I have a question about delta reports.
In one report the scanner found a vulnerability (custom nvt i wrote myself) in one of my printers as seen here:
In a later report of the same task, the scanner did not find the vulnerability because the printer was not online at the moment of the scan.
Now, I would assume that a delta report of the two reports would show the result of the vulnerability of the printer as either ‘gone’ or ‘new’ depending on the order of the reports.
However, the result is not shown in either delta scan:
Why is that? Is this intended behaviour because the printer was offline in the second scan?
Everything else is working fine.
Thank you for your answers.
gsad: Greenbone Security Assistant 20.08.1~git-3affb6383-gsa-20.08
gvmd: Greenbone Vulnerability Manager 20.08.1~git-7a247dbeb-gvmd-20.08
openvas-scanner: OpenVAS 20.8.2
gvm-libs: gvm-libs 20.8.2~git-aa3bba16-gvm-libs-20.08
Operating system: Raspbian GNU/Linux 10 (buster)
Kernel: Linux raspberrypi 5.10.17-v7l+ #1421 SMP Thu May 27 14:00:13 BST 2021 armv7l GNU/Linux
Installation method / source: compiled from source
For the delta report function to work the report must be sorted on code level by the name of the NVT. So try changing the filter from “sort-reverse=severity” to “sort=vulnerability”. You can change the sorting in the Web-GUI by clicking on the column headers as you like, that doesn’t influence sorting on code level.
Please let me know if this helped.
thank you for your answer. Can you explain what you mean by ‘code level’?
How do I change the sorting of a report on code level?
You mean I have to change the sorting of both reports on code level and then generate a delta report from the sorted reports?
You can change the filter from the code level, please see below where you can type the syntax:
Thank you very much!
This pointed me in the right direction of the solution Tino probably meant.
Thank you again @Tino for your answer. This worked for me. For some reason what also showed the NVT I did not see in the beginning was to change the filter to also include log level Results, even though the NVT is definitly not log level (as seen in my screenshots it is 7.5 High).
Also thank you to @Itcracker for clarifying things.
I have exacly that problem, but although I changed the filter to “sort=vulnerability”, there are some diffs missing. Others are visible.
Do you have any idea, why?
I have two reports, one with a “CVE-10”-vulnerability, one without (for the same job and system).
When I compare those two, the CVE-10-vulnerability is not visible. If I change the filter to “sort=vulnerability”, it is still not visible.
Thank you for your help!