Q: Looking for a simple vulnerability report that would associate the CVE ID with the vulnerable host (IP, DNS, Netbios). Need to be able to put this report into CSV.
A. To search existing scan results for the existence of vulnerabilities associated with a specific CVE:
- Create a dynamic search list entering the CVE you wish to research
- Run a report leveraging the search list you created
For an example, please reference Creating a Spectre/Meltdown Search Lists, Scan Option Profile, Remediation Tracking and Patch Reports
You can also leverage the Risk Analysis segment of the Reporting module, as follows:
- Log into the Qualys UI, and navigate to Reports > Risk Analysis
- Enter in the Asset Group(s) and/or IP Address(es) you wish to examine
- Then click "Select" to the right of the text box for QID. In doing so, this will open a new window. Be patient while it loads.
- Once it loads, click Search (which opens another window), and enter the CVE ID(s) you want to investigate, and click the "Search" button. In my example, I am searching CVE-2017-17935...
- Again, so patience is needed while the vulnerability database is searched
- Qualys will return a list of results for all QID(s) associated with the CVE information you requested. For CVE-2017-17935, there are two (2) QIDs in the vulnDB. You may only select one, via radio button, and then click "OK", which will return you to the screen we started from.
- The Asset Group(s) have been selected, the QID has now been populated, so click 'Run'. An HTML report window will open and once again, we'll be patient while Qualys loads the results
- My search returned no results, but if it had, I now have several options.
- I could download the report by going to File > Download and choosing my desired format for output. I have attached a PDF example to this post.
- I could also take immediate action and launch a vulnerability scan on any assets returned, by selecting to do so from the Action drop down.
Q: Is there a way to create a report which shows the CVE as the main ID, and then lists affected systems?
Try this: Within AssetView, you can query vulnerabilities.vulnerability.cveIds:
This document was generated from the following discussion: CVE Report