When I view the report with the default min_qod=70 filter I get 286 of 1165, then download filtered report as csv.
Then, I change the min_qod=0 and I get 1165 of 1165 results and download filtered report as csv.
I expected to see ALL of the min_qod=70 results in the min_qod=0 set, but there is a significant delta. A colleague analyzed the differences below.
OpenVAS_0 has 1000 NVT OIDs total, 391 of which are unique
OpenVAS_70 has 286 NVT OIDs total, 243 of which are unique
The two sets have 99 NVT OIDs in common
OpenVAS_0 has 2047 CVEs total, 545 of which are unique
OpenVAS_70 has 426 CVEs total, 361 of which are unique
The two sets have 99 CVEs in common
Is there a reason that the min_qod=0 results do not contain all the min_qod=70 results?
Category description of the “Vulnerability Tests” category where this post was made:
Vulnerability tests (VTs) are executed by a scanner and detect vulnerabilities of various kind. VTs also detect services, products etc. and gather policy compliance information.
and the template showing up for new posts:
Use this category for all topics (General discussion of results, reporting of false positive / negative results, VT development) around vulnerability tests (the so called “NASL scripts”).
Please chose a different/better fitting category for all topics related to GVM (Installation, Usage, Configuration, Scanning).
Obviously your question doesn’t belong into this category, moving into a better fitting one.
Resolved my issue by allowing me to get reports that match the number of results. Not sure why this is not the default behavior.
OpenVAS_0 has 1165 NVT OIDs total, 542 of which are unique
OpenVAS_70 has 286 NVT OIDs total, 243 of which are unique
The two sets have 243 NVT OIDs in common
OpenVAS_0 has 2458 CVEs total, 835 of which are unique
OpenVAS_70 has 426 CVEs total, 361 of which are unique
The two sets have 361 CVEs in common
It is not the default behavior, because users with many results (and I’m talking about hundreds of thousands or even millions) would just crash their system when all those results are requested at once. It’s just a performance safety net so to say.