Feature: Scan Notes
Part of the ambitious vulnerability management functionality of the GSA is the comprehensive notes support.
Notes can be created for any single result of a scan report and can optionally be included in (PDF) reports.
Furthermore, notes can be generalized. For example, for all target hosts with the same problem: Once a note for one scan result is generalized, the note will be added to similar results on all existing and future reports.
Create note and attach to PDF report
For each single result a note can be created via the icon.
The fundamental and immutable association of a note with a scan is a reference to a Network Vulnerability Test (NVT). When creating a note, a direct association with the target host, port, severity and task of the current result is the default.
After "Create Note" the note will be attached to the scan result.
Within the report browser any note can be deleted directly (), edited () or reviewed in detail ().
Because some results can be very long there is an indicator icon at the top of the result () that can be clicked to directly jump to the note at the bottom.
The results filter allows to switch on/off the displaying of the notes via the checkbox "Show notes".
This switch also determines whether the notes will be added to the downloadable PDF report.
Any note can be generalized. In this example a quite extensive generalization is configured, matching any target host, port and task.
From this moment on the note is always shown in the results view if this NVT reported severity "High".
This applies for all previously created scan reports and for all future scan reports until the note is deleted.
The overview for our sample task shows that 2 notes were found that apply here.
The administration of all created notes is part of the Scan Management.
Associations and contents can be reviewed via the details dialog.
It is possible to directly jump to the respective NVTs. The NVT details dialog lists all notes associated with this NVT and allows one to manage these notes directly.
Notes that currently don't match a single scan results of the user's database are marked as orphans.
The task of this example was deleted. The note that was directly associated with this task is an orphan, while the generalized one still applies.