Speed up filters on Vulnerabilities page (Kali)

BarryG · August 22, 2023, 9:09pm

Hi,

I need to provide a summary of all current vulnerability counts, grouped by severity.
I see that the Vulnerabilities page has that in the pie chart, but it seems to be all vulnerabilities from all reports and all time.

I tried using a Filter,
newest>=2023-08-01
but it times out.

Are there any indexes I can add to the DB to speed that filter up?

Thanks!

running
$ openvas --version
OpenVAS 22.7.3
gvm-libs 22.6.3

$ gvmd --version
Greenbone Vulnerability Manager 22.5.5
Manager DB revision 255

postgresql-15/now 15.3-0+deb12u1 amd64

Kali 2023.2

rippledj · August 23, 2023, 1:06am

If I understand you correctly, you want to gain insight into recent vulnerabilities by severity class.
I’m not 100% sure what the newest filter does exactly, but it should not apply to the data you are trying to fetch. I think newest filter keyword specifically applies to vulnerabilities within scan results. Also, I don’t think that Greenbone currently supports >= or <= so you will have to rely on > and <

Instead, I think the created or modified keywords with the datetime and the severity class would do what you want.

Going by these CVSS v3 severity levels

Screenshot from 2023-08-22 21-03-30

For example, on the NVT page this filter would find NVTs with a severity of HIGH:

created>"2023-01-01" and severity>6.9 and severity<9

You can also use this filter on the CVEs page (and I think published works as well). If you use modified keyword instead of created, you can examine the By Creation Time chart at the top to see that some items will be included that were created before 2023-01-01.

Here is a link to the filter keywords documentation, although it is not complete.

BarryG · August 23, 2023, 8:37pm

Hi, I’ve tried >= and > alone.
I’m trying to filter the results (or just the pie chart) on this page (/vulnerabilities):

(by default, it is showing/counting results from all time)

The ‘modified>date’ filter does work better, but afaict it is only showing results I’ve added overrides to or otherwise modified. It’s not filtering on all recent results.

‘created’ also works, but only shows new findings, not old findings that are still active.

I believe the ‘newest’ filter should give what I need, but the query runs for many minutes and eventually the web interface appears to time out.
So, probably an index would help?

thanks

rippledj · August 23, 2023, 8:50pm

OK, yes in the case that you are searching for vulnerabilities found in your hosts/environment then newest would show vulnerabilities that have a recent result found. I think created and modified would apply to the NVT itself.

Would an index help?

If you have THAT MANY vulnerabilities to sort, I guess it would likely help, but firstly, it doesn’t seem you have that many, and secondly, I’ll leave that to someone who knows the Greenbone subsystem better than me. I have 158 vulns in that page and its blazing fast.

BarryG · August 23, 2023, 9:32pm

[quote=“rippledj, post:4, topic:15546”]
Would an index help?

If you have THAT MANY vulnerabilities to sort, I guess it would likely help, but firstly, it doesn’t seem you have that many[/quote]

FWIW, we have a lot more results than the 734 vulnerabilities, as there are many hosts with the same vulnerability.
The total RESULTS are 1.8M.

Thanks!