The patch report lists missing patches that you need to apply in order to fix current vulnerabilities in your account. Template settings allow you to customize what information is included (findings, hosts, vulnerabilities and services) and how much to display.
See also Reporting - The Basics |
|
|
Go to VM > Reports > Templates. Select New > Patch Template to create a new, custom template. To edit an existing one hover over the template you want to edit and select Edit from the Quick Actions menu.
Go to the Findings tab to identify the hosts you want to include in the report. The report will only include scanned hosts that you have permission to report on.
Go to the Findings tab to tell us the patch evaluation method you want to use. We recommend "QID based patch evaluation". This method works when you have complete scan findings (all applicable QIDs) for your target hosts. When multiple patches are required to fix a vulnerability you’ll see multiple patches recommended in your report. Don't have complete scan findings for the target hosts? Choose "Classic patch evaluation".
We'll assign a severity to each patch in the report. The severity may be based on the recommended patch to fix the vulnerability (the default) or the highest severity across all detected vulnerabilities that may be fixed by the patch. You determine which patch severity to display in the Display section of the patch report template.
Learn more: Assigned SeverityAssigned Severity | Highest SeverityHighest Severity
Select this option to display the highest severity across all QIDs detected for the specified target that can be fixed by the patch. For example, let's say patch MS09-015 fixes QID 90492 (severity 3), QID 90397 (severity 4) and QID 90342 (severity 5). If all three QIDs are detected on the host, then the patch severity is 5. If QID 90342 is not detected on the host but the other two QIDs are, then the patch severity is 4.
Select this option to display the severity assigned to the QID for the recommended patch. For example, if the KnowledgeBase has a QID for MS09-015 with severity 3, then the patch for MS09-015 is also listed with severity 3, even if other vulnerabilities fixed by the patch have a higher severity.
Select the "Cloud Provider Metadata" option in the patch report template to display cloud metadata for your cloud assets in the patch report. Only cloud metadata for AWS is supported at this time. Note that this option is only available when detailed results are grouped by Host.
You can show the assigned score for the patch detection or the highest score across all QIDs fixed by the patch. We'll also show the CVSS (version 2) and CVSS v3.1 Base score for each QID in your report (when you choose to display QIDs).
This is a spot where you can add required information like a disclosure statement or data classification (e.g. Public, Confidential). The text you enter will appear in all PDF reports generated from this template.
Select this option to include patches in your report for vulnerabilities for which we do not currently have vendor information. You will not see a Vendor ID for these QIDs in your report.
We use vulnerability filtering to determine the vulnerability QIDs for which you want patch information in your report. All vulnerabilities detected within the last 30 days are included, unless you choose to filter the list and change the timeframe selection.
Selective Vulnerability Reporting - Use these options to tell us which vulnerabilities (QIDs) you'd like us to find patches for. We'll collect detection information from hosts and use the KnowledgeBase to determine whether patches are available. If you apply filters here we'll limit data collection to certain QIDs detected on your hosts.
Selective Patch Reporting - Use these options to tell us which vulnerabilities (QIDs) you'd like to include in the report as recommended patches. If you select "Exclude QIDs" we'll remove these QIDs from your patch report and suggest an alternative patch QID, if possible.
Pre-defined QID filtersPre-defined QID filters
Select filters to exclude certain vulnerabilities from your reports like vulnerabilities found on non-running ports/services and vulnerabilities that can’t be exploited because of a host configuration. These filters apply to certain QIDs only. Learn more
Non-running kernelsNon-running kernels
By default we report all vulnerabilities on all Linux kernels (the running kernel and non-running kernels). Choose the display option to add a new section to your report listing vulnerabilities on non-running kernels or choose the exclude option to filter them out. Learn more
Use Case - Filter Out MS Service Pack QIDs
It's possible that you've excluded QIDs under Selected Vulnerability Reporting and they appear in your patch report.
Why does this happen? We'll report patch QIDs automatically in cases where we know your selected vulnerability QIDs have known patches to fix the them.
Want to exclude certain QIDs from your report? No problem, just configure Exclude Patch QIDs under Selective Patch Reporting and tell us the QIDs you don't want to see as recommended patches in your report. That's all there is to it!
Use Case - Remove QID from your Patch ReportUse Case - Remove QID from your Patch Report
Say you’ve scanned host 10.10.10.100 and we've detected QIDs 1, 2 and 3 on this host. QID 9 is available to fix QIDs 1, 2 and 3 however QID 9 is not detected on the host. We'll show QID 9 as a recommended patch in your report unless you choose to remove it.
It's easy to remove QID 9 from your report. Under Selective Patch Reporting select "Exclude QIDs" with a search list including QID 9. That's it! Your report will not include the unwanted QID.
Tip - If you add QID 9 to "Exclude IDs" under Selective Vulnerability Reporting (not under Selective Patch Reporting) we'll still show it in the report.
Select a timeframe for vulnerability detection. We'll find patches for vulnerabilities detected during the timeframe you've selected. For example, select "Last 30 days" to find patches for vulnerabilities detected in the 30 days prior to the report creation date. To find patches for all known vulnerabilities regardless of when each vulnerability was detected, select "No Time Limit". The default setting is "Last 30 days" in new patch report templates.
Tip: If you have a host with old scan data that is no longer applicable to the host (perhaps because the host is used for a new purpose and has a new operating system, applications, etc), then you can purge the host to permanently remove all saved host information. Then re-scan the host to get current host scan data.