7. Filtering scan results

Introduction

Scan results contain an wide-ranging amount of information. Even though all of this information is important, there are times when you will require only specific information in order to achieve a particular scope - such as, for example, identifying only which patches are missing in your system.

Screenshot 54 - Scan filter nodes

GFI LANguard N.S.S. 8 provides you with a default set of scan results filters. Using them you can sift out trivial information and display only the relevant information.

In this chapter you will discover how to apply scan result filters and display only the information that you want to analyze

About default scan results filters

The following is a brief description of the scan results filters which are included with GFI LANguard N.S.S. 8.

•	Full report: Use this scan results filter to display all the information that was collected during a network vulnerability scan including system information, outdated anti-virus signatures, and missing security updates.

•	Vulnerabilities [high security]: Use this default scan filter to display only severe vulnerabilities such as missing critical security patches and service packs.

•	Vulnerabilities [medium security]: Use this default scan filter to display only moderate severity vulnerabilities which may need to be addressed by the administrator such as average threats and medium vulnerability patches.

•	Vulnerabilities [All]: Use this default scan filter to display all Critical, High and Medium severity vulnerabilities discovered during a network security scan.

•	High vulnerability level computers: Use this default scan filter to display computers and vulnerability details for which vulnerability level is high.

•	Missing patches and service packs: Use this default scan filter to display only all missing service packs and patch files discovered on the scanned target computer(s).

•	Missing critical patches: Use this default scan filter to display all missing patches marked as critical.

•	Missing service packs: Use this scan filter to display a list of all computers and computer details of computers which have a missing service pack.

•	Important devices – USB: Shows all the USB devices attached to the scanned target computer(s).

•	Important devices – wireless: Shows all the wireless network cards, (both PCI and USB) attached to the scanned target computer(s).

•	Open ports: Shows all open TCP and UDP ports discovered on the scanned target computer(s).

•	Open shares: Shows all open shares and the respective access rights.

•	Auditing policies: Shows the auditing policy settings of the scanned target computer(s).

•	Password policies: Shows the active password policy settings configured on the scanned target computer(s).

•	Groups and users: Shows the users and groups detected on the scanned target computer(s).

•	Computer properties: Shows the properties of each target computer.

•	Installed applications: Shows all the installed applications (including security software) discovered during target computer scanning.

•	Non-updated security software: Shows only the installed security applications (i.e. anti-virus/anti-spyware software) that have missing updates and outdated signature definition files.

NOTE: You can also create new scan filters or customize the above default scan filters.