GSM: First StepsATTENTION: This page is not maintained anymore and will eventually be removed.
The current state can be found in the Online Version of the GSM user manual at the TechDoc portal.
You have successfully finished the setup of the Greenbone Security Manager and have logged into the web interface for the first time.
Now it is time to take the first steps with this vulnerability management solution. In other words: it's time to run the first security scans of your IT infrastructure.
Base rule: Start with small scans and increase the scope step by step. You will learn about your network from the perspective of a vulnerability scanner.
Screenshots and descriptions refer to Greenbone OS version 2.1.0.
First Scan: A single computer
Note: In order to learn about how scans tasks are created, we will not use the wizard for direct scanning of a target system. Instead, we do step by step what the wizard would do in the background.
Choose a computer on your network which you want to scan first. We need either its IP address (often an internal address for example starting with 192.168.) or its name (for example computer1.intern.company). In both cases you should ensure that the Greenbone Security Manager has access to this computer. When using names, a DNS service should be available.
Choose item "Targets" from menu "Configuration" and there the icon for "New Target" (). You will see this icon in various places. It always will lead to dialog to create a new object in the respective context. Enter now the address of the computer in the field "Manual".
You may add a comment. "Credentials" will be discussed later. Confirm now with "Create Target".
Choose "New Task" under Navigation. To create a task you need at least a name, a target and a scan configuration. The rest is optional. We created a target in the previous step. The GSM offers some pre-configured scan configurations of which "Full and fast" is an optimal "allrounder". This scan configuration is always recommended unless you want to apply intentionally a different scan behaviour.
Confirm with "Create Task". The task gets created and the view changes to the task overview where you can see the newly created task with status "New".
Now click on the Icon (Start Task) and the scan begins.
The status changes to "Requested". This means that the scan service is currently being told to run the scan. This all happens in the background and you can perform arbitrary other operations in the mean time, even run more tasks in parallel.
If you select "Tasks" under Navigation or the Icon (Refresh), then the progress information of all tasks will be updated.
Once the scan has started, the results that have been found so far can already be explored. Once the scan is finished, the status changes to "Done" and no further results will be added to the report.
Congratulations! You have finished your first security scan with the Greenbone Security Manager.
You can click on the corresponding date in column "Last" to jump directly to the newest report of the corresponding task.
In the interactive report you can see 3 sections:
"Report Summary": Summarises the most relevant information for this report. This is also where you can send the report data via a Alert or download the report or parts of it in various formats.
"Result Filtering": Here you can configure the filter that will be applied to the whole report to select the desired information or overviews. The default filter selects only the threat levels "High" and "Medium".
"Filtered Results": Shows the details of the vulnerability analysis corresponding to the configured filter.
You have now finished your first security scan with the Greenbone Security Manager and possibly found a number of vulnerabilities in you target system.
For understanding the report please note:
The number of identified problems can be considerable. If a old version of, for example, PHP is installed, quite a number of tests will raise alerts. Once such a problematic piece of software is updated, the number of reported problems can drop significantly.
Take actions for the results with threat level "High", then repeat the scan and work on the threat level "Medium". The levels "Low" and "Log" primarily help with in-depth analysis and require some in-depth knowledge.
Throughout the web interface you will find the help icon . Use this contextual online help to learn about the user options that have not been mentioned here.