ability to mark false positives

[ebdavison]

The ability to mark a false positive is a feature that would be great to have. I have some that I know I do not need in the results, like the share allows full access due to the credentials used for the scan (domain admin) and this is NOT a critical.

[hammackj]

There is a verified field on the Items table for doing something like this. I am going to use it in the gui for checking off manually checked items during an assessment. That might help for now.

[ebdavison]

I did see that there were notes in the code about blacklist. Is this the same feature. I need to be able to mark some plugins so I can produce a report that has all results and then a follow-up report with the listed items removed as they have a remediation plan.

[ebdavison]

How would I hook the verified field in the queries for results?

[hammackj]

So verified is nil by default, if you set it to false for false positives and true for correct results. you have 3 states u can check for

so if Item.first.verified == true u can add at the to report display or queries

where(:verified => true)

depending how you want to handle it.

[ebdavison]

Tried the latter as follows and I get an error:

@hosts = Host.where('hosts.ip like ?', "10.11.72.%")
@host_ids = @hosts.map { |h| h.id }.flatten
@items = Item.where("host_id IN (?)", @host_ids).where(:verified => true)

Error: /usr/lib/ruby/gems/1.8/gems/prawn-layout-0.8.4/lib/prawn/table.rb:47:in table': data must be a non-empty, non-nil, two dimensional array of Prawn::Cells or strings /usr/lib/ruby/gems/1.8/gems/nessusdb-1.3/bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate' (eval):134:in `generate'