8. Reports

The GSM saves all reports of all scans in a local database. Not only is the last report of a scan saved but all reports of all scans ever run. This allows also access to information from the past. The reports contain the discovered vulnerabilities and information of a scan (see section Reports).

If a scan has been performed multiple times the trend of discovered vulnerabilities will be displayed. However, the trend information can not be found on the report page but under Scan Management/Tasks.

_images/trend.png

The trend of discovered vulnerabilities can be found in the respective column in the task overview.

In this view only reports of a specific scan can be accessed. To do so use the column Reports/Total (see figure The Reports column contains the amount of reports saved in total and the date of the last report.).

_images/reports-total.png

The Reports column contains the amount of reports saved in total and the date of the last report.

Here you can find the date of the last saved report as well as the amount of reports available in total. The first value represents the number of all completed scans and the second the amount of reports including the not yet completed ones. By clicking on one of the values you will get a list of the respective reports. By clicking on the date the latest report will be displayed.

8.1. Delta Reports

If more than one report of a task can be displayed (see Now, for comparison the second report needs to be selected.) a Delta-Report can be created. Use the compare delta option in the Action column. The first report is being selected for comparison.

_images/reporttask.png

Two reports of the same task can be compared in a delta report.

Afterwards the respective icon is greyed out for the selected report. The compare icons of the other reports have now changed in their appearance. Use the delta_second icon to select the second report for comparison.

_images/compare-second.png

Now, for comparison the second report needs to be selected.

Subsequently you will receive the delta report. As usual, it can be displayed in different formats and exported as PDF.

_images/delta-report.png

The delta report can be exported as PDF as well.

The report contains information as to which run times are being compared with each other and how many results have been added or were removed.

8.2. Report Plugins

Report plugins are defined as the formats a report is created from, based on the scan results. This ranges from PDF documents as per corporate identity to interactive reports like the Greenbone Security Explorer. These plugins can be used to export report information into other document formats so they can be processed by other third party applications (Connectors).

The name of the exported report is configurable in the user settings (see section My Settings). Greenbone supports the creation of additional plugins. Requests, suggestions and concrete templates are welcome.

The report plugin framework has the following properties:

Simple Import/Export:
A report plugin is always a single XML file. The import is easily performed (see section Import of additional plugins).
Parameterized:
Plugins can contain parameters that can be customized to specific requirements in the graphical interface.
Content Type:
For every plugin it is determined of which type the result is. The well-known HTTP descriptors are being used, for example, application/pdf, graphics/png or text/plain. Depending on the content type the plugins are displayed in contextual relation. For example, the types text/* for the sending as email inline.
Signature Support:
Through the Greenbone Security Feed signatures for trusted plugins are being provided. That way it can be verified that an imported plugin was verified by Greenbone.

The Reports can be exported in different formats:

ARF: Asset Reporting Format v1.0.0
This format creates a report that represents the NIST Asset Reporting Format.
CPE - Common Enumeration CSV Table
This report selects all CPE tables and creates a single comma separated file.
CSV hosts
This report creates a comma separated file containing the systems discovered.
CSV Results
This report creates a comma separated file with the results of a scan.
GSR PDF - Greenbone Security Report (recommended)
This is the complete Greenbone Security report with all vulnerabilities in graphical format as a PDF file. The topology graph is not included when more than 100 hosts are covered in the report. The language is English.
GXR PDF - Greenbone Executive Report (recommended)
This is a shortened report with all vulnerabilities in graphical format as a PDF file for management. The topology graph is not included when more than 100 hosts are covered in the report. The language of the report is in English.
HTML
This report is in HTML format and as such can be opened in a web browser. It is a detailed listing containing the complete description of vulnerabilities including note and overrides with all references and cross references. It is a neutral document without any further references to Greenbone or the Greenbone Security Manager. The document can also be used offline and the language being used is English.
ITG - IT-Grundschutz catalogue
This report is guided by the BSI IT-Grundschutz catalogue. It provides an overview of the discovered results in table view in CSV format and in German.
LaTeX
This report is offered as LaTeX source text. The language is English.
NBE
This is the old OpenVAS/Nessus report format. It does not have support for notes, overrides and some additional information.
PDF
This is a complete report in PDF. Like the HTML format it is neutral. The language is English.
Topology SVG
This presents the results in a SVG picture.
TXT
This creates a text file. This format is especially useful when being sent by Email. The language is English.
Verinice ISM
Creates an import file for the ISMS tool Verinice.
Verinice ITG
Creates an import file for the ISMS tool Verinice.
XML
The report is being exported in the native xml format. Contrary to the other formats this format contains all results and does not format them at all.
_images/report-plugins.png

Greenbone includes many report plugins by default.

The report plugins define the format of the reports to be exported. Many report plugins reduce the available data in order to display it in a meaningful way. However, the native GSM xml format contains all data and can be used to import exported reports on another GSM. To do so use the Container Task (see also section Container Task).

The overview (see figure Greenbone includes many report plugins by default.) shows additional details of the report plugins. For every plugin in the individual columns the following information is being displayed:

Extension:
The file name of the downloaded report through the respective plugin is comprised of the UUID (unique internal ID of the report) and this extension. Among others, the extension supports the browser to start a compatible application in case the specified content type is not recognized.
Content Type:
The content type specifies the format in use and is being transmitted when being downloaded. That way a compatible application can be launched by the browser directly. Additionally the content type is important internally: It is being used to offer suitable plugins within its context. For example, when sending a report via Email all plugins of the type text/\* are being offered as they can be embedded in an email in a humanly readable way.
Trust:
Some plugins only consist of a data transformation while others execute more complex operations and also use support programs. To avoid misuse the plugins are digitally signed. If the signature is authentic and the publisher trusted, it is ensured that the plugin exists in the exact format as certified by the publisher. The verification does not occur automatically rather than manually with the verify icon verify. The date of the verification is saved automatically. This function should definitely be used for all newly imported plugins before they are being activated. This is not required for the supplied default plugins verify_inactive.
Active:
The plugins are only available in the respective selection menus if they were activated. Newly imported plugins are always deactivated at first.
_images/sf-plugin.png

New report formats plugins can be imported easily.

8.2.1. Import of additional plugins

Other report formats can be imported easily. Greenbone offers the following additional report format plugins on the following web page: http://greenbone.net/technology/report_formats.html:

  • Sourcefire Host Input Import (see also section Sourcefire Defence Center)
  • OVAL System Characteristics
  • OVAL System Characteristics Archive

Note

The report format plugins for the verinice connector are now already shipped with the Greenbone operating system. They do not need to be manually imported anymore.

To import a report plugin the respective xml file must be downloaded from Greenbone. Afterwards change to Configuration/Report Formats. Select the icon new to add the new format.

_images/imported-format.png

Imported formats should be verified before activation.

_images/activate-format.png

New report formats plugins can be activated easily.

Select the respective file and then import the format. After importing the new format is not active yet. Report plugins can be signed by the publisher. This signature should get verified before activation verify. This verification is being done automatically when importing. The result with the date of the verification is being displayed in the Trust column. If the report plugin is trusted it can be activated afterwards. To do so, edit the report plugin by clicking the edit icon edit in the Actions column.