maybe “whitelisting” is not the correct word here.
Let me give an example: some vulnerabilities reported by openVAS are to be treated by the sysadmin ( through GPOs or equivalent) I’d like those vulnerabilities to be “acknowledged” manually by myself so they are not in the report made for a machine as the owner shouldn’t configure Operating System/Domain related issue but focus on their local software and servers.
Is there a way to do this?
I guess you are looking for the overrides feature in Greenbone. You can create an override such that a specific NVT’s severity will be modified within the report. I guess for your use case you will set the new severity to LOG or False Positive. From the Scans → Overrides page you can create new overrides.
Thanks for this solution ! I managed to create an override and I tried this morning on a testing environment
Problem is: even if I put the severity to False Positive or Log I always have severity set to high
So the override is clearly indicated but severity stays high.
I need to remove them completely so the support technician in charge of the machine can fix what is allowed and able to fix.
Any hints on how to achieve this?
I should have mentioned that while the overrides themselves have an “active” setting to turn them off and on, the reports must also have overrides applied in the filter to activate the overrides there. See the screenshot below. You can familiarize yourself with the Greenbone manual section about the web-interface which will provide you much insight into using the platform’s features. Specifically, here is the overrides section. If you read that section you will eventually get to the relevant information that overrides need to be enabled in the report filters.
Also, to address your initial comment:
maybe “whitelisting” is not the correct word here.
I can mention that whitelisting is not really the appropriate term to use in this case.
Very nice, thank you! works like a charm.
Thanks for the links ! So I have to manually apply overrides each time I want to create a report. Any option to make it “default filter”? I applied the filter but it is not kept when displaying another report
Then setting the default filter is part of the User Settings page link in the far top right corner user icon -> settings.
If you close all the other settings groups and look for the filters group, you can set the default. You want to set the Results Filter one. Your saved filter will appear there.