The following report will generate a list from your generic save file of just the alerts gathered from your machines and any backdoor Trojan ports found open. In some places sections have been cut out to keep it from running to long. But except for minor changes this is the same basic script as can be found in the Config\xsl directory. It is a modification of the high_security_alerts.xsl file.
all_security_alerts.xsl
<xsl:template match="/">
<body>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">
Scan target :
<b><xsl:value-of select="hosts/@scan_target"/></b> [ <b><xsl:value-of select="count(hosts/host)"/></b>
computers found ] </font>
<hr/>
(Note: The above code produces the following output.
Scan target : 192.168.192.1-192.168.199.254 [ 67 computers found ])
<font face="Verdana, Arial, Helvetica, sans-serif" size="3"
color="Black">
<b>All security alerts report</b><br/></font>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2"
color="Black">
This report includes : <br/>
<ul>
<li>Just security alerts</li>
</ul>
</font>
<br/>
(Note: The above code produces the following output.
All security alerts report This report includes:
• Just security alerts) <xsl:if test="$show_table=1">
<!--table begin-->
<table border="0">
<tr>
<th align="middle" bgColor="#3366cc"><font color="#ffffff"
size="2">IP Address</font></th>
<th align="middle" bgColor="#3366cc"><font color="#ffffff"
size="2">Hostname</font></th>
<th align="middle" bgColor="#3366cc"><font color="#ffffff"
size="2">Username</font></th>
<th align="middle" bgColor="#3366cc"><font color="#ffffff"
size="2">Operating System</font></th>
</tr>
<!--each host-->
<xsl:for-each select="hosts/host">
<xsl:sort data-type="text" select="os"/>
<xsl:if test="1">
<tr>
<td bgColor="#f0f0f0"><a href="#{ip}"><xsl:value-of select="ip"/></a></td>
<td bgColor="#f0f0f0"><xsl:value-of select="hostname"/></td>
<td bgColor="#f0f0f0"><xsl:value-of select="username"/></td>
<td bgColor="#f0f0f0">
<xsl:if test="$show_images=1">
<img src="{os_image_path}"/>
<xsl:text disable-output-escaping="yes"> &nbsp;</xsl:text>
</xsl:if>
(Note: The above code produces the initial table that has lP Address, Hostname, Username, and Operating System and links to the
appropriate section in the table below.
Using normal web color codes you can change the background and the font color.)
<!--start details-->
<xsl:if test="$show_details=1">
<br/>
<xsl:for-each select="hosts/host">
<xsl:sort data-type="text" select="os"/>
<!--conditional 1=true, 0=false -->
<xsl:if test="1">
<A name="{ip}"/>
<table border="1" cellspacing="0" cellpadding="0"
style="border-collapse:collapse; mso-border-alt:solid windowtext .9pt;mso-padding-alt:0in 1.4pt 0in 1.4pt">
<tr><td width="738" valign="top"
style="width:7.10in;border:none windowtext .9pt;background:#3366cc;padding:0in 5.4pt 0in 4.4pt">
<font color="white">
<b><xsl:value-of select="ip"/>
[ <xsl:value-of select="hostname"/> ]
<font color="yellow">
<xsl:text disable-output-escaping="yes">&nbsp;</xsl:text>
<xsl:value-of select="os"/>
<xsl:for-each select="cgi_abuses/cgi_abuse">
<xsl:if test="level=0 or level=1 or level=2">
(Note: The above line is the first line that has really been modified between this code and the high_security_alerts.xsl file. We have modified it so that if any alert: 0 – high, 1 – medium, or 2 –
informational, is found in the file, it will be saved to the new output.) <table border="0" cellspacing="0" cellpadding="0"
style="border-collapse:collapse; mso-border-alt:solid windowtext .9pt;mso-padding-alt:3in 1.4pt 0in 1.4pt">
</b>
style="width:4.90in;border:none windowtext .9pt;background:#f5f5f5; padding:0in 5.4pt 0in 4.4pt">
<xsl:value-of select="impact"/><br/>
<a href="{bugtraq}"><xsl:value-of select="bugtraq"/></a><br/>
</td>
<xsl:element name="HR"/>
<font face="Verdana, Arial, Helvetica, sans-serif"
size="2"><xsl:value-of select="hosts/@created_on"/></font><br/>
</body>
</xsl:template>
</xsl:stylesheet>
This is a quick modification of an existing XSL file. One main line was modified to get it to check for Alerts 0-2, instead of only one specific alert number. The open ports section was also removed.
There are a number of good books and sites on the Internet to help you better understand and create your own XSL files. And by so doing get GFI LANguard N.S.S. to save output in the format you desire.
As a reminder, once you have created a new xsl file you will also want to modify the custom_reports.xml file in the Config\xsl directory. That way, the next time you restart GFI LANguard N.S.S. you will be able to save directly to your new format through the File > Generate custom report menu option.