When I tried running patch reports, the patchable vulnerablities are being listed. However, the vulnerablities which are related to configuration issues (i.e. the unpatchables) are not included.
Some of those unpatchable vulnerablities are critical ones which must be addressed.
Please can someone help as to how to include those in the patch report or should we be running a different type of report which include both patchable as well as unpatchable vulnerablities. (The raw scanning report has been considered here)
The Patch Report only shows vulns that have a patch available. As you indicated, not all vulns require a patch (Sasser worm is an example). So, you can create a report template that is sorted by vulnerability and only includes the solution and hand that off. Additionally you could make a dynamic search list for whatever you consider critical (Severity 4 and 5 etc...) and include that in the report template filter.
Jason, I notice that there is a "Patchable Severity 4+5 Vulnerabilities" search list in the library. Would it be feasible to provide a list for all patchable vulnerabilities?
Combining such a list with all severities 4 & 5 might solve Runli's question with one report.
That still doesn't address the vulns that have a solution, but not a patch. Maybe we need a library for solvable vulns and a way to indicate patchable versus configuration changes.
That's also true, but I understood that Runli is looking for a report that contains both patchable and severe unpatchable vulns.
I guess your approach makes more sense for general usage of search lists anyway :-)
Thanks for your replies to my question. We are particularly keen on using the patch report because its format is more usable for sending out to the sysadmin team.
It would be extremly helpful to have the option to to include the vulnerabilitiies which are due to configuration issues.