|
|
Patch reports provide current patch information for fixing vulnerabilities and prioritizing remediation tasks. A patch report identifies the most recent fixes for detected vulnerabilities in your account, so you can apply the fewest patches necessary to fix your vulnerabilities. Note that a patch report includes only vulnerabilities that have available patches and excludes vulnerabilities that cannot be patched.
Go to VM/VMDR > Reports > Templates. Find the patch report template you want to run (we recommend Qualys Patch Report to get started) and select Run from the Quick Actions menu.
For the most accurate results in your patch report, be sure that authenticated scanning was used to scan the hosts selected for the report. The most appropriate missing patch(es) will be identified when the most accurate host information, including the operating system, has been detected for each host.
We also recommend you choose "QID based patch evaluation" under Findings in your template. This option gives you the most complete and accurate patch recommendations. With this option, you may see several patches recommended to fix a single vulnerability.
This is the number of vulnerability detections (one QID per host) that will be fixed across all groups in the report when all missing patches are applied. You'll see this number in the Report Summary section of the report.
You'll see the following patch data:
Vendor ID - The vendor patch ID for a missing patch (for example MS03-010).
Severity - The service assigns a severity to each patch in the report. The severity may be based on the recommended patch to fix the vulnerability (the default) or the highest severity across all detected vulnerabilities that may be fixed by the patch. Users determine which patch severity to display in the patch report template.
CVSS Base Score - You can choose to display a CVSS Base score for each patch - just select this option in your patch report template. Like with severity, you can display the assigned score for the patch detection or the highest score across all vulnerabilities fixed by the patch.
Published - The age of the patch based on the date when the patch was published. For example, "5 days ago" or "2 years ago".
Hosts - (Appears when the report is grouped by Patch or Operating System) The number of affected hosts that the patch needs to be applied to. Click a patch row to view the hosts affected by the selected patch.
Patches - (Appears when the report is grouped by Host or Asset Group) The number of patches that will fix the vulnerabilities on the host. Click a host row to view the patches that will fix the vulnerabilities on the selected host.
Vulns - The number of vulnerabilities on a host that will be fixed by a missing patch. When “QIDs that will be fixed by each patch” is selected in the patch template, the user can click the number to view the QID detection data for the host.
QID detection data is included when “QIDs that will be fixed by each patch” is selected in the report template.
QID - A QID associated with a vulnerability detection that the patch fixes. For each QID you'll also see the associated severity level and title from the KnowledgeBase.
Instance - The instance information associated with a vulnerability detection, if applicable. Information such as port, protocol, FQDN, SSL flag (whether SSL was used to detect the vulnerability) is listed when there are multiple detections of a single QID on the same host.
Last Detected - The age of the vulnerability detection, which the patch fixes, based on the last scan date of the host. For example, "53 days ago".
The newest patches that fix the detected vulnerabilities are recommended for installation. The newest patch for any one vulnerability detection may be broader in scope and it may fix more vulnerabilities than the QID associated with the vulnerability detection.
Microsoft vulnerabilitiesMicrosoft vulnerabilities
We recommend patch QIDs following the superseding patch sequencing provided by Microsoft. The service automatically determines whether a superseding patch is relevant to the detected patch QID. Specifically, it checks to be sure the operating system and vulnerability tests for a superseding patch correspond to the current vulnerability detection data. If not, the superseding patch is not recommended.
Non Microsoft vulnerabilitiesNon Microsoft vulnerabilities
We always recommend the latest (most recent) version of the operating system or application since the versions are cumulative.
Your report will include a section called "Cloud Related Information" for each of your AWS cloud assets when the Display option "Cloud Provider Metadata" is selected in the Patch Report Template.
What type of cloud metadata is shown?What type of cloud metadata is shown?
You'll see AWS cloud asset metadata that has been collected for each host like instance ID, instance type and instance state, public and private DNS names and IP addresses, account ID, region code, subnet ID, availability zone, group ID and name, reservation ID, and more.
Where does this information appear?Where does this information appear?
This depends on the report format.
- In Online Report format, click AWS in the Provider column under HOSTS for any AWS cloud asset to get a pop-up with the cloud related information.
- In CSV format, this data appears in the column "Cloud Resource Metadata".
- In XML format, this data appears as part of the tag <CLOUD_RESOURCE_METADATA> for each AWS cloud asset in the host list.
- In PDF format, you'll see cloud related information just below the IP address for each of your AWS cloud assets.
The Online Report format provides a feature-rich user interface including numerous ways to navigate through your report content. The HTML report is displayed in your browser using Ext, a client-side Java framework. A patch report in Online Report format cannot be downloaded to your local filesystem.
Online Report Sample: Group By Host
Online Report Sample: Group by Patch
Online Report Sample: Group by Operating System