Detecting GSA components findings

Hi,

Last month I had the following result for each host in the scan

Report outdated / end-of-life Scan Engine / Environment (local)
1.3.6.1.4.1.25623.1.0.108560

caused by outdated libraries. By itself is very good it’s reported, but against all hosts is a bit too much. The point is I have a script that automatically generates a ticket in our helpdesk system for each finding. Very fortunate I discovered this one in time or we would have had an absurd amount of “false” tickets.

I looked in the GUI but the results on the GSA components are not part of the same OID (eg. 1.3.6.1.4.1.25623.) That would have been easy for me to filter it out.
Is the any generic marker I can use to filter findings on the GSA components ? Just to avoid tickets on a GSA component on each server we have…

Kind regards,
Ton

The VT 1.3.6.1.4.1.25623.1.0.108560 doesn’t report for each component on remote hosts but only based on the version of the openvas-scanner on the scanner host so you won’t get different OIDs for different components.

If you want to accept the risk to rely on outdated scanning components on the scanner host (causing e.g. false negatives) you can create an override for this specific OID as described in the VT description.

1 Like

Hi, Thanks for the reply.
first of all: NO, i’m not gonna rely on outdated components, all is upgraded.

I only want to avoid that next time a component gets outdated, I end up with an issue on every ip known in outdated environment. For clarification I restored an older version and ran the scan/reports to show what I mean by
VT 1.3.6.1.4.1.25623.1.0.108560 being reported on each remote hosts


this is what i’d like to avoid in the future

Yes, these results can be overwritten to e.g. a “Log” level or as “False Positives” like described below. The relevant info is available in the Solution Tag of the VT in question:

If you want to accept the risk of a possible decreased scan coverage or missing detection of vulnerabilities on the target you can set a global override for this script as described in the linked GSM manual.

with a link to:

https://docs.greenbone.net/GSM-Manual/gos-21.04/en/reports.html#creating-an-override

Hi and thanks again. I think this might work… The overrides allow me for any host or a specific host.
It makes sense know about it, so …Is there a way to make an override that applies to “any host but not but not x.x.x.x”

This looks like a question not directly related to a specific VT but about the usage of overrides within GVM. Because of this i would suggest to open up a new topic at the following category to get more attraction of users familiar with the available configuration options of GVM:

1 Like