7. Getting to Know the Web Interface

7.1. Concepts of the Web Interface

This chapter covers recurring concepts when using the web interface of the Greenbone Security Manager (GSM). This includes the dashboard, standard icons, filters and tags.

7.1.1. Dashboards

The GSM has four dashboards:

  • Main dashboard
  • Scan dashboard
  • Assets dashboard
  • SecInfo dashboard

The default dashboards can be modified by clicking edit. Dashboards can be added, removed and reset to their defaults.

_images/main-dashboard.png

Main dashboard

7.1.1.1. Main Dashboard

The main dashboard is reached by clicking Dashboard in the menu bar.

The main dashboard provides a quick presentation of the network state. All elements can be selected using the mouse and support a drill-down.

The main dashboard displays all tasks both by status and by severity at the top. At the bottom the host topology is shown and the CVEs and NVTs are rated by severity and creation time.

7.1.1.2. Scan dashboard

The scan dashboard is reached by clicking Scans > Dashboard in the menu bar.

The scan dashboard concentrates on the actual scan tasks. It shows the individual scanned hosts and the full reports by their severity class. Additionally, the scan dashboard includes the tasks shown by status and severity from the main dashboard.

7.1.1.3. Assets dashboard

The assets dashboard is reached by clicking Assets > Dashboard in the menu bar.

The assets dashboard includes the host topology from the main dashboard and additionally displays the most vulnerable hosts, the distribution of the found vulnerabilities compared to the discovered operating systems and the operating systems by severity class.

7.1.1.4. SecInfo dashboard

The SecInfo dashboard is reached by clicking SecInfo > Dashboard in the menu bar.

The SecInfo dashboards displays the NVTs, CVEs and CERT Bund advisories by their corresponding severity class. Additionally, it displays both CVEs and CERT Bund advisories by their creation time.

7.1.2. Charts

The charts in the dashboards can be customized. This allows displaying and formatting the data in different ways. The created graphs can be downloaded and included into other documents.

There are three different chart types:

_images/linechart.png

Line chart

_images/barchart.png

Bar chart

_images/donutchart.png

Donut chart

The content of a chart can be modified as follows:

  1. Click edit in the upper left corner of the dashboard.

  2. Choose the desired content in the drop-down-list at the bottom of the chart (see figure Selecting the content of a chart).

    or

  1. Click previous or next to select the previous/next item of the drop-down-list.

    → The content and, if necessary, the chart type change immediately.

    _images/modify1chart.png

    Selecting the content of a chart

A chart can be downloaded in various formats by clicking the context menu at the top left of the chart (see figure Downloading a chart).

_images/modifychart.png

Downloading a chart

7.1.3. Icons

The web interface uses recurring icons for identical actions. The function of the same icon may differ depending on the currently opened page.

  • help Display the context aware help.
  • list Display a full list of currently selected objects types.
  • new Create a new object. This can be a user, a target, a task, a permission or a filter.
  • trashcan Move an object to the trash can.
  • edit Edit an object.
  • new_note Add a note.
  • new_override Add an override.
  • clone Copy/Clone a resource.
  • download Export a resource as a GSM object.
  • refresh Refresh the page.
  • unfold Expand additional information.
  • fold Collapse additional information.
  • delete Delete an object irrevocably.
  • next Jump to the next object in a view.
  • previous Jump to the previous object in a view.
  • last Jump to the last object (page) in a view.
  • view_other Other users have the permission to access the object as well.

Other icons can only be accessed in a certain context.

  • start Start the currently not running task.
  • stop Stop the currently running task. All discovered results will be written to the database.
  • resume Resume the stopped task.
  • schedule Start a task by schedule.
  • alterable_task The task is alterable.
  • wizard Start the task wizard.
  • overrides_enabled Enable or disable overrides.
  • delta Select as the first report for delta report.
  • delta_double Select as the second report for delta report.
  • solution_type A fix for a vulnerability exists.
  • st_vendorfix A vendor patch is available.
  • st_workaround A workaround is available.
  • st_mitigation A mitigation by configuration is available.
  • st_willnotfix No fix is and will be available.
  • st_nonavailable No solution exists.
  • trend_more A scan configuration is adjusted with new NVTs automatically.
  • trend_nochange A scan configuration is not adjusted with new NVTs automatically.
  • first Reset to factory defaults.
  • indicator_operator_ok Save changes.
  • upload Upload/Import an external files.
  • rpm Download an RPM installation package.
  • deb Download a DEB installation package.
  • exe Download an EXE installation package.
  • key Download an SSH public key in ASCII format. This key corresponds to the keys used for RPM and DEB packages.
  • verify Verify the signature of an imported report format.
  • speechbubble Send feedback to the Greenbone Networks Customer Support.

7.1.4. Filtering the Page Content

Almost every page in the web interface offers the possibility to filter the displayed content.

7.1.4.1. Using the Filter Bar

_images/filterleiste.png

Filter bar at the top of the page

Various filter parameters are combined to form the Powerfilter.

The filter parameters can be entered in the input box in the filter bar (see figure Filter bar at the top of the page) using the specific notation of the filter (see Syntax of the Powerfilter) or be modified as follows:

  1. Click edit in the filter bar (see figure Filter bar at the top of the page).

    → A separate window with multiple filter parameters is opened.

    _images/filter-unfold.png

    Filter opened in a separate window

    Note

    The filter is context aware which means that the filter parameters depend on the currently opened page.

  2. Select and modify the filter parameters (see figure Filter opened in a separate window).

    Note

    The Powerfilter is not case-sensitive.

    Tip

    Keywords which should be searched for can be entered in the input box Filter.

  3. Click Update.

    → The filter parameters are applied.

A typical Powerfilter search could search for all CVEs vulnerabilities from 2012 within the 192.168.222.0/24 network:

_images/cve-network-search.png

Powerfilter searching for CVEs

Note

By clicking delete right of the input box in the filter bar, the current input is removed.

By clicking refresh right of the input box in the filter bar, the filter is updated with the current input.

7.1.4.2. Syntax of the Powerfilter

When applied, the filter parameters are shown below the input box in the filter bar (see figure Applied filter parameters).

_images/filter_parameter_applied.png

Applied filter parameters

The filter uses a specific syntax which has to be considered when entering the filter parameters directly in the input box in the filter bar.

In general the specification of the following parameters is always possible:

  • rows:

    Number of rows that are displayed per page. Per default the value is rows=10. Entering a value of -1 will display all results. Entering a value of -2 will use the value that was pre-set in My Settings under Rows Per Page (see Chapter Changing the User Settings).

  • first:

    Determination of the first item displayed. Example: If the filter returns 50 results, rows=10 first=11 displays the results 11 to 20.

  • sort:

    Determination of the column used for sorting the results. The results are sorted ascending. Example: sort=name sorts the results by name. After applying the filter, upper cases of the column names are changed to lower cases and spaces are changed to underscores. The sorting can also be done by clicking the title of the column. Typical column names are:

    • name
    • severity
    • host
    • location
    • qod (Quality of detection)
    • comment
    • modified
    • created
  • sort-reverse:

    Determination of the column used for sorting the results (see above). The results are sorted descending.

  • tag:

    Selection of results with a specific tag (see Tags). It can be filtered by a specific tag value (tag=”server:mail”) or only by the tag (tag=”server”). Regular expressions are also allowed.

    Note

    By filtering using tags custom categories can be created and used in the filters. This allows for versatile and granular filter functionality.

When specifying the components the following operators are used:

  • =
    equals e.g. rows=10
  • ~
    contains e.g. name~admin
  • <
    less than e.g. created<-1w → older than a week
  • >
    greater than e.g. created>-1w → younger than a week
  • :RegEx e.g. name:admin$

There are a couple of special features:

  • If no value follows =, all results without this filter parameter are displayed. This example shows all results without a comment:

    comment=
    
  • If a keyword should be found but it is not defined which column to scan, all columns will be scanned. This example searches whether at least one column contains the stated value:

    =192.168.15.5
    
  • The data is usually or-combined. This can be specified with the keyword or. To achieve an and-combination the keyword and needs to be specified:

    modified>2019-01-01 and name=services
    

    Using not will negate the filter.

7.1.4.2.1. Text Phrases

In general, text phrases that are being searched for can be specified.

The following examples show the differences:

overflow
Finds all results that contain the word overflow. This applies to Overflow as well as to Bufferoverflow. Also, 192.168.0.1 will find 192.168.0.1 as well as 192.168.0.100.
remote exploit
Finds all results containing remote or exploit. Of course, results that contain both words will be displayed as well.
remote and exploit
Both words must be found in a result in any column. The results do not have to be found in the same column.
"remote exploit"
The exact string is being searched for and not the individual words.
regexp 192\.168\.[0-9]+.1
The regex is being searched for.
7.1.4.2.2. Date Specifications

Date specifications in the Powerfilter can be absolute or relative.

Absolute date specification

An absolute date specification has the following format:

2014-05-26T13h50

When the time is left out, a time of 12:00 am will be assumed automatically. The date specification can be used in the search filter e.g. created>2014-05-26.

Relative date specification

Relative time specifications are always calculated in relation to the current time. Time specification in the past are defined with a preceding minus (-). Time specification without a preceding character are interpreted as being in the future. For time periods the following letters can be used:

  • s second
  • m minute
  • h hour
  • d day
  • w week
  • m month (30 days)
  • y year (365 days)

For example, entering created>-5d shows the results that were created within the past 5 days. A combination such as 5d1h is not permitted but has to be replaced with 121h.

To limit the time period, e.g. month for which information should be displayed, the following expression can be used:

modified>2019-01-01 and modified<2019-01-31

7.1.4.3. Examples for Powerfilters

Here are some examples for powerfilter:

  • 127.0.0.1 shows any item that has “127.0.0.1” anywhere in the text of any column.
  • 127.0.0.1 IANA shows any item that has “127.0.0.1” or “IANA” anywhere in the text of any column.
  • 127.0.0.1 and IANA shows any item that has “127.0.0.1” and “IANA” anywhere in the text of any column.
  • regexp 10.128.[0-9]+.[0-9]+ shows any item that has an IP style string starting with “10.128” anywhere in the text of any column.
  • name=Localhost shows any item with the exact name “Localhost”.
  • name~local shows any item with “local” anywhere in the name.
  • name:^Local shows any item with a name starting with “Local”.
  • port_list~TCP shows any item that has “TCP” anywhere in the port list name.
  • modified>2019-02-03 and modified<2019-02-05 shows any item that was modified between 2019-02-03 0:00 and 2019-02-05 0:00.
  • create>2019-02-03T13h00 shows any item that was created after 13:00 on 2019-02-03.
  • rows=20 first=1 sort=name shows the first twenty items sorted by the column Name.
  • create>-7d shows any item that was created within the past 7 days.
  • =127.0.0.1 shows any item that has “127.0.0.1” as the exact name in any column.
  • tag="geo:long=52.2788 shows any item that has a tag named “geo:long” with the value “52.2788”.
  • tag~geo shows any item that has a tag with a name containing “geo”.

7.1.4.4. Saving and Managing Powerfilters

Often used filters can be saved simplifying their re-use as follows:

  1. Enter the name of the filter in the right input box in the filter bar (see figure Saving a filter).

    _images/filter-save.png

    Saving a filter

  2. Click new.

    → The filter is saved and can be selected in the drop-down-list.

    Note

    If JavaScript is activated, the filter is applied immediately after being selected from the drop-down-list. Otherwise, click refresh to apply the selected filter.

Tip

If a specific filter should always be activated on a page, it can be set as default filter in the user settings (see also chapter Changing the User Settings).

All existing filters can be displayed by selecting Configuration > Filters in the menu bar (see figure Managing filters).

For all filters the following actions are available:

  • trashcan Delete the filter.

  • edit Edit the filter.

  • clone Clone the filter.

  • download Download the filter as an XML file.

    _images/filter-mgmt.png

    Managing filters

Note

By clicking trashcan or download below the list of filters more than one filter can be deleted or exported at a time. The drop-down-list is used to select which filters are deleted or exported.

Filters can also be created using the page Filters as follows:

  1. Select Configuration > Filters in the menu bar.

  2. Create a new filter by clicking new in the upper left corner.

  3. Define the name of the filter.

  4. Define the filter criteria in the input box Term (see Chapter Syntax of the Powerfilter).

  5. Select the resource type for which the filter should by applied in the drop-down-list Type (see figure Creating a new filter).

    _images/new_filter.png

    Creating a new filter

  6. Click Create.

    → The filter can be used for the resource type for which it was created.

7.1.5. Tags

Tags are information that can be linked to any resource. Tags are created directly with the resources and can only be linked to the resource type they are created for.

In this example a tag is created for a target:

  1. Create a target (see Creating a Target).

  2. Click on the created target on the page Targets.

  3. For User Tags click new.

  4. Define the tag (see figure Tag for the resource type Host).

  5. Click Create.

    → The tag is displayed on the page Tags (Configuration > Tags in the menu bar) and can be used to filter objects with help of the Powerfilter (see section Filtering the Page Content).

    _images/new-tag.png

    Tag for the resource type Host

Example: When filtering for tag=target:server the specific tag must be set. Otherwise, the desired result would not be found. With tag="target:server=mail" the exact tag with the respective value must be set (see figure Tag for the resource type Host).

7.2. List Pages and Details Pages

Basically, there are two different types of pages on the web interface:

List page

List pages give a tabular overview of all items of one kind, e.g. the list page Scan Configs shows all available scan configurations (see figure List page with tabular overview).

_images/list_page.png

List page with tabular overview

The list page provides information such as name, status, type or possible actions. The shown information in the table depend on the item type.

List pages are opened by selecting the desired page in the menu bar, e.g. selecting Configuration > Scan Configs in the menu bar opens the list page Scan Configs.

Details page

The details page of a specific item is opened by clicking on the name of the item in the column Name on the list page.

The details page provides further information and actions.

_images/details_page.png

Details page

For most items, tags (see Chapter Tags) and permissions (see Chapter Managing Permissions) can be added on the details page.

By clicking list in the upper left corner the list page of the corresponding item type is opened.

7.3. Using the Trashcan

The page Trashcan is opened by selecting Extras > Trashcan in the menubar. The page lists all resources that are currently in the trashcan, grouped by resource type.

The summary table Content shows all possible types with item counts. By clicking on a resource name the corresponding sections on the page is shown.

The trashcan can be emptied by clicking Empty Trashcan.

In the section of the respective resource type the single resources can be managed:

  • Clicking restore moves the resource out of the trashcan and back to its regular page. When the resource depends on another resource, it cannot be restored.
  • Clicking delete removes the resource entirely from the system. When another resource in the trashcan depends on the resource, it cannot be deleted.

7.4. Changing the User Settings

Every user of the GSM appliance can manage their own settings for the web interface. These settings can be accessed by either selecting Extras > My Settings in the menu bar or by clicking on the user name in the top right corner of the page.

_images/mysettings.png

Managing user settings

The settings can be modified by clicking edit.

Important settings are:

Timezone
The GSM saves all information in the UTC time zone internally. In order to display the data in the time zone of the user the respective selection is required.
Password
The user password can be changed here.
User Interface Language
The language can be defined here. The browser setting are used per default.
Rows Per Page
This defines the number of results in a list.
Wizard Rows
This defines up to how many tasks to display the task wizard. For example, if the value is set to 3 the wizard will not be displayed in the task overview as soon as a minimum of 4 tasks is available.
Details Export File Name

This defines the default name of the file for exported resource details. The format string can contain alphanumeric characters, hyphens, underscores and placeholders that will be replaced as follows:

  • %C: The creation date in the format YYYYMMDD. Changed to the current date if a creation date is not available.
  • %c: The creation time in the format HHMMSS. Changed to the current time if a creation time is not available.
  • %D: The current date in the format YYYYMMDD.
  • %F: The name of the format plug-in used (XML for lists and types other than reports).
  • %M: The modification date in the format YYYYMMDD. Changed to the creation date or to the current date if a modification date is not available.
  • %m: The modification time in the format HHMMSS. Changed to the creation time or to the current time if a modification time is not available.
  • %N: The name for the resource or the associated task for reports. Lists and types without a name will use the type (see %T).
  • %T: The resource type, e.g. “task”, “port_list”. Pluralized for list pages.
  • %t: The current time in the format HHMMSS.
  • %U: The unique ID of the resource or “list” for lists of multiple resources.
  • %u: The name for the currently logged in user.
  • %%: The percent sign (%).
List Export File Name
This defines the default name of the file for exported resource lists (see above).
Report Export File Name
This defines the default name of the file for exported reports (see above).
Severity Class

This defines the classification of the vulnerability with respect to the score.

  • NVD Vulnerability Severity Ratings
    • 7.0 - 10.0: High
    • 4.0 - 6.9: Medium
    • 0.0 - 3.9: Low
  • BSI Vulnerability Traffic Light
    • 7.0 - 10.0: Red
    • 4.0 - 6.9: Yellow
    • 0.0 - 3.9: Green
  • OpenVAS classic
    • 5.1 - 10.0: High
    • 2.1 - 5.0: Medium
    • 0.0 - 2.0: Low
  • PCI-DSS
    • 4.3 - 10.0: High
    • 0.0 - 4.2: None
Filter
Specific default filters for each page can be specified here. The filters are then activated automatically when the page is loaded.

7.5. Setting the Auto-Refresh

When an auto-refresh is set, the page refreshs automatically after the selected time interval.

The following time intervals are possible:

  • Every 30 seconds
  • Every 60 seconds
  • Every 2 minutes
  • Every 5 minutes

The auto-refresh can be set by selecting the desired time interval in the drop-down-list at the top of the page (see figure Setting the auto-refresh).

_images/auto-refresh.png

Setting the auto-refresh

7.6. Displaying the Feed Status

The synchronization status of all SecInfos can be displayed by selecting Extras > Feed Status in the menu bar.

The following information is displayed (see figure Displaying the feed status):

  • Type: feed type (NVT, SCAP or CERT)

  • Content: type of information provided by the feed

  • Origin: name of the feed service that is used to synchronize the SecInfos

    Note

    Move the mouse over an item in this column to display information about the feed service.

  • Version: version number of the feed data

  • Status: status information of the feed, e.g. time since the last update

_images/feed_status.png

Displaying the feed status