AnsweredAssumed Answered

Understanding the RISK_SCORE_PER_HOST section in a Host Based Finding Report.

Question asked by Johnny Shaieb on Feb 10, 2019
The following XML stanza comes from a scrubbed Host Based Report. 
Goal:  My goal is to use a host based findings report for a particular asset group to generate a server list of all alive servers that were scanned during a 4 week scan cycle.  I realize that map scans can be use to find all the alive servers in a particular range, but my questions are specific to host based findings reports.
Question 1:  The below XML (RISK_SCORE_PER_HOST) stanza contains two hosts (10.1.2.3 and 10.1.2.4).  You can see that  (10.1.2.4) was listed with (0) TOTAL_VULNERABILITIES.  
  • Does this mean that server (10.1.2.4) was alive and scanned?
  • Are all servers listed in the (RISK_SCORE_PER_HOST) stanza alive and scanned?
<RISK_SCORE_PER_HOST>
    <HOSTS>
      <IP_ADDRESS network_id="0">10.1.2.3</IP_ADDRESS>
      <TOTAL_VULNERABILITIES>4</TOTAL_VULNERABILITIES>
      <SECURITY_RISK>3.0</SECURITY_RISK>
    </HOSTS>
    <HOSTS>
      <IP_ADDRESS network_id="0">10.1.2.4</IP_ADDRESS>
      <TOTAL_VULNERABILITIES>0</TOTAL_VULNERABILITIES>
      <SECURITY_RISK>0.0</SECURITY_RISK>
    </HOSTS>
  </RISK_SCORE_PER_HOST>
Question 2:  Below is a picture of a technical template I am using to produce the above XML report.
  • Which checkbox actually produces the (RISK_SCORE_PER_HOST) section? 
  • Also, if there a PDF that thoroughly explains and maps each template check box/radio button option with the various report format (e.g., XML, CSV, HTML, etc)?
Thank you for viewing the above questions,
Johnny

Outcomes