AnsweredAssumed Answered

How to graph count of SEV-x vulnerabilities by Tag?

Question asked by David Gianna on Jul 1, 2016

In AssetView, able to tag assets and run ad-hoc queries against them. But what I really need to do is to create a series of dashboards. The top-level dashboards looks like (something like this): <Count of servers (in x, y, z locations) that have SEV-3 or greater vulnerabilities>, <Count of DMZ servers (any location) that have SEV-3 or greater>.

The idea is that if one wants to know about the DMZ vulnerabilities and to view the "scorecard" for remediation and trending, one clicks on the 'DMZ count.' Let's say it shows 91 vulnerabilities - what are they? How are we doing?

You click on it, and it takes you to another dashboard.

This one would have a bar chart of (all of these DMZ servers) showing the number of SEV-3, SEV-4, and SEV-5 vulns.

Oh, and I would like there to actually be three charts - one showing the SEV-3/4/5 score from the most recent scan (say, last 30 days), a second one showing how it looked at 60-days, and the third one at 90-days.

 

Problem is, this only seems to work for Custom Count -- showing an aggregate number for one severity (Vulnerabilities.vulnerability.severity) but not for all three. But what I want is a bar chart -- and it insists on only showing assets groups. This is not what I want.

At the next level down, a dash would show these (DMZ assets) broken out by type (by OS, by function, by location, etc), by number of severities, by last scanned date, etc.

It seems the tools in AssetView easily allow the first and third levels described above, but not the second level. I wonder if there is data that is "siloed" in either the Vulnerability Manager or in the AssetView, but not available in both??

Is it possible to do anything like this using a dashboard within Qualys, or must it be exported to an external third-party tool?

Outcomes