On my previous version of Greenbone when viewing results there was an icon on the far right that allowed me to tag it as a false positive. I could then mark the result as a false positive for the current scan and all future scans and all hosts, etc etc. In this new version of Greenbone I only see the option to mark it as an override - which doesn’t seem to remove the false positive from the result list.
I’d say that the false positive option is removed but when i look at the list of hosts in the results i see a column labeled false positive. so the option must be there. but it alludes me.
for example “Windows IExpress Untrusted Search Path Vulnerability OID: 22.214.171.124.4.1.256126.96.36.1993808”. i want to mark that as a false positive for all hosts and all future results.
Can someone help me out with this? Point me in the right direction?
you can not mark an NVT as an override. An override is another sort of functional object that you can use to override severities of results to, for example a higher or lower severity or a false positive. If I understood your question correctly, this would be exactly what you want to do.
So in order to override a severity of an NVT and its corresponding result, you can create an override for that result (for example in the toolbar in the upper left of the result detailspage). Within the “Create Override” dialog you can choose to either apply this to single hosts and/or tasks or all of them.
For a more detailed description of how to use overrides have a look in our manual:
I hope this solves your problem
Edit: I should also mention that there are options to enable and disable existing overrides, so if you created an override but the results are still not showing up correctly, you need to make sure that the override is actually applied (via the filter term “apply_overrides=1” for example) and enabled.
I’ve moved the topic to the GCE category because I guess you are using our Community Edition Virtual Machine.
It’s possible I’m not explaining myself properly. Here’s a screenshot of what i’m talking about. In this list of results i have apply_overrides=1, but the results that i’ve overrided are still listed. I don’t want them listed - because i’ve overrided them:
The list is the same whether or not i’ve put “apply_overrides=1” in the filter.
And when I look at the hosts tab under results those overrided results still show up. There is also a column labeled “false positives”. This appears to be different than overrides.
I wouldn’t expect a column called “false positives” to be there unless there was a method to mark something as a false positive.
I myself can look at the results and see that all the high and some medium results are “overrides”, but it would be nice if the false positives or overrides didn’t show up at all.