The Greenbone Web Interface (GSA)
The Greenbone Security Assistant (GSA) is the main web interface of the appliance. This guide walks through logging in, working with dashboards and dashboard displays, filtering page content with Powerfilters (including a full keyword and operator reference), using tags, working with the trashcan, reading the feed status, changing user settings, opening the manual, and logging out.
This guide is based on the Greenbone Enterprise Appliance manual (GOS 22.04 / OPENVAS SCAN 22.04), chapter 8, verified June 2026. The GSA web interface is essentially the same in the free Community Edition, so this guide applies to both.
1. Logging into the web interface​
The main interface of the appliance is the web interface, also called the Greenbone Security Assistant (GSA). To log in (§8.1):
- Open the web browser.
- Enter the IP address of the appliance's web interface.
- Log in using the web administrator account created during the setup.
The appliance's IP address is shown on the login prompt of the console, or in the GOS administration menu after selecting About and pressing Enter.
2. Dashboards and dashboard displays​
Many pages of the web interface show dashboard displays at the top of the page, depending on the page content. There are two types of displays: charts and tables (§8.2).
Each page has a default set of displays. The default setting can be restored using the control on the right side above the displays.
2.1 Adding and deleting displays​
To add a new display (§8.2.1):
- Click the add control on the right side above the displays.
- Select the desired display from the drop-down list.
- Click Add.
To delete a display, click the control in the upper right corner of the display.
The input box above the selectable options can be used to filter the available display options.
2.2 Editing a display​
Depending on the display, several options become available when you move the mouse to the right edge of a display (§8.2.2):
- Apply a filter to the display. The filter has to be configured for the object type shown in the display.
- Download the chart as an SVG file (charts only).
- Download the table as a CSV file (tables only).
- Hide or show a legend (charts only).
- Switch between 2D and 3D presentation (charts only).
2.3 Organizing displays in dashboards​
Dashboard displays can be grouped into dashboards — either individual compilations of displays or predefined dashboards. There can be up to 10 dashboards (§8.2.3).
By default, only the overview dashboard exists, giving a short overview of tasks, CVEs, and VTs. Dashboards are shown by selecting Dashboards in the menu bar.
Adding a new dashboard​
- Click the add control in the register bar above the dashboard.
- Enter the name in the input box Dashboard Title.
- Select the displays shown by default in the drop-down list Initial Displays.
- Click Add.
The available initial display sets are:
| Initial Displays | Contents |
|---|---|
| Default | Same displays as the overview dashboard |
| Scan Displays | Displays concerning tasks, results, and reports |
| Asset Displays | Displays concerning hosts and operating systems |
| SecInfo Displays | Displays concerning VTs, CVEs, and CERT-Bund Advisories |
| Empty | No displays |
Additionally, an already existing dashboard can be chosen as the basis. Displays can be edited later as described in sections 2.1 and 2.2 above.
Editing a dashboard​
Displays can be added to or deleted from a dashboard (§2.1), and the displays themselves can be edited (§2.2). To rename a dashboard (§8.2.3.2):
- Click the control in the register of the dashboard in the register bar.
- Change the name in the input box Dashboard Title.
- Click Save.
Deleting a dashboard​
A dashboard is deleted by clicking the delete control in its register in the register bar (§8.2.3.3).
3. Filtering the page content​
Almost every page in the web interface offers the possibility to filter the displayed content. Multiple filter parameters are combined to form the Powerfilter (§8.3).
The filter is context aware: the available filter parameters depend on the currently opened page.
3.1 Adjusting the filter parameters​
Filter parameters can be typed directly into the input box in the filter bar using the filter syntax (see section 3.2), or modified through the dialog (§8.3.1):
- Click the control in the filter bar.
- Select and modify the filter parameters. Keywords to search for can be entered in the input box Filter.
- Activate the checkbox Store filter as if the filter should be stored for reuse.
- Enter a name for the filter in the input box Store filter as.
- Click Update to apply the filter parameters.
The Powerfilter is not case-sensitive. All uppercase letters are transformed to lowercase before the filter is applied.
Next to the input box in the filter bar, the following actions are available:
- Remove the currently applied filter.
- Update the filter with the current input.
- Reset the filter parameters to the default settings.
- Apply a saved Powerfilter by selecting it in the drop-down list.
If a specific filter should always be active on a page, it can be set as the default filter in the user settings (see section 7).
Powerfilters can also be created on the Filters page (§8.3.1):
- Select Configuration > Filters in the menu bar.
- Create a new filter by clicking the add control.
- Define the name of the filter.
- Define the filter criteria in the input box Term.
- Select the object type for which the filter applies in the drop-down list Type.
- Click Save.
3.2 Filter keywords​
When applied, the filter parameters are shown in the lower left corner of the page. The filter uses a specific syntax that must be considered when entering filter keywords directly in the filter bar (§8.3.2).
Global keywords​
The following keywords can always be specified. They apply to the whole filter request and should only be mentioned once (§8.3.2.1).
| Keyword | Purpose |
|---|---|
rows | Number of rows displayed per page. Default is rows=10. rows=-1 displays all results. rows=-2 uses the value pre-set in My Settings under Rows Per Page. |
first | Determines the first object displayed. With 50 results, rows=10 first=11 displays results 11 to 20. |
sort | Column used for sorting, ascending. Example: sort=name. After applying, upper-case column names become lower-case and spaces become underscores. |
sort-reverse | Column used for sorting, descending. |
tag | Selects results with a specific tag. Filter by tag value (tag="server=mail") or by tag name only (tag="server"). Regular expressions are allowed. |
tag_id | Selects results by the UUID of the tag. Stays valid even if the tag is renamed. The UUID is found on the tag's details page. |
A duplicated global keyword is not allowed. In a request like name~test and rows=20 or name~def and rows=30, only rows=30 would be applied.
Sorting can also be done by clicking the title of a column. Typical sortable column names are: name, severity, host, location, qod (quality of detection), comment, modified, and created. sort and sort-reverse are not applicable on report details pages.
Using rows=-1 may cause performance issues when large amounts of data are processed. If long page loading times occur, use a different value for the rows.
Operators​
When specifying components, the following operators are used (§8.3.2.2):
| Operator | Meaning | Example |
|---|---|---|
= | equals | rows=10 |
~ | contains | name~admin |
< | less than | created<-1w (older than a week) |
> | greater than | created>-1w (younger than a week) |
regexp | regular expression | regexp 192.168.[0-9]+.[0-9] |
The operators <=, >=, and ( ) are not supported.
There are a few special features:
- If no value follows
=, all results without this filter parameter are displayed. The following shows all results without a comment:
comment=
- If a keyword should be found but no column is specified, all columns are scanned. The following searches whether at least one column contains the value:
=192.168.15.5
- Data is usually or-combined. Use the keyword
orto make this explicit, orandto require an and-combination:
modified>2019-01-01 and name=services
andis resolved beforeor, i.e.x and y or a and bbecomes(x and y) or (a and b). An expression likex and (a or b)must be written as:
x and a or x and b
- Using
notnegates the filter. The following shows all results that do not contain192.168.81.129:
not ~192.168.81.129
Text phrases​
Text phrases can be searched for directly (§8.3.2.3):
| Phrase | Behavior |
|---|---|
overflow | Finds all results containing the word, e.g. Overflow and Bufferoverflow. Likewise 192.168.0.1 finds 192.168.0.1 and 192.168.0.100. |
remote exploit | Finds all results containing remote or exploit (results with both are included). |
remote and exploit | Finds all results containing both remote and exploit. They need not be in the same column. |
"remote exploit" | The exact string is searched for, not the individual words. |
regexp 192.168.[0-9]+.[0-9] | The regular expression is searched for. |
Time specifications​
Time specifications can be absolute or relative (§8.3.2.4).
Absolute time has the format 2023-04-21T13h50. If the time is left out, 12:00 am is assumed. Example: created>2023-04-21.
Relative time is always calculated relative to the current time. A leading minus (-) means the past; no leading character means the future. The following period letters can be used:
| Letter | Period |
|---|---|
s | second |
m | minute |
h | hour |
d | day |
w | week |
m | month (30 days) |
y | year (365 days) |
For example, created>-5d shows results created within the past 5 days. A combination such as 5d1h is not permitted and must be replaced with 121h. To limit a time period, combine two bounds:
modified>2023-03-01 and modified<2023-03-31
3.3 Powerfilter examples​
The following examples are taken directly from §8.3.3:
| Powerfilter | Result |
|---|---|
127.0.0.1 | Any object with 127.0.0.1 anywhere in any column. |
127.0.0.1 iana | Any object with 127.0.0.1 or iana anywhere in any column. |
127.0.0.1 and iana | Any object with 127.0.0.1 and iana anywhere in any column. |
regexp 192.168.[0-9]+.[0-9] | Any object with an IP-style string starting with 192.168 in any column. |
name=localhost | Any object with the exact name localhost. |
name~local | Any object with local anywhere in the name. |
name:^local | Any object with a name starting with local. |
port_list~tcp | Any object with tcp anywhere in the port list name. |
modified>2023-04-03 and modified<2023-04-05 | Any object modified between 2023-04-03 0:00 and 2023-04-05 0:00. |
created>2023-04-03T13h00 | Any object created after 13:00 on 2023-04-03. |
rows=20 first=1 sort=name | The first twenty objects sorted by the column Name. |
created>-7d | Any object created within the past 7 days. |
=127.0.0.1 | Any object with 127.0.0.1 as the exact name in any column. |
tag="geo:long=52.2788 | Any object with a tag named geo:long and the value 52.2788. |
tag~geo | Any object with a tag whose name contains geo. |
3.4 Managing Powerfilters​
All existing Powerfilters are listed under Configuration > Filters in the menu bar (§8.3.4). The list shows:
- Name — name of the filter.
- Term — filter terms forming the Powerfilter.
- Type — object type the Powerfilter applies to.
For each Powerfilter the following actions are available: move to the trashcan, edit, clone, and export as an XML file. Using the controls below the list, more than one filter can be moved to the trashcan or exported at once; the drop-down list selects which filters are affected.
Click a filter's name to open its details page, which offers the registers Information (general information), User Tags (assigned tag), and Permissions (assigned permissions). The details page also offers actions to open the related manual chapter, show the list page, create a new Powerfilter, clone, edit, move to the trashcan, and export as XML.
4. Using tags​
Tags are information linked to objects. They are created directly with the objects and can only be linked to the object type they are created for. Tags can be used to filter objects (§8.4).
For example, filtering for tag=target requires the specific tag to be set, otherwise the result is not found. With tag="target=mailserver" the exact tag with the respective value must be set.
4.1 Linking a tag to a single object​
- Open the object's details page by clicking the object's name and the details control.
- Click the register User Tags.
- Click the add control in the User Tags section.
- Define the tag.
- Click Save.
4.2 Linking a tag to multiple objects​
Tags can be added to multiple objects of the same type (e.g. tasks, targets, scanners) (§8.4.2):
- Open the list page of an object type.
- Filter the list so only the relevant objects are shown.
- In the drop-down list below the list, select to which objects the tag should be added.
Apply to page contents links the tag to all objects visible on the current page. Apply to all filtered links the tag to all objects affected by the filter, even if they are not visible on the current page.
Alternatively, to tag a manual selection:
- In the drop-down list below the list of objects, select Apply to selection.
- Activate the checkboxes of the objects in the Actions column.
- Click the control below the list of objects.
- Select the tag in the drop-down list Choose Tag (a new tag can also be created here). Only tags created for the chosen object type can be selected.
- Click Add Tag.
4.3 Creating a tag​
Tags can also be created on the Tags page and assigned afterwards (§8.4.3):
- Select Configuration > Tags in the menu bar.
- Create a new tag by clicking the add control.
- Define the tag and select the object type in the drop-down list Resource Type.
- Click Save.
4.4 Managing tags​
All existing tags are listed under Configuration > Tags (§8.4.4). For each tag the available actions are: disable (if enabled), enable (if disabled), move to the trashcan, edit, clone, and export as XML. The controls below the list allow more than one tag to be moved to the trashcan or exported at once.
Click a tag's name to open its details page, with the registers Information (general information), Assigned Items (objects the tag is assigned to — only shown if the tag is enabled), and Permissions. The details page also offers actions to open the related manual chapter, show the list page, create a new tag, clone, edit, move to the trashcan, export, and enable or disable the tag.
5. Using the trashcan​
The Trashcan page is opened by selecting Administration > Trashcan in the menu bar. It lists all objects currently in the trashcan, grouped by object type (§8.5).
Objects in the trashcan do not count as deleted yet. They are only finally deleted when manually removed from the trashcan, or when the whole trashcan is emptied.
The summary table Content shows all possible types of deleted objects with their object counts. Clicking an object name jumps to the corresponding section. The trashcan can be emptied by clicking Empty Trash.
Within the section of a given object type, single objects can be managed:
- Restore moves the object out of the trashcan and back to its regular page. The object cannot be restored if it depends on another object still in the trashcan.
- Delete removes the object entirely from the system. The object cannot be deleted if another object in the trashcan depends on it.
6. Displaying the feed status​
The synchronization status of all SecInfo is shown by selecting Administration > Feed Status in the menu bar (§8.6). The page displays:
| Field | Meaning |
|---|---|
| Type | Feed type (NVT, SCAP, CERT, or GVMD_DATA). |
| Content | Type of information provided by the feed. |
| Origin | Name of the feed service used to synchronize the SecInfo. |
| Version | Version number of the feed data. |
| Status | Status information, e.g. time since the last update. |
If a feed update is in progress, Update in progress... is displayed for all feeds, even if only one feed is currently being updated.
7. Changing the user settings​
Every user can manage their own web interface settings. They are accessed by moving the mouse over the user control in the upper right corner and clicking My Settings. Settings are modified with the edit control (§8.7).
Important settings include:
| Setting | Purpose |
|---|---|
| Timezone | The appliance stores all information internally in UTC±00:00. Select a time zone to display data in the user's local time. |
| Change Password | The user password can be changed here. |
| User Interface Language | Defines the language. The browser setting is used by default. |
| Rows Per Page | Default number of objects shown per list page. A high number increases loading times. Custom user filters may override this. |
| Details Export File Name | Default file name for exported object details (supports placeholders, see below). |
| List Export File Name | Default file name for exported object lists. |
| Report Export File Name | Default file name for exported reports. |
| Auto Cache Rebuild | Enables or disables the automatic cache rebuild. Disable temporarily when performing many actions in a row to avoid a slowed-down process. |
| Dynamic Severity | Whether the severity of an existing result changes when the underlying VT severity changes. Otherwise the new severity only affects future scans. |
| Default Severity | The default severity used when no severity is assigned to a VT. |
| Defaults Settings | Default selections or entries for various settings. |
| Filter Settings | Specific default filters per page, activated automatically when the page loads. |
The export file name placeholders are:
| Placeholder | Meaning |
|---|---|
%C | Creation date in YYYYMMDD (current date if none available). |
%c | Creation time in HHMMSS (current time if none available). |
%D | Current date in YYYYMMDD. |
%F | Name of the used report format (XML for lists and non-report types). |
%M | Modification date in YYYYMMDD (falls back to creation or current date). |
%m | Modification time in HHMMSS (falls back to creation or current time). |
%N | Name of the object or the associated task for reports. Lists and unnamed types use the type. |
%T | Object type, e.g. task, port_list. Pluralized for list pages. |
%t | Current time in HHMMSS. |
%U | Unique ID of the object, or list for lists of multiple objects. |
%u | Name of the currently logged-in user. |
%% | The percent sign. |
8. Opening the manual​
The manual can be opened by selecting Help > User Manual in the menu bar. It can also be opened from any page by clicking the help control in the upper left corner — the chapter related to the current page content is opened (§8.8).
9. Logging out of the web interface​
Log out by moving the mouse over the user control in the upper right corner and clicking Log Out (§8.9).
If no action is performed for a defined period, the user is logged out automatically. The default timeout is 15 minutes. The remaining time until automatic logout can be displayed by hovering over the user control, and the timeout can be reset from there.