English | Deutsch
Home »

OpenVAS Change Request #18: OpenVAS-Client: Improve Handling of False-Positives

Status: Voted +3. Done. Functionality described here superseded by "severity override" features, released with openvas-client 2.0.3.

Purpose

To improve usability and usefulness of the OpenVAS client with support for management of false-positives and of individual priorities.

References

Rationale

The current implementation does not treat false-positives at all. After a full scan of a target host the user is presented a report that contains server-defined priorities for each vulnerability. If there are false-positives (e.g. anonymous FTP or CIFS directories may exist on intention and not accidentally) the user needs to reconsider each such finding in the report manually. This is subject to eat maintenance time unneccessarily for the user for each generated report.

It would be helpful if the user would be given a way to alter the priority of certain scripts locally on a per-host basis. Ultimately this would offer the user a means to treat certain test results as false-positives and to be able to downgrade (or even upgrade) the priority of other tests within the OpenVAS client.

Effects

The results overview in the OpenVAS-Client and also its reports would be extended by additional information of applied individual priority overrides. The client GUI would offer a way to alter priorities in a form of a filter action, e.g.: a series of target-host/NVT-OID/[port]=[+-]priority rules.

This feature affects the OpenVAS client only. No library or server needs to be modified.

Design and Implementation

History