Your Scan Report

A scan report includes current vulnerability information about hosts in your account (hosts you select at run time). The amount of detail included in the report is based on your report template settings.

Why should I run a scan report?

Tell me about vulnerability details

How do I run a scan report?

Why do I see a pencil next to the severity?

Which hosts are included in the report?

How do I change the sorting method?

Which hosts are counted as Active Hosts?

Tell me about host information

Which hosts are counted as Hosts Matching Filters?

Tell me about report graphics

Tell me about the total vulnerability count

What's in the Non-Running Kernels section?

Tell me about Security Risk

What's in the Appendix section?

Tell me about Business Risk

How do I perform remediation actions?

Tell me about CVSS scores

 


Why should I run a scan report?

With a scan report you can analyze trends in vulnerabilities detected, sort and filter scan data, generate graphical reports, and create executive reports that provide a high-level view of your overall network security.

How do I run a template-based scan report?

Go to VM/VMDR > Reports > Templates. Hover over the scan report template you want to run and then select Run from the Quick Actions menu.

Which hosts are included in the report?

You choose the report target when you run the report. Then the hosts in your target that have scan findings will be included. All of these conditions must be true for a host to be included:

- The host was a target of a vulnerability scan.

- The host was found to be active (alive) during the scan.

- The host scan completed successfully and we returned findings (in the scan results).

- Findings were found for the host during report creation (host was not purged after being scanned). The findings may indicate vulnerabilities were detected or no vulnerabilities were detected.

Which hosts are counted as Active Hosts?

Any host found to be active (alive) during the scan is counted.

Which hosts are counted as Hosts Matching Filters?

Any host matching the filters defined in the report template is counted.

Tell me about the total vulnerability count

The Summary of Vulnerabilities provides an overview of all vulnerabilities detected for all hosts included in your report. The total number of detections includes vulnerabilities, potential vulnerabilities and information gathered. Notes: 1) For a trend report this is the number of detections in the report timeframe. 2) Fixed vulnerabilities (and fixed potential vulnerabilities) are not counted. 3) You'll see a trend number indicating whether the total increased, decreased or stayed the same as compared to previous scans. The trend number includes vulnerabilities and potential vulnerabilities only (not information gathered).

Tell me about Security Risk

We'll show a security risk score for the overall report (in the report summary) and per host (in the detailed results). Your scan report must: 1) be template based (Executive Report, High Severity Report, Technical Report, or another report based on a scan report template), and 2) select host based findings (instead of scan based findings).

The score for the overall report is the average security risk for all hosts in the report (all hosts matching filters). This is calculated as the sum of all security risk scores for all hosts in the report divided by the number of hosts. The score for each host is the average severity level detected (the default) or the highest severity level detected - all vulnerabilities and potential vulnerabilities are counted in the calculation. Managers can configure the calculation method for the subscription by going to Reports > Setup > Security Risk. (Are you an Express Lite user? If yes the average severity level is always used.)

Show me the formula

What if my report isn't sorted by host?

Don't see the score per host?

Tell me about Business Risk

Business risk is expressed as a value (0 to 100). Generally, the higher the value the higher the potential for business loss since the service returns a higher value when critical assets are vulnerable. A Manager can configure business risk by going to Reports > Setup > Business Risk. (Express Lite users cannot edit the settings.)

Business risk in the Summary of Vulnerabilities section represents the overall business risk for the entire report. Business risk is first calculated for each asset group/host in the report, and then the average of those values is calculated and displayed in the summary.

Business risk in the Detailed Results section represents the business risk value for each asset group (only included when results are sorted by asset group).

Which business impact level is used in the calculation?

Tell me about CVSS scores

CVSS v2 and v3 scores  along with their vector strings will now appear at the vulnerability level when detailed results are sorted by host or asset group.

You'll see CVSS scores for each vulnerability when all of these conditions are true: 1) You ran a scan report (template based) with host based findings, 2) The CVSS Scoring feature is enabled for the subscription, and 3) Asset groups were included in the report target. The host the score pertains to must be included in at least one of the target asset groups.

Learn more about CVSS scoring

Learn more about CVSS v2 and v3 vector strings

Tell me about vulnerability details

Depending on your template settings, your results may contain the following details for each vulnerability: the assigned QID, CVE ID, Bugtraq ID, CVSS Base and Temporal scores, descriptions of the threat, impact and solution, exploitability and malware information from third party vendors and/or publicly available sources, and specific scan test results for each vulnerability instance. Learn more

Why do I see a pencil next to the severity level?

A pencilPencil Icon means vulnerability was editednext to the severity level indicates that the vulnerability was edited. The content (Threat, Impact and Solution) and/or the severity level was changed by a Manager.

How do I change the sorting method?

The detailed results section of your report is organized by one of these methods: host, vulnerability, asset group, operating system, service or port. Edit your scan report template to change the method used.

Tell me about host information

In scan results reports, hosts are always listed by IP address. In scan reports that include host based findings, hosts are listed by the host's tracking method: IP address, DNS hostname or NetBIOS hostname. For each host you'll see details like the operating system detected on the host.

Tell me about asset tags displayed for each host

Tell me about OS CPE

Tell me about report graphics

You can include many different graphs in your report by editing your scan report template. Keep in mind that your filter settings will affect the data reflected in your graphs. If you see "There is no data available" in your graph, check your filter settings.

10 Most Prevalent Vulnerabilities

Operating Systems Detected

Services Detected

What's in the Non-Running Kernels section of the report?

This is a list of vulnerabilities (QIDs) that were found on non-running Linux kernels on the hosts in your report. This section appears only when "Display non-running kernels" is selected in your report template (on the Filter tab). Tip - You can also choose to filter out vulnerabilities on non-running kernels.

What's in the Appendix section of the report?

You'll see some additional information in the Appendix section at the end of your report.

No results available for these hosts

No vulnerabilities match your filters for these hosts

Don't see the Appendix?

How do I perform remediation actions from my report?

Scroll down to the Detailed Results section of your report, click Remediation Action icon in reports and choose an action. The action you choose applies to the vulnerability instance (vulnerability/host/port).

Check out these options: Ignore vulnerability | Activate vulnerability | View / Create ticket

Don't see these options?