I would like to apply a filter to a report so that only (C,H,M,L) severity vulnerabilities are in a report. I’m having a little difficulty finding a filter that does that. This is the filter I have so far.
apply_overrides=1 and min_qod=50 and (severity~“c” or severity~“h” or severity~“m” or severity~“l” ) first=1 rows=10 sort=name
Any suggestions on how to keep the logs from showing in a report?
Thank you for the help!
There is currently no critical level severity. The correct filter term for High, Medium, Low is levels=hml. Also, nested logic using parenthesis () is not supported.
See the resources such as:
You will also find other discussions on the forum that can expand your knowledge. Finally, as you adjust settings in the filter diaglog box, you will see a text at the bottom of the page that shows the filter settings for the current page. This can help with learning too.
Thank you for taking the time to respond. I will check these resources.
That’s not really true anymore. The latest releases support also the critical (c) severity level.
I’m looking at Kali’s GVM-25.04.0 installation and still Critical (>= 9.0 CVSS) CVEs use the High severity name.
Also, I didn’t see this in GOS 24.10.06 (Greenbone BASIC virtual appliance), but I do now see it in GOS 24.10.07, so it must have been very recently (past week or so) enabled.
Regardless, if you have a fully updated system that includes the Critical severity classification, you can use levels=chml
Oh, I see this was released in the GSA v26.3.0 last month.