This article presents an overview of the Scan Results Database and provides an attached PDF document with a database detailed structure, description, values, and the meaning of each value.
The Scan Results is the most widely used Database with a complex structure. Apart from Scan Results, this database also contains Computers, Computer Groups, Computer Overview, Computer and Computer Group Settings, Attributes, and other things that are configurable per computer such as ScanProfile Overrides, Agent, Relay, Data Sync, etc.
The data may be stored in an MS SQL Server database or an MS SQL Express database. The database to use can be set or changed during the installation wizard, or in the GFI LanGuard console, from Configuration -> Database Maintenance Options. Refer to Maintaining the SQL Database Used by LanGuard for more information.
Why using an extra data layer?
The same database structure is used for the Agent, Main Console, or Central Management Server. The data layer is used for multiple reasons:
- The communication between operational modules (modules that gather data: opened ports, list of users, etc.) and the user interface is made through the database. This is necessary considering the large amount of data that the operational modules may gather during scans performed on a large number of machines.
- The saved scan data can be used to create reports at a later time.
- It is convenient to store Configurations and handle overviews (which are per computer or computer group).
Below is a brief description of the general structure of the Scan Results. The root of the tables hierarchy is the Scans table, which contains a record for every scan performed. A scan can consist of none or many machines. Each record from the Scan table is associated with a machine from a scan.
Most of the scan results categories are kept in a single table (for instance information about users is kept in a single table: Users). Still, there are a few categories of scan data that are split into two tables:
- The Compares and Compare tables are used to temporarily store information from
the comparison of two scans. Tables are linked with primary key/foreign key ComparesId.
- A list of shares is kept in the Shares table and for every share, there is a list of permissions
in the Permissions table. Tables are linked with primary key/foreign key SharesID.
- A list of groups is kept in Groups table and for every group, there is a list of members
in the GroupsMembers table. Tables are linked with primary key/foreign key GroupID.
- Detected vulnerabilities are kept in Alerts table and for some alerts, there is a list of
details in the AlertDetails table. Tables are linked with primary key/foreign key AlertID.
More information about the database structure and detailed explanation of database tables are available in the attached document. This information provides insight into the queries found in the logs, reporting functionality, and allows the confirmation of scan information via the database.
This will aid advanced users in writing their own queries to gather information from the database directly rather than the Default Reports bundled within LanGuard and the Central Management Server.