Creating one result entry per one incorrect registry value

Hello Greenbone community,
we have created a Scan Config which checks against many registry values and it works. Currently the Results tab (it’s under /report/[guid]) looks like this, no matter how many registry values are incorrect (this is default Greenbone behavior):


What we would like to optimize is the overview above and list one (1) such entry per one (1) incorrect registry value, so like this:

Windows Registry Check: Violations 1
Windows Registry Check: Violations 2

Is this possible and if yes, how to achieve this?

We are using gsm-ce-6.0.7.iso for test purposes.

Regards

Unfortunately this is not possible to achieve within GVM. The name of a VT is collected from the “script_name()” defined in a .nasl file and is static.

You only have the possibility to have one such entry per one incorrect registry value but with the very same name like “Windows Registry Check: Violations”. For this you would need to modify the mentioned .nasl file and call security_message() within the foreach loop used there.

Thank you for your reply. If I understand you correctly, one “Windows Registry Check: Violations” per one invalid registry would be possible, but only “Windows Registry Check: Violations”, not “Windows Registry Check: Violations 1” (and so on). Could the “script_name()”'s output text forwarded to another function and manipulated there? Would this be too much work to accomplish?

Exactly.

GVM just doesn’t support this currently and NASL scripts can’t manipulate the script_name() during their runtime. GVM is always taking the “Vulnerability name” from it’s internal database which is filled via the scanner and the existing script_name() in NASL scripts before a scan even takes place.

But sure, if some one is implementing something like this in GVM it would be possible as well. I highly doubt that this will be ever implemented in GVM but it would be a separate topic for https://community.greenbone.net/c/gse/16 anyway.

Forgot to mention that there is indeed a way without any modifications on GVM side to have a numbering like e.g. the following for each result:

Windows Registry Check: Violations 1
Windows Registry Check: Violations 2

I haven’t mentioned it because i’m not sure if you want to go down this rabbit hole, especially as the results would be limited by the .nasl files you had created.

This would require to create e.g. 100 .nasl scripts (if you’re expecting 100 results) having e.g. script_name() tags like:

script_name("Windows Registry Check: Violations 1");
script_name("Windows Registry Check: Violations 2");

with an unique OID for each. These new VTs would need to evaluate a single entry from the "policy/registry/violation_list" KB entry (e.g. by extending this list with a numbering scheme or similar).

Thanks, cfi, we will evaluate your suggestions and see whats possible.

A post was split to a new topic: Using / modifying .nasl scripts supported in GVM?