Perform Risk Analysis

Create a Risk Analysis Report to identify hosts that are likely exposed to a specified vulnerability. By comparing vulnerability exploit data to known information from past scans, we can determine whether hosts are likely to be at risk to a new vulnerability even before you launch a scan.

Go to Reports > Risk Analysis. Provide report details and click Run to generate your report.

Your report appears online in HTML format listing the hosts that are possibly exposed to the vulnerability. Hosts are possibly exposed if at least one positive match is identified between the vulnerability exploit data and known host information. Hosts are listed by business impact and then by the number of conditions matching the vulnerability. You can select hosts in the list and take actions on them.


What vulnerability conditions do you match to the host?

A check mark indicates a positive match for one of these conditions: QID (the vulnerability has already been detected on the host), operating system, open ports, services, and specific scan results, such as application, version or patch information. The presence of one vulnerability may also be enough to determine whether the host is likely exposed to a related vulnerability.


Tell me about the impact level

Business impact levels are assigned to asset groups to identify which hosts are most critical to your organization. If the host belongs to more than one asset group included in the report target, then the highest impact level amongst those groups is displayed. If you included individual IPs in the report target, then a business impact level of High (or its equivalent) is assumed for the host.