I have a scheduled task. Is there a way to flag the results as resolved and filter the results from new reports without them? Something with overrides? I would be glad about your ideas or suggestions about the best practices.
I use GVM 11 (stable, initial release 2019-10-14).
Thanks for your ideas.
I think overrides could be put to use for this.
- Open the results:report view of an old report of this task via
Web GUI > scans > reports > date of the report
- Open the detailed results view a resolved result via
name of the vulnerability > magnifier
- Click in the top left row of actions you’ll find the “override” icon. Leave the settings as they are, just add “Resolved at DATE” or something similar in the text field.
- This means future result for this VT and Task and Host will get the severity False Positive (f). This severity is automatically filtered out in the default view and default report export.
I hope this helps.
Hi Tino. Thanks for the reply. It works just fine. Is there a way to add more types of overrides? They are all flagged as False Pos. I am trying to filter the known vulnerabilities from the new so I would like to filter them to more groups. Does something come to your mind?
And if it is not included in GSE it would be nice to have in future.
Thanks for reply.
Well, “False Positive” is the severity you chose. You can choose other severities. Judging by your description it sounds to me like you want the overrides to keep having the severity False Positive, but add some kind of searchable keyword to the affected results.
I’m sorry, but I don’t know a feature that would solve this.