The new section “Results” under menu “Scan Management” offers an object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report
NVTs are now associated with a solution type like for example “VendorFix”. This allows to group or identify NVTs or results where for example a simple solution exists or no solution is currently available.
The Feed content is updated over time to add a solution type for all of the NVTs. At the time of writing, 3.6% of the NVTs own a Solution Type.
The QoD is a value between 0% and 100% describing the reliability of the executed vulnerability detection or product detection.
One of the main reasons to introduce this concept was to handle the challenge of potential vulnerabilities properly. The goal was to keep such in the results database but only visible on demand.
New SecInfo object type “CERT-Bund” introduced: These are advisories published by the German federal CERT.
This new protocol allows to control the vulnerability scanner. The main elements are to set parameters, start a scan and retrieve results. OSP is designed in the same way as OMP, therefore it is a non-permanent request-response connection based on XML.
It is possible to configure and control OSP-compliant Scanner via the user interface.