15.5 searches whether at least one column contains the given value.
The filter expressions are usually or-combined. This can also be specified with the logical operator or.

To achieve an and-combination the logical operator and must be specified.

Example: modified>2019-01-01 and name=services
and is resolved before or, which means x and y or a and b is resolved to (x and y) or (a and b)

Terms like x and (a or b) have to be written as x and a or x and b.
Using not negates the filter.

Example: not ~192.168.81.129 shows all resources that do not contain “192.168.81.129”.

8.3.3.3 Text Phrases¶

Usually, text phrases that are being searched for can be specified.

The following examples show aspects that should be considered:

overflow

Finds all resources that contain the word “overflow”.

This applies to “Overflow” as well as to “Bufferoverflow”.

remote exploit

Finds all resources containing “remote” or “exploit”, or both.

The resources do not have to be found in the same column.

remote and exploit

Finds all resources containing both “remote” and “exploit”.

The resources do not have to be found in the same column.

"remote exploit"

Finds all resources containing the string “remote exploit”.

The exact string is searched for and not the individual words.

regexp 192.168.[0-9]+.[0-9]

Finds the given regular expression.

8.3.3.4 Time Specifications¶

Time specifications in the filter can be absolute or relative.

Absolute time specification

An absolute time specification has the format YYYY-MM-DDTHHhMM, for example 2024-10-02T13h50.

If the time is left out, a time of 12:00 a.m. will be assumed automatically.

Example: modified>2024-09-01T15h00 and modified<2024-09-30T15h00 shows resources that were modified between the specified dates.

Relative time specification

Relative time specifications are always calculated in relation to the current time.

Past times are specified with a leading minus sign (-). Time specification without a leading character are interpreted as being in the future.

For time periods the following letters can be used:

s: second
m: minute
h: hour
d: day
w: week
M: month (30 days)
y: year (365 days)

Example: created>-5d shows resources that were created within the past 5 days.

Note

Combinations such as 5d1h are not permitted but have to be replaced with 121h.

8.3.4 Examples for Filters Expressions¶

Here are some examples for filters:

127.0.0.1 shows any resource that has “127.0.0.1” anywhere in the text of any column.
127.0.0.1 iana shows any resource that has “127.0.0.1” or “iana” anywhere in the text of any column.
127.0.0.1 and iana shows any resource that has “127.0.0.1” and “iana” anywhere in the text of any column.
=127.0.0.1 shows any resource that has “127.0.0.1” as the exact name in any column.
not ip:192.168.100.[0-9]{1,3} shows any resource with an IP address that does not start with “192.168.100.”, followed by one, two or three numbers between 0 and 9.
regexp 192.168.[0-9]+.[0-9] shows any resource that has an IP style string starting with “192.168” anywhere in the text of any column.
name=localhost shows any resource with the exact name “localhost”.
name~local shows any resource with “local” anywhere in the name.
name:^local shows any resource with a name starting with “local”.
port_list~tcp shows any resource that has “tcp” anywhere in the port list name.
modified>2023-04-03 and modified<2023-04-05 shows any resource that was modified between 2023-04-03 0:00 and 2023-04-05 0:00.
created>2023-04-03T13h00 shows any resource that was created after 13:00 on 2023-04-03.
rows=20 first=1 sort=name shows the first 20 resources sorted by the column Name.
created>-7d shows any resource that was created within the past 7 days.
tag="geo:long=52.2788 shows any resource that has a tag named “geo:long” with the value “52.2788”.
tag~geo shows any resource that has a tag with a name containing “geo”.

8.3.5 Managing Filters¶

List Page

All existing filters can be displayed by selecting Configuration > Filters in the menu bar (see Fig. 8.15).

For all filters, the following information is displayed:

Name: Name that was assigned to the filter when it was created.
Term: Filter expressions that form the filter (see Chapter 8.3.3).
Type: Resource type to which the filter can be applied.

For all filters, the following actions are available:

Move the filter to the trashcan.
Edit the filter.
Clone the filter.
Export the filter as an XML file.

Note

By clicking or below the list of filters more than one filter can be moved to the trashcan or exported at a time. The drop-down list is used to select which filters are moved to the trashcan or exported.

_images/filter_managing.png — Fig. 8.15 Managing filters¶

Details Page

Click on the name of a filter to display the details of the filter. Click to open the details page of the filter.

The following tabs are available:

Information: General information about the filter, including the term, the type and where the filter is in use.
User Tags: Assigned tag (see Chapter 8.4).
Permissions: Assigned permissions (see Chapter 9.4).

The following actions are available in the upper left corner:

Open the corresponding chapter of the user manual.
Show the list page of all filters.
Create a new filter (see Chapter 8.3.1).
Clone the filter.
Edit the filter.
Move the filter to the trashcan.
Export the filter as an XML file.

8.4 Using Tags¶

Tags are pieces of information that can be linked to one or multiple resources of the same type. They can be used for filtering (see Chapters 8.3 and 8.3.3.1).

8.4.1 Creating a Tag for a Single Resource¶

A tag for a single resource can be created and linked directly to it as follows:

Open the details page of the resource by clicking on the resource’s name and then on .
Click on the tab User Tags.
Click on the right side.
Fill in the input boxes:

Name
The name can be chosen freely. A descriptive name should be chosen if possible.

This input box is mandatory.

Comment
The optional comment allows specifying further details and background information.

Value
A value can be assigned for a more fine-grained definition.

Example: a tag named department with the value production can be linked to a resource; a tag also named department but with the value sales can be linked to another resource.

Resource Type
Resource type to which the tag should by linked.

This drop-down list is read-only because the tag is created directly for a resource.

Resources
Selection of a specific resource of the selected resource type.

This drop-down list is read-only because the tag is created directly for a resource.

Active
Selection whether the tag should be available for usage or not.
Click Save.

8.4.2 Creating a Tag for Multiple Resources¶

A tag can be created and linked directly to multiple resources of the same type (for example, tasks, targets, scanners) as follows:

Open the list page of a resource type.
Filter the list so that only the resources that should get the tag are displayed.
Select the scope of resources to which the tag should be linked from the drop-down list below the list of resources (see Fig. 8.16).

Note

Apply to page contents links the tag to all resources visible on the current page.

Apply to all filtered links the tag to all resources affected by the currently applied filter, even if they are not visible on the current page.

Fig. 8.16 Selecting the resources¶

or

Select Apply to selection from the drop-down list below the list of resources.
In the Actions column, activate the checkboxes of the resources that should get the tag.
Click below the list of resources.
Select the tag from the Choose Tag drop-down list (see Fig. 8.17).

Note

Only tags that have been created for the selected resource type can be selected.

Alternatively, a new tag can be created by clicking .

Fig. 8.17 Selecting a tag for multiple resources¶
Click Add Tag.

8.4.3 Creating a Tag on the Tags Page¶

Tags can be created without being linked directly to one or multiple resources using the Tags page as follows:

Select Configuration > Tags in the menu bar.
Click in the upper left corner.
Fill in the input boxes (see Fig. 8.18):

Name
The name can be chosen freely. A descriptive name should be chosen if possible.

This input box is mandatory.

Comment
The optional comment allows specifying further details and background information.

Value
A value can be assigned for a more fine-grained definition.

Example: a tag named department with the value production can be linked to a resource; a tag also named department but with the value sales can be linked to another resource.

Resource Type
Resource type to which the tag should by linked.

Resources
Selection of a specific resource of the selected resource type.

Active
Selection whether the tag should be available for usage or not.

Fig. 8.18 Creating a new tag¶
Click Save.

8.4.4 Managing Tags¶

List Page

All existing tags can be displayed by selecting Configuration > Tags in the menu bar.

For all tags, the following information is displayed:

Name: Name that was assigned to the tag when it was created.
Value: Value that was defined for the tag when it was created.
Active: Indication whether the tag is available for usage or not.
Resource Type: Resource type to which the tag can by linked.
Number of Resources: Number of resources the tag is currently linked to.
Modified: Date and time the tag was last modified.

For all tags, the following actions are available:

Disable the tag if it is active.
Enable the tag if it is not active.
Move the tag to the trashcan.
Edit the tag.
Clone the tag.
Export the tag as an XML file.

Note

By clicking or below the list of tags more than one tag can be moved to the trashcan or exported at a time. The drop-down list is used to select which tags are moved to the trashcan or exported.

Details Page

Click on the name of a tag to display the details of the tag. Click to open the details page of the tag.

The following tabs are available:

Information: General information about the tag, including value, resource type and whether it is active or not.
Assigned Items: Resources to which the tag is currently linked. The resources are only displayed if the tag is active.
Permissions: Assigned permissions (see Chapter 9.4).

The following actions are available in the upper left corner:

Open the corresponding chapter of the user manual.
Show the list page of all tags.
Create a new tag (see Chapter 8.4.3).
Clone the tag.
Edit the tag.
Move the tag to the trashcan.
Export the tag as an XML file.
Disable the tag if it is active.
Enable the tag if it is not active.

8.5 Using the Trashcan¶

The Trashcan page is opened by selecting Administration > Trashcan in the menu bar. It lists all resources currently in the trashcan, grouped by resource type.

Note

Resources in the trashcan are not yet considered deleted. They are only finally deleted when they are manually deleted from the trashcan, or when the entire trashcan is emptied.

The Content table shows all possible types resources in the trashcan, together with the respective number of each type currently in the trashcan (see Fig. 8.19).

The whole trashcan can be emptied by clicking Empty Trash.

_images/trashcan_overview.png — Fig. 8.19 Contents of the trashcan¶

By clicking on a resource type, the corresponding section is displayed. The single resources can be managed there (see Fig. 8.20):

Clicking moves the resource out of the trashcan and back to its regular page. The resource cannot be restored if it depends on another resource in the trashcan.
Clicking removes the resource entirely from the system. The resource cannot be deleted if another resource in the trashcan depends on it.

_images/trashcan_detail.png — Fig. 8.20 Restoring or deleting a resource located in the trashcan¶

8.6 Displaying the Feed Status¶

The synchronization status of all SecInfo can be displayed by selecting Administration > Feed Status in the menu bar.

The following information is displayed (see Fig. 8.21):

Type

Feed type (NVT, SCAP, CERT or GVMD_DATA).

Content

Type of information provided by the feed.

Origin

Name of the feed service that is used to synchronize the SecInfo.

Version

Version number of the feed data.

Status

Status information of the feed, for example time since the last update.

If a feed update is currently being performed, Update in progress… is displayed. This status is displayed for all feeds, even if only one feed is currently being updated.

_images/feed_status.png — Fig. 8.21 Displaying the feed status¶

8.7 Changing the User Settings¶

Every user of the appliance can manage their own settings for the web interface. These settings can be accessed by moving the cursor over in the upper right corner and clicking My Settings (see Fig. 8.22).

_images/user_settings.png — Fig. 8.22 Accessing the user settings¶

The settings can be modified by clicking .

_images/user_settings_2.png — Fig. 8.23 Managing user settings¶

Important settings are:

Timezone

Selection of the time zone used to display information. The appliance saves all information in the time zone UTC±00:00 internally. To display the data in the user’s time zone, the corresponding selection is required.

Change Password

The user password can be changed here.

User Interface Language

Language of the web interface. Per default, the browser setting is used.

Rows Per Page

Default number of resources shown per list page on the web interface. A high number of rows per page increases loading times. Custom filters may override this setting (see Chapter 8.3).

Details Export File Name

Default file name of exported resource details. For the file name, the following placeholders can be used:

%C: the creation date in the format YYYYMMDD. Changed to the current date if a creation date is not available.
%c: the creation time in the format HHMMSS. Changed to the current time if a creation time is not available.
%D: the current date in the format YYYYMMDD.
%F: the name of the used report format (XML for lists and types other than reports).
%M: the modification date in the format YYYYMMDD. Changed to the creation date or to the current date if a modification date is not available.
%m: the modification time in the format HHMMSS. Changed to the creation time or to the current time if a modification time is not available.
%N: the name for the resource or the associated task for reports. Lists and types without a name will use the type (see %T).
%T: the resource type, for example “task”, “port_list”. Pluralized for list pages.
%t: the current time in the format HHMMSS.
%U: the unique ID of the resource or “list” for lists of multiple resources.
%u: the name of the currently logged in user.
%%: the percent sign (%).

List Export File Name

Default file name for exported resource lists. The same placeholders as for Details Export File Name can be used (see above).

Report Export File Name

Default file name for exported reports. The same placeholders as for Details Export File Name can be used (see above).

Auto Cache Rebuild

Enable or disable the automatic cache rebuild. If many actions are performed in a row (for example deleting multiple resources) and automatic cache rebuild is enabled, each action triggers the cache rebuild, which slows down the process. For such cases, the automatic cache rebuild can be disabled temporarily.

Dynamic Severity

Selection of whether the severity of an existing result is changed if the severity of the underlying VT changes. Otherwise, the new severity only affects future scans.

Default Severity

Specification of the default severity. It is used if no severity is assigned to a VT.

Defaults Settings

Default selections or entries for various settings.

Filter Settings

Selection of specific default filters for each page. The filters are applied automatically when the page is loaded.

8.8 Opening the Manual¶

The manual can be opened by selecting Help > User Manual in the menu bar.

Additionally, the manual can be opened on any page by clicking in the upper left corner. The chapter that corresponds to the page content is opened.

8.9 Logging Out of the Web Interface¶

Logging out of the web interface can be done by moving the cursor over in the upper right corner and clicking Log Out (see Fig. 8.24).

If no action is performed on the web interface for a defined period of time, the user is logged out automatically (see Chapter 7.2.4.1.1). The default timeout is 15 minutes.

The remaining time until the user is automatically logged out can be displayed by moving the cursor over . By clicking the timeout can be reset.

_images/logout_web_interface.png — Fig. 8.24 Logging out of the web interface¶