I’ve been fiddling around with the GMP protocol for a while, and have stumbled across a weird phenomenon. By using the get_report() command, I get a different report than the one printed out by GSA. I use the command in the following way:
Even though the filtering should be the same, the GSA report contains two hosts with vulnerabilities whereas the report retrieved with the command only has one. Also, the command-based report is missing a vulnerability that is classed “high” from the host that appears in both reports, even though it is not filtered out.
I am using the latest build of GVM, and the GMP 20.08 protocol.
By examining the XML versions, there were filters present in the GSA report that were not included in the GMP command. I believe setting a filter rows=1000 fixed the issue, as in the GMP generated report the value was rows=10.