im using GSA v6. The task for checking my system brings only 25 result entries in the report. Is this a correct number of vulnerabilities to check?
Unfortunately this is a question no one can answer you without having knowledge of / deep insights into your scanned environment. The amount of results for a scan highly depends on various factors like:
- exposed and identified services, applications
- existing vulnerabilities within this services/applications
- coverage of 1. and 2. within the used feed
- the chosen port list (e.g. All TCP vs. nmap top 1000) assigned to your task / target
VA results not seemingly aligned with ports opened
Yes, you can’t know my configuration. The thing i’d like to know is, if 25 is a realistic number of checks. I suspected a much higher number.
How can I determine a feed compatibility issue?
please upgrade to OpenVAS / GVM-9 as previously advised and you don’t need to worry about this.
Such an upgrade is strongly advised as e.g. OpenVAS 8 won’t receive (due its end-of-life) a bugfix for issues like discussed in: