The results of a scan are summarized in a report. Reports can be displayed on the web interface and downloaded in different formats.
The blësk NSM saves all reports of all scans in a local database. Not only is the last report of a scan saved but all reports of all scans ever run. This allows access to information from the past. The reports contain the discovered vulnerabilities and information of a scan.
Once a scan has been started, the report of the results found so far can be viewed. When a scan is completed, the status changes to Done and no more results will be added.
¶ Using and Managing Reports
All existing reports for all scans can be displayed by selecting Scans > Reports in the menu bar.
The total number of reports of a specific task is displayed on the page Tasks in the column Reports.
The reports for a specific task can be displayed as follows:
Select Scans > Tasks in the menu bar.
For the desired task click on the total number of reports in the column Reports to display all reports.
A filter is applied to show only the reports for the selected task.
Tip
By clicking on the date in the column Last Report the details page of the latest report is opened.
¶ Results of a Report
The register Results contains a list of all vulnerabilities detected by the blësk NSM.
¶ Vulnerability
Name of the found vulnerability. By clicking on the name of a vulnerability, the details of the vulnerability can be viewed. The details page of the vulnerability is opened by clicking the magnifying glass icon.
¶ Interpreting a Report
To interpret the results note the following information:
False Positives
A false positive is a finding that describes a problem that does not really exist. Vulnerability scanners often find evidence that point at a vulnerability but a final judgment cannot be made. There are two options available:
- Reporting of a potentially non-existent vulnerability (false positive).
- Ignoring reporting of a potentially existing vulnerability (false negative).
Since a user can identify, manage and as such deal with false positives compared to false negatives, the NSM vulnerability scanner reports all potentially existing vulnerabilities. If the user knows that false positives exist an override can be configured.
Multiple findings can have the same cause
If an especially old software package is installed, often multiple vulnerabilities exist. Each of these vulnerabilities is tested by an individual VT and causes an alert. The installation of a current package will remove a lot of vulnerabilities at once.
High and Medium
Findings of the severity levels High and Medium are most important and should be addressed with priority. Before addressing medium level findings, high level findings should get addressed.
Low and Log
Findings of the severity levels Low and Log are mostly interesting for detail understanding. These findings are filtered out by default but can hold very interesting information. Considering them will increase the security of the network and the systems. Often a deeper knowledge of the application is required for their understanding.
¶ Filtering a Report
Since a report often contains a lot of findings, the complete report as well as only filtered results can be displayed and downloaded.
The report can be filtered as follows:
- Click the filter icon as image below, in the filter bar.
- Enter a keyword which should be searched for in the input box Filter
- For Apply Overrides select the radio button Yes to enable overrides and for Apply Overrides select the radio button No to disable overrides.
- Activate the checkbox Only show hosts that have results if only the hosts with results should be included.
- For QoD select the desired QoD
- For Severity (Class) activate the checkboxes of the desired severity classes.
- For Solution Type select the radio buttons of the desired solution types.
- Enter the (part of a) vulnerability’s name, host or location in the according input box.
- Click Update.