We'd like to generate a report with technical vulnerability details (description, remediation, results, etc), but only show those vulnerabilities for which there are open remediation tickets. I'm having trouble getting this to work. So far, I've tried creating a host-based report template and with several combinations of State & Status filters, but I'm not having any success. For example, when I filter on [Status = Active | Re-Opened] and [State = Active], the report returns all vulnerabilities on the hosts, not just the ones for which we have open tickets.
The only way I've been able to get this to work is to filter the report using a manual search list with all of the QID's that correspond to open tickets. This satisfied the immediate need but it's not feasible to do this everytime I want an updated report.
Am I not using the filters correctly, or is what I'm asking not possible? Any suggestions?