8. Getting to Know the Web Interface

8.1. Logging into the Web Interface

The main interface of the GSM is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as follows:

  1. Open the web browser.

  2. Enter the IP address of the web interface of the GSM.

    Tip

    The IP address of the GSM is displayed on the login prompt of the console or in the GOS administration menu after selecting About and pressing Enter.

  3. Log in using the web administrator created during the setup (see Chapter 5).

8.2. Dashboards and Dashboard Displays

Many pages of the web interface show dashboard displays on the top of the page depending on the page content.

There are two types of dashboard displays: charts and tables.

For each page there is a default setting of displays. The default setting can be restored by clicking reset on the right side above the displays.

8.2.1. Adding and Deleting Dashboard Displays

A new display can be added as follows:

  1. Click new on the right side above the displays.

  2. Select the desired display in the drop-down-list (see Fig. 8.1).

    Tip

    The input box above the selectable options can be used to filter the options.

    _images/dashboard_add_display.png

    Fig. 8.1 Adding a display

  3. Click Add.

A display can be deleted by clicking delete_display in the upper right corner of the display (see Fig. 8.2).

_images/delete_display.png

Fig. 8.2 Deleting a display

8.2.2. Editing a Dashboard Display

Depending on the display there are several options which can be selected by moving the mouse to the right edge of a display (see Fig. 8.3):

  • filter Apply a filter to the display. The filter has to be configured for the resource type shown in the display.
  • download_svg Download the chart as an SVG file (only for charts).
  • download_csv Download the table as a CSV file (only for tables).
  • legend Hide or show a legend (only for charts).
  • toggle3d Switch between 2D and 3D presentation (only for charts).
_images/dashboard_further_options.png

Fig. 8.3 Choosing further options for a display

8.2.3. Organizing Displays in Dashboards

Dashboard displays can be summarized to dashboards. They can be individual compilations of displays but there are predefined dashboards which can be chosen as well.

There can be up to 10 dashboards.

By default, there is only the overview dashboard giving a short overview of tasks, CVEs and NVTs (see Fig. 8.4).

_images/main_dashboard.png

Fig. 8.4 Overview dashboard

The dashboards are displayed by selecting Dashboards in the menu bar.

8.2.3.1. Adding a New Dashboard

A new dashboard can be created as follows:

  1. Click new in the register bar above the dashboard (see Fig. 8.5).

    _images/dashboard_new.png

    Fig. 8.5 Adding a new dashboard

  2. Enter the name of the dashboard in the input box Dashboard Title.

  3. Select the displays that should be shown by default in the drop-down-list Initial Displays (see Fig. 8.6).

    The following default settings for the shown displays are possible:

    • Default: the dashboard contains the same displays as the overview dashboard.
    • Scan Displays: the dashboard contains displays concerning tasks, results and reports.
    • Asset Displays: the dashboard contains displays concerning hosts and operating systems.
    • SecInfo Displays: the dashboard contains displays concerning NVTs, CVEs, and CERT-Bund Advisories.
    • Empty: the dashboard contains no displays.

    Additionally, already existing dashboards can be chosen.

    Tip

    The displays can later be edited as well (see Chapters 8.2.1 and 8.2.2).

    _images/dashboard_new_2.png

    Fig. 8.6 Adding a new dashboard

  4. Click Add.

    → The dashboard is added and shown in the register bar (see Fig. 8.7).

    _images/dashboard_register_bar.png

    Fig. 8.7 Registers of available dashboards

8.2.3.2. Editing a Dashboard

Displays can be added to or deleted from a dashboard as described in Chapter 8.2.1.

The displays in a dashboard can be edited as described in Chapter 8.2.2.

A dashboard can be renamed as follows:

  1. Click edit in the register of the dashboard in the register bar (see Fig. 8.8).

    _images/dashboard_rename.png

    Fig. 8.8 Renaming a dashboard

  2. Change the name in the input box Dashboard Title.

  3. Click Save.

8.2.3.3. Deleting a Dashboard

A dashboard can be deleted by clicking delete in the register of the dashboard in the register bar (see Fig. 8.9).

_images/dashboard_delete.png

Fig. 8.9 Deleting a dashboard

8.3. List Pages and Details Pages

Basically, there are two different types of pages on the web interface:

List page

List pages give a tabular overview of all items of one kind, e.g. the list page Scan Configs shows all available scan configurations (see Fig. 8.10).

_images/list_page.png

Fig. 8.10 List page with tabular overview

The list page provides information such as name, status, type or possible actions. The shown information in the table depend on the item type.

List pages are opened by selecting the desired page in the menu bar, e.g. selecting Configuration > Scan Configs in the menu bar opens the list page Scan Configs.

Details page

The details page of a specific item is opened by clicking on the name of the item in the column Name on the list page and clicking details.

The details page provides further information and actions (see Fig. 8.11).

_images/details_page.png

Fig. 8.11 Details page

For most items, user tags (see Chapter 8.5) and permissions (see Chapter 9.4) can be added on the details page.

By clicking help in the upper left corner the corresponding chapter of the user manual is opened.

By clicking list in the upper left corner the list page of the corresponding item type is opened.

8.4. Filtering the Page Content

Almost every page in the web interface offers the possibility to filter the displayed content.

8.4.1. Adjusting the Filter Parameters

_images/filterbar.png

Fig. 8.12 Filter bar at the top of the page

Multiple filter parameters are combined to form the Powerfilter.

Note

The filter is context aware which means that the filter parameters depend on the currently opened page.

The filter parameters can be entered in the input box in the filter bar (see Fig. 8.12) using the specific syntax of the filter (see Chapter 8.4.2) or be modified as follows:

  1. Click edit in the filter bar (see Fig. 8.12).

  2. Select and modify the filter parameters (see Fig. 8.13).

    Keywords which should be searched for can be entered in the input box Filter.

    Note

    The Powerfilter is not case-sensitive.

    _images/filter_edit.png

    Fig. 8.13 Adjusting the filter

  3. Activate the checkbox Store filter as if the filter should be stored for reuse.

  4. Enter the name for the filter in the input box Store filter as.

  5. Click Update.

    → The filter parameters are applied.

Next to the input box in the filter bar the following actions are available:

  • delete Remove the currently applied filter.
  • refresh Update the filter with the current input.
  • reset Reset the filter parameters to the default settings.
  • A saved Powerfilter can be applied by selecting it in the drop-down-list (see Fig. 8.14).
_images/filter_select.png

Fig. 8.14 Selecting a saved Powerfilter

Note

If JavaScript is activated, the Powerfilter is applied immediately after being selected from the drop-down-list. Otherwise, click refresh to apply the selected filter.

Tip

If a specific filter should always be activated on a page, it can be set as the default filter in the user settings (see Chapter 8.7).

Powerfilters can also be created using the page Filters as follows:

  1. Select Configuration > Filters in the menu bar.

  2. Create a new filter by clicking new.

  3. Define the name of the filter.

  4. Define the filter criteria in the input box Term (see Chapter 8.4.2).

  5. Select the resource type for which the filter should by applied in the drop-down-list Type (see Fig. 8.15).

    _images/filter_new.png

    Fig. 8.15 Creating a new filter

  6. Click Save.

    → The filter can be used for the resource type for which it was created.

8.4.2. Syntax of the Powerfilter

When applied, the filter parameters are shown in the lower left corner of the page (see Fig. 8.16).

_images/filter_syntax.png

Fig. 8.16 Applied filter parameters

The filter uses a specific syntax which has to be considered when entering the filter parameters directly in the input box in the filter bar.

In general the specification of the following parameters is always possible:

  • rows:

    Number of rows that are displayed per page. Per default the value is rows=10. Entering a value of -1 will display all results. Entering a value of -2 will use the value that was pre-set in My Settings under Rows Per Page (see Chapter 8.7).

  • first:

    Determination of the first item displayed. Example: If the filter returns 50 results, rows=10 first=11 displays the results 11 to 20.

  • sort:

    Determination of the column used for sorting the results. The results are sorted ascending. Example: sort=name sorts the results by name. After applying the filter, upper cases of the column names are changed to lower cases and spaces are changed to underscores. The sorting can also be done by clicking the title of the column. Typical column names are:

    • name
    • severity
    • host
    • location
    • qod (Quality of detection)
    • comment
    • modified
    • created
  • sort-reverse:

    Determination of the column used for sorting the results (see above). The results are sorted descending.

  • tag:

    Selection of results with a specific tag (see Chapter 8.5). It can be filtered by a specific tag value (tag=”server:mail”) or only by the tag (tag=”server”). Regular expressions are also allowed.

    Note

    By filtering using tags custom categories can be created and used in the filters. This allows for versatile and granular filter functionality.

When specifying the components the following operators are used:

  • =
    equals e.g. rows=10
  • ~
    contains e.g. name~admin
  • <
    less than e.g. created<-1w → older than a week
  • >
    greater than e.g. created>-1w → younger than a week
  • :RegEx e.g. name:admin$

There are a couple of special features:

  • If no value follows =, all results without this filter parameter are displayed. This example shows all results without a comment:

    comment=
    
  • If a keyword should be found but it is not defined which column to scan, all columns will be scanned. This example searches whether at least one column contains the stated value:

    =192.168.15.5
    
  • The data is usually or-combined. This can be specified with the keyword or. To achieve an and-combination the keyword and needs to be specified:

    modified>2019-01-01 and name=services
    

    Using not will negate the filter.

8.4.2.1. Text Phrases

In general, text phrases that are being searched for can be specified.

The following examples show the differences:

overflow
Finds all results that contain the word overflow. This applies to Overflow as well as to Bufferoverflow. Also, 192.168.0.1 will find 192.168.0.1 as well as 192.168.0.100.
remote exploit
Finds all results containing remote or exploit. Of course, results that contain both words will be displayed as well.
remote and exploit
Both words must be found in a result in any column. The results do not have to be found in the same column.
"remote exploit"
The exact string is being searched for and not the individual words.
regexp 192\.168\.[0-9]+.1
The regex is being searched for.

8.4.2.2. Date Specifications

Date specifications in the Powerfilter can be absolute or relative.

Absolute date specification

An absolute date specification has the following format:

2014-05-26T13h50

When the time is left out, a time of 12:00 am will be assumed automatically. The date specification can be used in the search filter e.g. created>2014-05-26.

Relative date specification

Relative time specifications are always calculated in relation to the current time. Time specification in the past are defined with a preceding minus (-). Time specification without a preceding character are interpreted as being in the future. For time periods the following letters can be used:

  • s second
  • m minute
  • h hour
  • d day
  • w week
  • m month (30 days)
  • y year (365 days)

For example, entering created>-5d shows the results that were created within the past 5 days. A combination such as 5d1h is not permitted but has to be replaced with 121h.

To limit the time period, e.g. month for which information should be displayed, the following expression can be used:

modified>2019-01-01 and modified<2019-01-31

8.4.3. Examples for Powerfilters

Here are some examples for powerfilter:

  • 127.0.0.1 shows any item that has “127.0.0.1” anywhere in the text of any column.
  • 127.0.0.1 IANA shows any item that has “127.0.0.1” or “IANA” anywhere in the text of any column.
  • 127.0.0.1 and IANA shows any item that has “127.0.0.1” and “IANA” anywhere in the text of any column.
  • regexp 10.128.[0-9]+.[0-9]+ shows any item that has an IP style string starting with “10.128” anywhere in the text of any column.
  • name=Localhost shows any item with the exact name “Localhost”.
  • name~local shows any item with “local” anywhere in the name.
  • name:^Local shows any item with a name starting with “Local”.
  • port_list~TCP shows any item that has “TCP” anywhere in the port list name.
  • modified>2019-02-03 and modified<2019-02-05 shows any item that was modified between 2019-02-03 0:00 and 2019-02-05 0:00.
  • create>2019-02-03T13h00 shows any item that was created after 13:00 on 2019-02-03.
  • rows=20 first=1 sort=name shows the first twenty items sorted by the column Name.
  • create>-7d shows any item that was created within the past 7 days.
  • =127.0.0.1 shows any item that has “127.0.0.1” as the exact name in any column.
  • tag="geo:long=52.2788 shows any item that has a tag named “geo:long” with the value “52.2788”.
  • tag~geo shows any item that has a tag with a name containing “geo”.

8.4.4. Managing Powerfilters

List Page

All existing Powerfilters can be displayed by selecting Configuration > Filters in the menu bar (see Fig. 8.17).

For all Powerfilters the following information is displayed:

Name
Name of the filter.
Term
Filter terms that form the Powerfilter (see Chapter 8.4.2).
Type
Resource type for which the Powerfilter can be applied.

For all Powerfilters the following actions are available:

  • trashcan Delete the Powerfilter.

  • edit Edit the Powerfilter.

  • clone Clone the Powerfilter.

  • export Export the Powerfilter as an XML file.

    _images/filter_managing.png

    Fig. 8.17 Managing Powerfilter

Note

By clicking trashcan or export below the list of filters more than one filter can be deleted or exported at a time. The drop-down-list is used to select which filters are deleted or exported.

Details Page

Click on the name of a filter to display the details of the filter. Click details to open the details page of the filter.

The following registers are available:

Information
General Information about the Powerfilter.
User Tags
Assigned tag (see Chapter 8.5).
Permissions
Assigned permissions (see Chapter 9.4).

The following actions are available in the upper left corner:

  • help Open the corresponding chapter of the user manual.
  • list Show the list page of all Powerfilters.
  • new Create a new Powerfilter.
  • clone Clone the Powerfilter.
  • edit Edit the Powerfilter.
  • trashcan Delete the Powerfilter.
  • export Export the Powerfilter as an XML file.

8.5. Using Tags

Tags are information that can be linked to any resource. Tags are created directly with the resources and can only be linked to the resource type they are created for.

Tags can be used to filter objects (see Chapter 8.4).

Example: When filtering for tag=target:server the specific tag must be set. Otherwise, the desired result would not be found. With tag="target:server=mail" the exact tag with the respective value must be set (see Fig. 8.18).

8.5.1. Linking a Tag to a Single Object

A tag for a single object can be created as follows:

  1. Open the details page of the object (see Chapter 8.3).

  2. Click on the register User Tags.

  3. Click edit in the opened section User Tags.

  4. Define the tag (see Fig. 8.18).

  5. Click Save.

    _images/tag_new.png

    Fig. 8.18 Tag for the resource type Target

8.5.2. Linking a Tag to Multiple Objects

A tag can be added to multiple objects of the same type (e.g. tasks, targets, scanners) as follows:

  1. Open the list page of an object type.

  2. Filter the list so that only the objects that should have the tag are displayed.

  3. In the drop-down-list below the list of objects select to which objects the tag should be added (see Fig. 8.19).

    Note

    Apply to page contents links the tag to all objects which are visible on the current page.

    Apply to all filtered links the tag to all objects which are affected by the filter even if they are not visible on the current page.

    _images/tag_multiple_objects_2.png

    Fig. 8.19 Selecting the objects

    or

  1. In the drop-down-list below the list of objects select Apply to selection.

  2. Activate the checkboxes of the objects that should have the tag in the column Actions.

  3. Click tags below the list of objects.

  4. Select the tag in the drop-down-list Choose Tag (see Fig. 8.20).

    Note

    Only tags which are created for the chosen object type can be selected.

    Additionally, a new tag can be created by clicking new.

    _images/tag_multiple_objects.png

    Fig. 8.20 Selecting a tag for multiple objects

  5. Click Add Tag.

8.5.3. Managing Tags

List Page

All existing tags can be displayed by selecting Configuration > Tags in the menu bar.

For all tags the following actions are available:

  • disable Disable the tag if it is enabled.
  • enable Enable the tag if it is disabled.
  • trashcan Delete the tag.
  • edit Edit the tag.
  • clone Clone the tag.
  • export Export the tag as an XML file.

Note

By clicking trashcan or export below the list of tags more than one tag can be deleted or exported at a time. The drop-down-list is used to select which tags are deleted or exported.

Details Page

Click on the name of a tag to display the details of the tag. Click details to open the details page of the tag.

The following registers are available:

Information
General information about the tag.
Assigned Items
Resources to which the tag is assigned. The resources are only displayed if the tag is enabled.
Permissions
Assigned permissions (see Chapter 9.4).

The following actions are available in the upper left corner:

  • help Open the corresponding chapter of the user manual.
  • list Show the list page of all tags.
  • new Create a new tag.
  • clone Clone the tag.
  • edit Edit the tag.
  • trashcan Delete the tag.
  • export Export the tag as an XML file.
  • disable Disable the tag if it is enabled.
  • enable Enable the tag if it is disabled.

8.6. Using the Trashcan

The page Trashcan is opened by selecting Extras > Trashcan in the menubar. The page lists all resources that are currently in the trashcan, grouped by resource type.

The summary table Content shows all possible types of deleted objects with item counts. By clicking on a resource name the corresponding section is shown (see Fig. 8.21).

The trashcan can be emptied by clicking Empty Trash.

_images/trashcan_overview.png

Fig. 8.21 Contents of the trashcan

In the section of the respective object type the single objects can be managed (see Fig. 8.22):

  • Clicking restore moves the object out of the trashcan and back to its regular page. The object cannot be restored if it depends on another object in the trashcan.
  • Clicking delete removes the object entirely from the system. The object cannot be deleted if another object in the trashcan depends on it.
_images/trashcan_detail.png

Fig. 8.22 Restoring or deleting a trashcan object

8.7. Changing the User Settings

Every user of the GSM appliance can manage their own settings for the web interface. These settings can be accessed by either selecting Extras > My Settings in the menu bar or by clicking on the user name in the top right corner of the page.

The settings can be modified by clicking edit.

_images/user_settings_2.png

Fig. 8.23 Managing user settings

Important settings are:

Timezone
The GSM saves all information in the UTC time zone internally. In order to display the data in the time zone of the user the respective selection is required.
Password
The user password can be changed here.
User Interface Language
The language can be defined here. The browser setting are used per default.
Rows Per Page
This defines the number of results in a list.
Wizard Rows
This defines up to how many tasks to display the task wizard. For example, if the value is set to 3 the wizard will not be displayed in the task overview as soon as a minimum of 4 tasks is available.
Details Export File Name

This defines the default name of the file for exported resource details. The format string can contain alphanumeric characters, hyphens, underscores and placeholders that will be replaced as follows:

  • %C: The creation date in the format YYYYMMDD. Changed to the current date if a creation date is not available.
  • %c: The creation time in the format HHMMSS. Changed to the current time if a creation time is not available.
  • %D: The current date in the format YYYYMMDD.
  • %F: The name of the format plug-in used (XML for lists and types other than reports).
  • %M: The modification date in the format YYYYMMDD. Changed to the creation date or to the current date if a modification date is not available.
  • %m: The modification time in the format HHMMSS. Changed to the creation time or to the current time if a modification time is not available.
  • %N: The name for the resource or the associated task for reports. Lists and types without a name will use the type (see %T).
  • %T: The resource type, e.g. “task”, “port_list”. Pluralized for list pages.
  • %t: The current time in the format HHMMSS.
  • %U: The unique ID of the resource or “list” for lists of multiple resources.
  • %u: The name for the currently logged in user.
  • %%: The percent sign (%).
List Export File Name
This defines the default name of the file for exported resource lists (see above).
Report Export File Name
This defines the default name of the file for exported reports (see above).
Severity Class

This defines the classification of the vulnerability with respect to the score.

  • NVD Vulnerability Severity Ratings
    • 7.0 – 10.0: High
    • 4.0 – 6.9: Medium
    • 0.0 – 3.9: Low
  • BSI Vulnerability Traffic Light
    • 7.0 – 10.0: Red
    • 4.0 – 6.9: Yellow
    • 0.0 – 3.9: Green
  • PCI-DSS
    • 4.3 – 10.0: High
    • 0.0 – 4.2: None
Filter
Specific default filters for each page can be specified here. The filters are then activated automatically when the page is loaded.

8.8. Displaying the Feed Status

The synchronization status of all SecInfo can be displayed by selecting Extras > Feed Status in the menu bar.

The following information is displayed (see Fig. 8.24):

Type
Feed type (NVT, SCAP or CERT)
Content
Type of information provided by the feed.
Origin
Name of the feed service that is used to synchronize the SecInfo.
Version
Version number of the feed data.
Status
Status information of the feed, e.g. time since the last update.
_images/feed_status.png

Fig. 8.24 Displaying the feed status