Hello Greenbone community,
we have created a Scan Config which checks against many registry values and it works. Currently the Results tab (it’s under /report/[guid]) looks like this, no matter how many registry values are incorrect (this is default Greenbone behavior):
Unfortunately this is not possible to achieve within GVM. The name of a VT is collected from the “script_name()” defined in a .nasl file and is static.
You only have the possibility to have one such entry per one incorrect registry value but with the very same name like “Windows Registry Check: Violations”. For this you would need to modify the mentioned .nasl file and call security_message() within the foreach loop used there.
Thank you for your reply. If I understand you correctly, one “Windows Registry Check: Violations” per one invalid registry would be possible, but only “Windows Registry Check: Violations”, not “Windows Registry Check: Violations 1” (and so on). Could the “script_name()”'s output text forwarded to another function and manipulated there? Would this be too much work to accomplish?
GVM just doesn’t support this currently and NASL scripts can’t manipulate the script_name() during their runtime. GVM is always taking the “Vulnerability name” from it’s internal database which is filled via the scanner and the existing script_name() in NASL scripts before a scan even takes place.
But sure, if some one is implementing something like this in GVM it would be possible as well. I highly doubt that this will be ever implemented in GVM but it would be a separate topic for Greenbone Community Edition - Greenbone Community Forum anyway.
Forgot to mention that there is indeed a way without any modifications on GVM side to have a numbering like e.g. the following for each result:
Windows Registry Check: Violations 1 Windows Registry Check: Violations 2
I haven’t mentioned it because i’m not sure if you want to go down this rabbit hole, especially as the results would be limited by the .nasl files you had created.
This would require to create e.g. 100 .nasl scripts (if you’re expecting 100 results) having e.g. script_name() tags like:
with an unique OID for each. These new VTs would need to evaluate a single entry from the "policy/registry/violation_list" KB entry (e.g. by extending this list with a numbering scheme or similar).