8. Getting to Know the Web Interface

8.1. Logging into the Web Interface

The main interface of the GSM is the web interface, also called Greenbone Security Assistant (GSA). The web interface can be accessed as follows:

  1. Open the web browser.

  2. Enter the IP address of the web interface of the GSM.

    Tip

    The IP address of the GSM is displayed on the login prompt of the console or in the GOS administration menu after selecting About and pressing Enter.

  3. Log in using the web administrator created during the setup (see Chapter 5).

8.2. Dashboards and Dashboard Displays

Many pages of the web interface show dashboard displays on the top of the page depending on the page content.

There are two types of dashboard displays: charts and tables.

For each page there is a default setting of displays. The default setting can be restored by clicking reset on the right side above the displays.

8.2.1. Adding and Deleting Dashboard Displays

A new display can be added as follows:

  1. Click new on the right side above the displays.

  2. Select the desired display in the drop-down-list (see Fig. 8.1).

    Tip

    The input box above the selectable options can be used to filter the options.

    _images/dashboard_add_display.png

    Fig. 8.1 Adding a display

  3. Click Add.

A display can be deleted by clicking delete_display in the upper right corner of the display (see Fig. 8.2).

_images/delete_display.png

Fig. 8.2 Deleting a display

8.2.2. Editing a Dashboard Display

Depending on the display there are several options which can be selected by moving the mouse to the right edge of a display (see Fig. 8.3):

  • filter Apply a filter to the display. The filter has to be configured for the object type shown in the display.
  • download_svg Download the chart as an SVG file (only for charts).
  • download_csv Download the table as a CSV file (only for tables).
  • legend Hide or show a legend (only for charts).
  • toggle3d Switch between 2D and 3D presentation (only for charts).
_images/dashboard_further_options.png

Fig. 8.3 Choosing further options for a display

8.2.3. Organizing Displays in Dashboards

Dashboard displays can be summarized to dashboards. They can be individual compilations of displays but there are predefined dashboards which can be chosen as well.

There can be up to 10 dashboards.

By default, there is only the overview dashboard giving a short overview of tasks, CVEs and NVTs (see Fig. 8.4).

_images/main_dashboard.png

Fig. 8.4 Overview dashboard

The dashboards are displayed by selecting Dashboards in the menu bar.

8.2.3.1. Adding a New Dashboard

A new dashboard can be created as follows:

  1. Click new in the register bar above the dashboard (see Fig. 8.5).

    _images/dashboard_new.png

    Fig. 8.5 Adding a new dashboard

  2. Enter the name of the dashboard in the input box Dashboard Title.

  3. Select the displays that should be shown by default in the drop-down-list Initial Displays (see Fig. 8.6).

    The following default settings for the shown displays are possible:

    • Default: the dashboard contains the same displays as the overview dashboard.
    • Scan Displays: the dashboard contains displays concerning tasks, results and reports.
    • Asset Displays: the dashboard contains displays concerning hosts and operating systems.
    • SecInfo Displays: the dashboard contains displays concerning NVTs, CVEs, and CERT-Bund Advisories.
    • Empty: the dashboard contains no displays.

    Additionally, already existing dashboards can be chosen.

    Tip

    The displays can later be edited as well (see Chapters 8.2.1 and 8.2.2).

    _images/dashboard_new_2.png

    Fig. 8.6 Adding a new dashboard

  4. Click Add.

    → The dashboard is added and shown in the register bar (see Fig. 8.7).

    _images/dashboard_register_bar.png

    Fig. 8.7 Registers of available dashboards

8.2.3.2. Editing a Dashboard

Displays can be added to or deleted from a dashboard as described in Chapter 8.2.1.

The displays in a dashboard can be edited as described in Chapter 8.2.2.

A dashboard can be renamed as follows:

  1. Click edit in the register of the dashboard in the register bar (see Fig. 8.8).

    _images/dashboard_rename.png

    Fig. 8.8 Renaming a dashboard

  2. Change the name in the input box Dashboard Title.

  3. Click Save.

8.2.3.3. Deleting a Dashboard

A dashboard can be deleted by clicking delete in the register of the dashboard in the register bar (see Fig. 8.9).

_images/dashboard_delete.png

Fig. 8.9 Deleting a dashboard

8.3. List Pages and Details Pages

Basically, there are two different types of pages on the web interface:

List page

List pages give a tabular overview of all objects of one kind, e.g. the list page Scan Configs shows all available scan configurations (see Fig. 8.10).

_images/list_page.png

Fig. 8.10 List page with tabular overview

The list page provides information such as name, status, type or possible actions. The shown information in the table depend on the object type.

The list content can be sorted by a chosen column by clicking on the column title. The content can be sorted ascending or descending:

  • sort_ascending in the column title shows that the objects are sorted ascending.
  • sort_descending in the column title shows that the objects are sorted descending.

List pages are opened by selecting the desired page in the menu bar, e.g. selecting Configuration > Scan Configs in the menu bar opens the list page Scan Configs.

Details page

The details page of a specific object is opened by clicking on the name of the object in the column Name on the list page and clicking details.

The details page provides further information and actions (see Fig. 8.11).

_images/details_page.png

Fig. 8.11 Details page

For most objects, user tags (see Chapter 8.5) and permissions (see Chapter 9.4) can be added on the details page.

By clicking help in the upper left corner the corresponding chapter of the user manual is opened.

By clicking list in the upper left corner the list page of the corresponding object type is opened.

8.4. Filtering the Page Content

Almost every page in the web interface offers the possibility to filter the displayed content.

8.4.1. Adjusting the Filter Parameters

_images/filterbar.png

Fig. 8.12 Filter bar at the top of the page

Multiple filter parameters are combined to form the Powerfilter.

Note

The filter is context aware which means that the filter parameters depend on the currently opened page.

The filter parameters can be entered in the input box in the filter bar (see Fig. 8.12) using the specific syntax of the filter (see Chapter 8.4.2) or be modified as follows:

  1. Click edit in the filter bar (see Fig. 8.12).

  2. Select and modify the filter parameters (see Fig. 8.13).

    Keywords which should be searched for can be entered in the input box Filter.

    Note

    The Powerfilter is not case-sensitive.

    _images/filter_edit.png

    Fig. 8.13 Adjusting the filter

  3. Activate the checkbox Store filter as if the filter should be stored for reuse.

  4. Enter the name for the filter in the input box Store filter as.

  5. Click Update.

    → The filter parameters are applied.

Next to the input box in the filter bar the following actions are available:

  • delete Remove the currently applied filter.
  • refresh Update the filter with the current input.
  • reset Reset the filter parameters to the default settings.
  • A saved Powerfilter can be applied by selecting it in the drop-down-list (see Fig. 8.14).
_images/filter_select.png

Fig. 8.14 Selecting a saved Powerfilter

Note

If JavaScript is activated, the Powerfilter is applied immediately after being selected from the drop-down-list. Otherwise, click refresh to apply the selected filter.

Tip

If a specific filter should always be activated on a page, it can be set as the default filter in the user settings (see Chapter 8.7).

Powerfilters can also be created using the page Filters as follows:

  1. Select Configuration > Filters in the menu bar.

  2. Create a new filter by clicking new.

  3. Define the name of the filter.

  4. Define the filter criteria in the input box Term (see Chapter 8.4.2).

  5. Select the object type for which the filter should by applied in the drop-down-list Type (see Fig. 8.15).

    _images/filter_new.png

    Fig. 8.15 Creating a new filter

  6. Click Save.

    → The filter can be used for the object type for which it was created.

8.4.2. Syntax of the Powerfilter

When applied, the filter parameters are shown in the lower left corner of the page (see Fig. 8.16).

_images/filter_syntax.png

Fig. 8.16 Applied filter parameters

The filter uses a specific syntax which has to be considered when entering the filter parameters directly in the input box in the filter bar.

In general the specification of the following parameters is always possible:

  • rows:

    Number of rows that are displayed per page. Per default the value is rows=10. Entering a value of -1 will display all results. Entering a value of -2 will use the value that was pre-set in My Settings under Rows Per Page (see Chapter 8.7).

  • first:

    Determination of the first object displayed. Example: if the filter returns 50 results, rows=10 first=11 displays the results 11 to 20.

  • sort:

    Determination of the column used for sorting the results. The results are sorted ascending. Example: sort=name sorts the results by name. The sorting can also be done by clicking the title of the column. After applying the filter, upper cases of the column names are changed to lower cases and spaces are changed to underscores. Typical column names are:

    • name
    • severity
    • host
    • location
    • qod (Quality of detection)
    • comment
    • modified
    • created

    Note

    sort is not applicable for report details pages (see Chapter 11.2.1).

  • sort-reverse:

    Determination of the column used for sorting the results (see above). The results are sorted descending.

    Note

    sort-reverse is not applicable for report details pages (see Chapter 11.2.1).

  • tag:

    Selection of results with a specific tag (see Chapter 8.5). It can be filtered by a specific tag value (tag=”server:mail”) or only by the tag (tag=”server”). Regular expressions are also allowed.

    Note

    By filtering using tags custom categories can be created and used in the filters. This allows for versatile and granular filter functionality.

When specifying the components the following operators are used:

  • =
    equals e.g. rows=10
  • ~
    contains e.g. name~admin
  • <
    less than e.g. created<-1w → older than a week
  • >
    greater than e.g. created>-1w → younger than a week
  • regexp
    regular expression e.g. regexp 192.168.[0-9]+.[0-9]

There are a couple of special features:

  • If no value follows =, all results without this filter parameter are displayed. This example shows all results without a comment:

    comment=
    
  • If a keyword should be found but it is not defined which column to scan, all columns will be scanned. This example searches whether at least one column contains the stated value:

    =192.168.15.5
    
  • The data is usually or-combined. This can be specified with the keyword or. To achieve an and-combination the keyword and needs to be specified:

    modified>2019-01-01 and name=services
    
  • Using not negates the filter. This example shows all results that do not contain “192.168.81.129”:

    not ~192.168.81.129
    

8.4.2.1. Text Phrases

In general, text phrases that are being searched for can be specified.

The following examples show the differences:

overflow
Finds all results that contain the word overflow. This applies to Overflow as well as to Bufferoverflow. Also, 192.168.0.1 will find 192.168.0.1 as well as 192.168.0.100.
remote exploit
Finds all results containing remote or exploit. Of course, results that contain both words will be displayed as well.
remote and exploit
Finds all results containing both remote and exploit. The results do not have to be found in the same column.
"remote exploit"
The exact string is being searched for and not the individual words.
regexp 192.168.[0-9]+.[0-9]
The regular expression is being searched for.

8.4.2.2. Time Specifications

Time specifications in the Powerfilter can be absolute or relative.

Absolute time specification

An absolute time specification has the following format:

2014-05-26T13h50

If the time is left out, a time of 12:00 am will be assumed automatically. The time specification can be used in the search filter e.g. created>2014-05-26.

Relative time specification

Relative time specifications are always calculated in relation to the current time. Time specification in the past are defined with a preceding minus (-). Time specification without a preceding character are interpreted as being in the future. For time periods the following letters can be used:

  • s second
  • m minute
  • h hour
  • d day
  • w week
  • m month (30 days)
  • y year (365 days)

For example, entering created>-5d shows the results that were created within the past 5 days. A combination such as 5d1h is not permitted but has to be replaced with 121h.

To limit the time period, e.g. month for which information should be displayed, the following expression can be used:

modified>2019-01-01 and modified<2019-01-31

8.4.3. Examples for Powerfilters

Here are some examples for powerfilter:

  • 127.0.0.1 shows any object that has “127.0.0.1” anywhere in the text of any column.
  • 127.0.0.1 IANA shows any object that has “127.0.0.1” or “IANA” anywhere in the text of any column.
  • 127.0.0.1 and IANA shows any object that has “127.0.0.1” and “IANA” anywhere in the text of any column.
  • regexp 192.168.[0-9]+.[0-9] shows any object that has an IP style string starting with “192.168” anywhere in the text of any column.
  • name=Localhost shows any object with the exact name “Localhost”.
  • name~local shows any object with “local” anywhere in the name.
  • name:^Local shows any object with a name starting with “Local”.
  • port_list~TCP shows any object that has “TCP” anywhere in the port list name.
  • modified>2019-02-03 and modified<2019-02-05 shows any object that was modified between 2019-02-03 0:00 and 2019-02-05 0:00.
  • create>2019-02-03T13h00 shows any object that was created after 13:00 on 2019-02-03.
  • rows=20 first=1 sort=name shows the first twenty objects sorted by the column Name.
  • create>-7d shows any object that was created within the past 7 days.
  • =127.0.0.1 shows any object that has “127.0.0.1” as the exact name in any column.
  • tag="geo:long=52.2788 shows any object that has a tag named “geo:long” with the value “52.2788”.
  • tag~geo shows any object that has a tag with a name containing “geo”.

8.4.4. Managing Powerfilters

List Page

All existing Powerfilters can be displayed by selecting Configuration > Filters in the menu bar (see Fig. 8.17).

For all Powerfilters the following information is displayed:

Name
Name of the filter.
Term
Filter terms that form the Powerfilter (see Chapter 8.4.2).
Type
Object type for which the Powerfilter can be applied.

For all Powerfilters the following actions are available:

  • trashcan Delete the Powerfilter.
  • edit Edit the Powerfilter.
  • clone Clone the Powerfilter.
  • export Export the Powerfilter as an XML file.
_images/filter_managing.png

Fig. 8.17 Managing Powerfilter

Note

By clicking trashcan or export below the list of filters more than one filter can be deleted or exported at a time. The drop-down-list is used to select which filters are deleted or exported.

Details Page

Click on the name of a filter to display the details of the filter. Click details to open the details page of the filter.

The following registers are available:

Information
General Information about the Powerfilter.
User Tags
Assigned tag (see Chapter 8.5).
Permissions
Assigned permissions (see Chapter 9.4).

The following actions are available in the upper left corner:

  • help Open the corresponding chapter of the user manual.
  • list Show the list page of all Powerfilters.
  • new Create a new Powerfilter (see Chapter 8.4.1).
  • clone Clone the Powerfilter.
  • edit Edit the Powerfilter.
  • trashcan Delete the Powerfilter.
  • export Export the Powerfilter as an XML file.

8.5. Using Tags

Tags are information that can be linked to any object. Tags are created directly with the objects and can only be linked to the object type they are created for.

Tags can be used to filter objects (see Chapter 8.4).

Example: when filtering for tag=target:server the specific tag must be set. Otherwise, the desired result would not be found. With tag="target:server=mail" the exact tag with the respective value must be set (see Fig. 8.18).

8.5.1. Linking a Tag to a Single Object

A tag for a single object can be created as follows:

  1. Open the details page of the object (see Chapter 8.3).

  2. Click on the register User Tags.

  3. Click edit in the opened section User Tags.

  4. Define the tag (see Fig. 8.18).

  5. Click Save.

    _images/tag_new.png

    Fig. 8.18 Tag for the object type Target

8.5.2. Linking a Tag to Multiple Objects

A tag can be added to multiple objects of the same type (e.g. tasks, targets, scanners) as follows:

  1. Open the list page of an object type.

  2. Filter the list so that only the objects that should have the tag are displayed.

  3. In the drop-down-list below the list of objects select to which objects the tag should be added (see Fig. 8.19).

    Note

    Apply to page contents links the tag to all objects which are visible on the current page.

    Apply to all filtered links the tag to all objects which are affected by the filter even if they are not visible on the current page.

    _images/tag_multiple_objects_2.png

    Fig. 8.19 Selecting the objects

    or

  1. In the drop-down-list below the list of objects select Apply to selection.

  2. Activate the checkboxes of the objects that should have the tag in the column Actions.

  3. Click tags below the list of objects.

  4. Select the tag in the drop-down-list Choose Tag (see Fig. 8.20).

    Note

    Only tags which are created for the chosen object type can be selected.

    Additionally, a new tag can be created by clicking new.

    _images/tag_multiple_objects.png

    Fig. 8.20 Selecting a tag for multiple objects

  5. Click Add Tag.

8.5.3. Creating a Tag

In addition to linking tags directly to an object, tags can be created on the page Tags and assigned afterwards.

  1. Select Configuration > Tags in the menu bar.
  2. Create a new tag by clicking new.
  3. Define the tag. Select the object type for which the tag can be assigned in the drop-down-list Resource Type.
  4. Click Save.

8.5.4. Managing Tags

List Page

All existing tags can be displayed by selecting Configuration > Tags in the menu bar.

For all tags the following actions are available:

  • disable Disable the tag if it is enabled.
  • enable Enable the tag if it is disabled.
  • trashcan Delete the tag.
  • edit Edit the tag.
  • clone Clone the tag.
  • export Export the tag as an XML file.

Note

By clicking trashcan or export below the list of tags more than one tag can be deleted or exported at a time. The drop-down-list is used to select which tags are deleted or exported.

Details Page

Click on the name of a tag to display the details of the tag. Click details to open the details page of the tag.

The following registers are available:

Information
General information about the tag.
Assigned Items
Objects to which the tag is assigned. The objects are only displayed if the tag is enabled.
Permissions
Assigned permissions (see Chapter 9.4).

The following actions are available in the upper left corner:

  • help Open the corresponding chapter of the user manual.
  • list Show the list page of all tags.
  • new Create a new tag (see Chapter 8.5.3).
  • clone Clone the tag.
  • edit Edit the tag.
  • trashcan Delete the tag.
  • export Export the tag as an XML file.
  • disable Disable the tag if it is enabled.
  • enable Enable the tag if it is disabled.

8.6. Using the Trashcan

The page Trashcan is opened by selecting Extras > Trashcan in the menubar. The page lists all objects that are currently in the trashcan, grouped by object type.

The summary table Content shows all possible types of deleted objects with object counts. By clicking on an object name the corresponding section is shown (see Fig. 8.21).

The trashcan can be emptied by clicking Empty Trash.

_images/trashcan_overview.png

Fig. 8.21 Contents of the trashcan

In the section of the respective object type the single objects can be managed (see Fig. 8.22):

  • Clicking restore moves the object out of the trashcan and back to its regular page. The object cannot be restored if it depends on another object in the trashcan.
  • Clicking delete removes the object entirely from the system. The object cannot be deleted if another object in the trashcan depends on it.
_images/trashcan_detail.png

Fig. 8.22 Restoring or deleting a trashcan object

8.7. Changing the User Settings

Every user of the GSM appliance can manage their own settings for the web interface. These settings can be accessed by either selecting Extras > My Settings in the menu bar or by clicking on the user name in the top right corner of the page.

The settings can be modified by clicking edit.

_images/user_settings_2.png

Fig. 8.23 Managing user settings

Important settings are:

Timezone
The GSM saves all information in the UTC time zone internally. In order to display the data in the time zone of the user the respective selection is required.
Password
The user password can be changed here.
User Interface Language
The language can be defined here. The browser setting are used per default.
Rows Per Page
This defines the number of results in a list.
Details Export File Name

This defines the default name of the file for exported object details. For the file name the following placeholders can be used:

  • %C: the creation date in the format YYYYMMDD. Changed to the current date if a creation date is not available.
  • %c: the creation time in the format HHMMSS. Changed to the current time if a creation time is not available.
  • %D: the current date in the format YYYYMMDD.
  • %F: the name of the used report format (XML for lists and types other than reports).
  • %M: the modification date in the format YYYYMMDD. Changed to the creation date or to the current date if a modification date is not available.
  • %m: the modification time in the format HHMMSS. Changed to the creation time or to the current time if a modification time is not available.
  • %N: the name for the object or the associated task for reports. Lists and types without a name will use the type (see %T).
  • %T: the object type, e.g. “task”, “port_list”. Pluralized for list pages.
  • %t: the current time in the format HHMMSS.
  • %U: the unique ID of the object or “list” for lists of multiple objects.
  • %u: the name of the currently logged in user.
  • %%: the percent sign (%).
List Export File Name
This defines the default name of the file for exported object lists (see above).
Report Export File Name
This defines the default name of the file for exported reports (see above).
Severity Class

This defines the classification of the vulnerability with respect to the score.

  • NVD Vulnerability Severity Ratings
    • 7.0 – 10.0: High
    • 4.0 – 6.9: Medium
    • 0.0 – 3.9: Low
  • BSI Vulnerability Traffic Light
    • 7.0 – 10.0: Red
    • 4.0 – 6.9: Yellow
    • 0.0 – 3.9: Green
  • PCI-DSS
    • 4.3 – 10.0: High
    • 0.0 – 4.2: None
Filter
Specific default filters for each page can be specified here. The filters are then activated automatically when the page is loaded.

8.8. Displaying the Feed Status

The synchronization status of all SecInfo can be displayed by selecting Extras > Feed Status in the menu bar.

The following information is displayed (see Fig. 8.24):

Type
Feed type (NVT, SCAP or CERT)
Content
Type of information provided by the feed.
Origin
Name of the feed service that is used to synchronize the SecInfo.
Version
Version number of the feed data.
Status
Status information of the feed, e.g. time since the last update.
_images/feed_status.png

Fig. 8.24 Displaying the feed status