maybe “whitelisting” is not the correct word here.
Let me give an example: some vulnerabilities reported by openVAS are to be treated by the sysadmin ( through GPOs or equivalent) I’d like those vulnerabilities to be “acknowledged” manually by myself so they are not in the report made for a machine as the owner shouldn’t configure Operating System/Domain related issue but focus on their local software and servers.
Is there a way to do this?
I guess you are looking for the overrides feature in Greenbone. You can create an override such that a specific NVT’s severity will be modified within the report. I guess for your use case you will set the new severity to LOG or False Positive. From the Scans → Overrides page you can create new overrides.
Thanks for this solution ! I managed to create an override and I tried this morning on a testing environment
Problem is: even if I put the severity to False Positive or Log I always have severity set to high
So the override is clearly indicated but severity stays high.
I need to remove them completely so the support technician in charge of the machine can fix what is allowed and able to fix.
Any hints on how to achieve this?
I should have mentioned that while the overrides themselves have an “active” setting to turn them off and on, the reports must also have overrides applied in the filter to activate the overrides there. See the screenshot below. You can familiarize yourself with the Greenbone manual section about the web-interface which will provide you much insight into using the platform’s features. Specifically, here is the overrides section. If you read that section you will eventually get to the relevant information that overrides need to be enabled in the report filters.
Also, to address your initial comment:
maybe “whitelisting” is not the correct word here.
I can mention that whitelisting is not really the appropriate term to use in this case.
Very nice, thank you! works like a charm.
Thanks for the links ! So I have to manually apply overrides each time I want to create a report. Any option to make it “default filter”? I applied the filter but it is not kept when displaying another report
Then setting the default filter is part of the User Settings page link in the far top right corner user icon -> settings.
If you close all the other settings groups and look for the filters group, you can set the default. You want to set the Results Filter one. Your saved filter will appear there.
just a quick follow up on this… So if i understood you guys correctly
say there’s 3 high NVTs for example that i want to set to False Positive, and severity 0 globally in every view all tasks, targets, hosts lists , results and reports and so on, for past and future results / reports. Then what I: would do is basically edit the default or custom defined value each of the filters listed there to add the statement " apply_overrides=1 " to the filter, save it and apply it for each of the filters listed there.
Now … if i’m not mistaken , though - it would oly be applying these changes for my view.
Is there a way via Superadmin or Group / Role membership to set apply overrides=1 for all users., while only adding the statement once per filter/view ( rather than going through creating saving and specifying the new default for each filter type times every user? vs justhaving the modified filter becoming everyone’s default filter?