AnsweredAssumed Answered

Vulnerability reports are not complete

Question asked by Roopa Amit on Jan 7, 2016
Latest reply on Jan 10, 2016 by Roopa Amit

Hi,

 

There are a couple of issues I am facing since two months when I run a scan and export the report.

 

1. Many cases Port numbers are missing in the CSV report. Why is this so? During our mitigation meetings the client needs to know the ports so they could check.

2. Several times ( Majorly this month), the Operating system column is blank for many assets. ( laptops and servers). Why?

3. Once I receive a update from client that a particular vulnerability is a false positive, How can I prevent it from recurring in the next scheduled report.

4. The last one for now -  when I export a csv format report, first few columns give me details of the scan like who ran it etc., then there is this kind of report shown below.

Why does it show "0" against all servers. post this below this table is the actual report. So normally I have to delete all these rows ( which is equal to no of IPs) and then start from the row which has IPs, DNS, NetBIOS etc. ( normal report). This happens when I pull a report for "Fixed Vunerabilities" and "Technical report" . This is the story since past 4-5 months.

 

Header 1Header 2Header 3
Total VulnerbilityAverage security TiskAverage Business risk
000
IPTotal vulnerability Business Risk
a.b.c.e ( these are IPs and nor alphabets)00
w.x.y.z00

 

could you please help?

Outcomes