You use a map report template to report on the discovery information from maps within your account.
Go to VM/VMDR > Reports > Templates to view the report templates in your account. To create a new map template, select New > Map Template. To edit an existing one hover over a map template and select Edit from the Quick Actions menu.
Select the Discovery Method display option to list the open services detected on each host in your report with the discovery method used to identify each service. If available you'll also see the port number where the service is running. You see these details in your report by expanding host details.
What are the possible discovery methods?
Possible discovery methods:
ICMP - Received an ICMP packet from the host.
TCP Port - Detected open TCP port <number>.
UDP Port - Detected open UDP port <number>.
DNS - Resolved a name within the domain into the host's IP address.
Reverse DNS - Resolved the host's IP address into a name within the domain.
DNS Zone Transfer - Detected via Zone Transfer.
TCP RST - Received TCP Reset packets from the host.
Traceroute - Discovered the host via traceroute.
Other Protocol or ICMP - Received an IP packet from the host whose protocol is not TCP, UDP, or ICMP.
Other TCP Ports - Received TCP packets whose source ports are not in the list of probed ports.
A netblock is simply an IP range that is added to a domain in your account. If you want to add or change a netblock for a domain, go to VM/VMDR > Assets > Domains, identify the domain you want to edit, select Info from the Quick Actions menu and then click Edit in the Domain Information window.
Approved hosts are hosts that have been defined in the approved hosts list for a domain. Rogue hosts are hosts that are not included in the approved hosts lists for a domain. In the template, choose whether you want to include approved and/or rogue hosts in the report. When you view your report, you'll see an "A" in the Approved column for hosts that are approved. If this column is empty then the host is rogue. Not sure how to configure an approved hosts list? Go here.
When you include two saved maps in your report those maps are compared to identify changes to your network. You'll see a Status column in the Results section of the report and one of these status levels for each host: Added, Removed or Active. On the Filters tab in your template, clear (un-check) each status level that you do not want to show in the report. For example, you might want to run a report that only lists hosts that have been added to the network. In this case you should filter out removed and active hosts.
You can filter hosts from your map report based on operating system. Go to the Operating Systems tab to see which systems are included and then clear the check box next to each system you want to filter out of the report. Note that the list includes operating systems, wireless access points and VPN gateways that the scanning engine is able to identify. This filter option only applies when a single map result is selected for the report at run time.
At map time, DNS queries are sent to the Name Server of the specified domain. Use this filter if your DNS records are not current and include entries for IPs that no longer exist physically.
Choose "DNS" to exclude devices solely discovered by the DNS discovery method. Choose "DNS and/or DNS Zone Transfer" to exclude devices that were 1) only discovered via DNS, 2) only discovered via DNS Zone Transfer, or 3) only discovered via "DNS and DNS Zone Transfer". If any other discovery method was used, then the IP will not be filtered out of the report. This filter is only applied when a single map result is selected for the report at run time.
This is a spot where you can add required information like a disclosure statement or data classification (e.g. Public, Confidential). The text you enter will appear in all reports generated from this template, except reports in XML and CSV formats.