Skip to main content

The Greenbone Web Interface (GSA)

What this covers

The Greenbone Security Assistant (GSA) is the main web interface of the appliance. This guide walks through logging in, working with dashboards and dashboard displays, filtering page content with Powerfilters (including a full keyword and operator reference), using tags, working with the trashcan, reading the feed status, changing user settings, opening the manual, and logging out.

Source scope

This guide is based on the Greenbone Enterprise Appliance manual (GOS 22.04 / OPENVAS SCAN 22.04), chapter 8, verified June 2026. The GSA web interface is essentially the same in the free Community Edition, so this guide applies to both.

1. Logging into the web interface​

The main interface of the appliance is the web interface, also called the Greenbone Security Assistant (GSA). To log in (§8.1):

  1. Open the web browser.
  2. Enter the IP address of the appliance's web interface.
  3. Log in using the web administrator account created during the setup.
tip

The appliance's IP address is shown on the login prompt of the console, or in the GOS administration menu after selecting About and pressing Enter.


2. Dashboards and dashboard displays​

Many pages of the web interface show dashboard displays at the top of the page, depending on the page content. There are two types of displays: charts and tables (§8.2).

Each page has a default set of displays. The default setting can be restored using the control on the right side above the displays.

2.1 Adding and deleting displays​

To add a new display (§8.2.1):

  1. Click the add control on the right side above the displays.
  2. Select the desired display from the drop-down list.
  3. Click Add.

To delete a display, click the control in the upper right corner of the display.

tip

The input box above the selectable options can be used to filter the available display options.

2.2 Editing a display​

Depending on the display, several options become available when you move the mouse to the right edge of a display (§8.2.2):

  • Apply a filter to the display. The filter has to be configured for the object type shown in the display.
  • Download the chart as an SVG file (charts only).
  • Download the table as a CSV file (tables only).
  • Hide or show a legend (charts only).
  • Switch between 2D and 3D presentation (charts only).

2.3 Organizing displays in dashboards​

Dashboard displays can be grouped into dashboards — either individual compilations of displays or predefined dashboards. There can be up to 10 dashboards (§8.2.3).

By default, only the overview dashboard exists, giving a short overview of tasks, CVEs, and VTs. Dashboards are shown by selecting Dashboards in the menu bar.

Adding a new dashboard​

  1. Click the add control in the register bar above the dashboard.
  2. Enter the name in the input box Dashboard Title.
  3. Select the displays shown by default in the drop-down list Initial Displays.
  4. Click Add.

The available initial display sets are:

Initial DisplaysContents
DefaultSame displays as the overview dashboard
Scan DisplaysDisplays concerning tasks, results, and reports
Asset DisplaysDisplays concerning hosts and operating systems
SecInfo DisplaysDisplays concerning VTs, CVEs, and CERT-Bund Advisories
EmptyNo displays

Additionally, an already existing dashboard can be chosen as the basis. Displays can be edited later as described in sections 2.1 and 2.2 above.

Editing a dashboard​

Displays can be added to or deleted from a dashboard (§2.1), and the displays themselves can be edited (§2.2). To rename a dashboard (§8.2.3.2):

  1. Click the control in the register of the dashboard in the register bar.
  2. Change the name in the input box Dashboard Title.
  3. Click Save.

Deleting a dashboard​

A dashboard is deleted by clicking the delete control in its register in the register bar (§8.2.3.3).


3. Filtering the page content​

Almost every page in the web interface offers the possibility to filter the displayed content. Multiple filter parameters are combined to form the Powerfilter (§8.3).

note

The filter is context aware: the available filter parameters depend on the currently opened page.

3.1 Adjusting the filter parameters​

Filter parameters can be typed directly into the input box in the filter bar using the filter syntax (see section 3.2), or modified through the dialog (§8.3.1):

  1. Click the control in the filter bar.
  2. Select and modify the filter parameters. Keywords to search for can be entered in the input box Filter.
  3. Activate the checkbox Store filter as if the filter should be stored for reuse.
  4. Enter a name for the filter in the input box Store filter as.
  5. Click Update to apply the filter parameters.
note

The Powerfilter is not case-sensitive. All uppercase letters are transformed to lowercase before the filter is applied.

Next to the input box in the filter bar, the following actions are available:

  • Remove the currently applied filter.
  • Update the filter with the current input.
  • Reset the filter parameters to the default settings.
  • Apply a saved Powerfilter by selecting it in the drop-down list.
tip

If a specific filter should always be active on a page, it can be set as the default filter in the user settings (see section 7).

Powerfilters can also be created on the Filters page (§8.3.1):

  1. Select Configuration > Filters in the menu bar.
  2. Create a new filter by clicking the add control.
  3. Define the name of the filter.
  4. Define the filter criteria in the input box Term.
  5. Select the object type for which the filter applies in the drop-down list Type.
  6. Click Save.

3.2 Filter keywords​

When applied, the filter parameters are shown in the lower left corner of the page. The filter uses a specific syntax that must be considered when entering filter keywords directly in the filter bar (§8.3.2).

Global keywords​

The following keywords can always be specified. They apply to the whole filter request and should only be mentioned once (§8.3.2.1).

KeywordPurpose
rowsNumber of rows displayed per page. Default is rows=10. rows=-1 displays all results. rows=-2 uses the value pre-set in My Settings under Rows Per Page.
firstDetermines the first object displayed. With 50 results, rows=10 first=11 displays results 11 to 20.
sortColumn used for sorting, ascending. Example: sort=name. After applying, upper-case column names become lower-case and spaces become underscores.
sort-reverseColumn used for sorting, descending.
tagSelects results with a specific tag. Filter by tag value (tag="server=mail") or by tag name only (tag="server"). Regular expressions are allowed.
tag_idSelects results by the UUID of the tag. Stays valid even if the tag is renamed. The UUID is found on the tag's details page.
note

A duplicated global keyword is not allowed. In a request like name~test and rows=20 or name~def and rows=30, only rows=30 would be applied.

tip

Sorting can also be done by clicking the title of a column. Typical sortable column names are: name, severity, host, location, qod (quality of detection), comment, modified, and created. sort and sort-reverse are not applicable on report details pages.

note

Using rows=-1 may cause performance issues when large amounts of data are processed. If long page loading times occur, use a different value for the rows.

Operators​

When specifying components, the following operators are used (§8.3.2.2):

OperatorMeaningExample
=equalsrows=10
~containsname~admin
<less thancreated<-1w (older than a week)
>greater thancreated>-1w (younger than a week)
regexpregular expressionregexp 192.168.[0-9]+.[0-9]

The operators <=, >=, and ( ) are not supported.

There are a few special features:

  • If no value follows =, all results without this filter parameter are displayed. The following shows all results without a comment:
comment=
  • If a keyword should be found but no column is specified, all columns are scanned. The following searches whether at least one column contains the value:
=192.168.15.5
  • Data is usually or-combined. Use the keyword or to make this explicit, or and to require an and-combination:
modified>2019-01-01 and name=services
  • and is resolved before or, i.e. x and y or a and b becomes (x and y) or (a and b). An expression like x and (a or b) must be written as:
x and a or x and b
  • Using not negates the filter. The following shows all results that do not contain 192.168.81.129:
not ~192.168.81.129

Text phrases​

Text phrases can be searched for directly (§8.3.2.3):

PhraseBehavior
overflowFinds all results containing the word, e.g. Overflow and Bufferoverflow. Likewise 192.168.0.1 finds 192.168.0.1 and 192.168.0.100.
remote exploitFinds all results containing remote or exploit (results with both are included).
remote and exploitFinds all results containing both remote and exploit. They need not be in the same column.
"remote exploit"The exact string is searched for, not the individual words.
regexp 192.168.[0-9]+.[0-9]The regular expression is searched for.

Time specifications​

Time specifications can be absolute or relative (§8.3.2.4).

Absolute time has the format 2023-04-21T13h50. If the time is left out, 12:00 am is assumed. Example: created>2023-04-21.

Relative time is always calculated relative to the current time. A leading minus (-) means the past; no leading character means the future. The following period letters can be used:

LetterPeriod
ssecond
mminute
hhour
dday
wweek
mmonth (30 days)
yyear (365 days)

For example, created>-5d shows results created within the past 5 days. A combination such as 5d1h is not permitted and must be replaced with 121h. To limit a time period, combine two bounds:

modified>2023-03-01 and modified<2023-03-31

3.3 Powerfilter examples​

The following examples are taken directly from §8.3.3:

PowerfilterResult
127.0.0.1Any object with 127.0.0.1 anywhere in any column.
127.0.0.1 ianaAny object with 127.0.0.1 or iana anywhere in any column.
127.0.0.1 and ianaAny object with 127.0.0.1 and iana anywhere in any column.
regexp 192.168.[0-9]+.[0-9]Any object with an IP-style string starting with 192.168 in any column.
name=localhostAny object with the exact name localhost.
name~localAny object with local anywhere in the name.
name:^localAny object with a name starting with local.
port_list~tcpAny object with tcp anywhere in the port list name.
modified>2023-04-03 and modified<2023-04-05Any object modified between 2023-04-03 0:00 and 2023-04-05 0:00.
created>2023-04-03T13h00Any object created after 13:00 on 2023-04-03.
rows=20 first=1 sort=nameThe first twenty objects sorted by the column Name.
created>-7dAny object created within the past 7 days.
=127.0.0.1Any object with 127.0.0.1 as the exact name in any column.
tag="geo:long=52.2788Any object with a tag named geo:long and the value 52.2788.
tag~geoAny object with a tag whose name contains geo.

3.4 Managing Powerfilters​

All existing Powerfilters are listed under Configuration > Filters in the menu bar (§8.3.4). The list shows:

  • Name — name of the filter.
  • Term — filter terms forming the Powerfilter.
  • Type — object type the Powerfilter applies to.

For each Powerfilter the following actions are available: move to the trashcan, edit, clone, and export as an XML file. Using the controls below the list, more than one filter can be moved to the trashcan or exported at once; the drop-down list selects which filters are affected.

Click a filter's name to open its details page, which offers the registers Information (general information), User Tags (assigned tag), and Permissions (assigned permissions). The details page also offers actions to open the related manual chapter, show the list page, create a new Powerfilter, clone, edit, move to the trashcan, and export as XML.


4. Using tags​

Tags are information linked to objects. They are created directly with the objects and can only be linked to the object type they are created for. Tags can be used to filter objects (§8.4).

For example, filtering for tag=target requires the specific tag to be set, otherwise the result is not found. With tag="target=mailserver" the exact tag with the respective value must be set.

4.1 Linking a tag to a single object​

  1. Open the object's details page by clicking the object's name and the details control.
  2. Click the register User Tags.
  3. Click the add control in the User Tags section.
  4. Define the tag.
  5. Click Save.

4.2 Linking a tag to multiple objects​

Tags can be added to multiple objects of the same type (e.g. tasks, targets, scanners) (§8.4.2):

  1. Open the list page of an object type.
  2. Filter the list so only the relevant objects are shown.
  3. In the drop-down list below the list, select to which objects the tag should be added.
note

Apply to page contents links the tag to all objects visible on the current page. Apply to all filtered links the tag to all objects affected by the filter, even if they are not visible on the current page.

Alternatively, to tag a manual selection:

  1. In the drop-down list below the list of objects, select Apply to selection.
  2. Activate the checkboxes of the objects in the Actions column.
  3. Click the control below the list of objects.
  4. Select the tag in the drop-down list Choose Tag (a new tag can also be created here). Only tags created for the chosen object type can be selected.
  5. Click Add Tag.

4.3 Creating a tag​

Tags can also be created on the Tags page and assigned afterwards (§8.4.3):

  1. Select Configuration > Tags in the menu bar.
  2. Create a new tag by clicking the add control.
  3. Define the tag and select the object type in the drop-down list Resource Type.
  4. Click Save.

4.4 Managing tags​

All existing tags are listed under Configuration > Tags (§8.4.4). For each tag the available actions are: disable (if enabled), enable (if disabled), move to the trashcan, edit, clone, and export as XML. The controls below the list allow more than one tag to be moved to the trashcan or exported at once.

Click a tag's name to open its details page, with the registers Information (general information), Assigned Items (objects the tag is assigned to — only shown if the tag is enabled), and Permissions. The details page also offers actions to open the related manual chapter, show the list page, create a new tag, clone, edit, move to the trashcan, export, and enable or disable the tag.


5. Using the trashcan​

The Trashcan page is opened by selecting Administration > Trashcan in the menu bar. It lists all objects currently in the trashcan, grouped by object type (§8.5).

note

Objects in the trashcan do not count as deleted yet. They are only finally deleted when manually removed from the trashcan, or when the whole trashcan is emptied.

The summary table Content shows all possible types of deleted objects with their object counts. Clicking an object name jumps to the corresponding section. The trashcan can be emptied by clicking Empty Trash.

Within the section of a given object type, single objects can be managed:

  • Restore moves the object out of the trashcan and back to its regular page. The object cannot be restored if it depends on another object still in the trashcan.
  • Delete removes the object entirely from the system. The object cannot be deleted if another object in the trashcan depends on it.

6. Displaying the feed status​

The synchronization status of all SecInfo is shown by selecting Administration > Feed Status in the menu bar (§8.6). The page displays:

FieldMeaning
TypeFeed type (NVT, SCAP, CERT, or GVMD_DATA).
ContentType of information provided by the feed.
OriginName of the feed service used to synchronize the SecInfo.
VersionVersion number of the feed data.
StatusStatus information, e.g. time since the last update.
note

If a feed update is in progress, Update in progress... is displayed for all feeds, even if only one feed is currently being updated.


7. Changing the user settings​

Every user can manage their own web interface settings. They are accessed by moving the mouse over the user control in the upper right corner and clicking My Settings. Settings are modified with the edit control (§8.7).

Important settings include:

SettingPurpose
TimezoneThe appliance stores all information internally in UTC±00:00. Select a time zone to display data in the user's local time.
Change PasswordThe user password can be changed here.
User Interface LanguageDefines the language. The browser setting is used by default.
Rows Per PageDefault number of objects shown per list page. A high number increases loading times. Custom user filters may override this.
Details Export File NameDefault file name for exported object details (supports placeholders, see below).
List Export File NameDefault file name for exported object lists.
Report Export File NameDefault file name for exported reports.
Auto Cache RebuildEnables or disables the automatic cache rebuild. Disable temporarily when performing many actions in a row to avoid a slowed-down process.
Dynamic SeverityWhether the severity of an existing result changes when the underlying VT severity changes. Otherwise the new severity only affects future scans.
Default SeverityThe default severity used when no severity is assigned to a VT.
Defaults SettingsDefault selections or entries for various settings.
Filter SettingsSpecific default filters per page, activated automatically when the page loads.

The export file name placeholders are:

PlaceholderMeaning
%CCreation date in YYYYMMDD (current date if none available).
%cCreation time in HHMMSS (current time if none available).
%DCurrent date in YYYYMMDD.
%FName of the used report format (XML for lists and non-report types).
%MModification date in YYYYMMDD (falls back to creation or current date).
%mModification time in HHMMSS (falls back to creation or current time).
%NName of the object or the associated task for reports. Lists and unnamed types use the type.
%TObject type, e.g. task, port_list. Pluralized for list pages.
%tCurrent time in HHMMSS.
%UUnique ID of the object, or list for lists of multiple objects.
%uName of the currently logged-in user.
%%The percent sign.

8. Opening the manual​

The manual can be opened by selecting Help > User Manual in the menu bar. It can also be opened from any page by clicking the help control in the upper left corner — the chapter related to the current page content is opened (§8.8).


9. Logging out of the web interface​

Log out by moving the mouse over the user control in the upper right corner and clicking Log Out (§8.9).

If no action is performed for a defined period, the user is logged out automatically. The default timeout is 15 minutes. The remaining time until automatic logout can be displayed by hovering over the user control, and the timeout can be reset from there.