Knowledge Base
The configuration section for the Knowledge Base (KB) allows you to control
the management of the server-side scan results. Information retrieved by
plugins is collected in a KB during a scan. This is done on a per-host basis,
meaning there is one KB for every host scanned. The default is to discard the
KB once all plugins have finished, but under certain circumstances it can be
quite useful to tell the server to keep the KBs generated during the scan and
use them again at a later time.
The following options are available to control KB handling:
- Enable KB saving
- If you want the server to save the KB after the scan
is done, you have to enable this option.
- Test all hosts
- If this option is set, the server will not use the KB to
determine which hosts should be scanned, but will rather scan all hosts
supplied.
- Only test hosts that have been tested in the past
- If KB saving is
enabled, there is one KB saved on the server for every host the server has
scanned in the past. This can be used to restrict the server to scan only hosts
that have been scanned before. This might be useful if you want to keep an eye
on a certain set of machines and their configuration. Be aware that this
setting might cause you to miss new hosts on the network since the server
will not scan them.
- Only test hosts that have never been tested in the past
- Another way of
using the existence of KBs is to exclude all hosts that have already been
scanned. This way a scan will automatically discover hosts that have been added
to the network since the last scan. Be aware that this setting cause hosts to
be scanned only once (the first time they appear on the network), meaning you
will not discover security issues that have recently developed or are only
detected by new NVTs.
- Reuse the knowledge bases about the hosts for the tests
- This setting
controls if the server should restore the KB that was saved for this host during
the last scan. The default behavior is to create a new KB every time a host is
scanned and to replace an existing KB with the new results.
- Do not execute scanners that have already been executed
- If the server
has been instructed to reuse the existing KB, this will prevent scanning
plugins from running if their results have already been recorded in the KB.
- Do not execute info gathering plugins that have already been executed
- If
the server has been instructed to reuse the existing KB, this will prevent
information gathering plugins from running if their results have already been
recorded in the KB.
- Do not execute attack plugins that have already been executed
- If the
server has been instructed to reuse the existing KB, this will prevent attack
plugins from running if their results have already been recorded in the KB.
- Do not execute DoS plugins that have already been executed
- If the server
has been instructed to reuse the existing KB, this will prevent
denial-of-service (DoS) plugins from running if their results have already been
recorded in the KB.
- Max age of a saved KB
- This setting controls the maximum age of the
KB (in seconds). A KB older than this value is automatically discarded.
