Many of the tech SMEs here at SNEI prefer the csv over the pdf version of the patch report. However, they have requested to only receive specific sections of the patch report, and that does not appear to be configurable within the Patch report template within QualysVM.
The csv contains the following sections:
- Header – which can be suppressed during the report generation.
- Report Summary
- Patch Summary
- Patch List – Only provides CVSS Base, Temporal is needed as well
- Patches by Host
- Host Vulnerabilities Fixed by Patch – Again, only provides CVSS Base, Temporal is needed as well
- Patch Links
- For reporting, I only need the Patch Summary.
- OS SMEs only want to know what hosts.
- Patch SMEs only want to know which patches.
- For me to help them prioritize, I need CVSS Base (for external) and CVSS Temporal (for internal).
Also, Qualys really needs to change “Practice” to “Potential” in its reporting of vulnerabilities in CSV format overall.