Tell me about Vulnerability Data

The vulnerability data returned from your scans is saved in your account in two ways: 1) as scan results, and 2) as vulnerability data indexed by host. Let's take a look at these things.

About Scan Results

Scan results give you a view of your risk at a particular moment in time - the time of the scan. You can download  scan results at any time and you might want to create scan reports including the results. To create a report, just create a scan report template and choose the option Scan Based Findings. Every time you run this scan report you'll be prompted to choose scan results you want to include. One or more specific scan results may be included in one report.

What happens when scan results are deleted?

Scan results may be deleted manually or automatically based on your scan storage setting (see Scans > Setup > Storage). Once deleted, the saved scan results are no longer available on the scans list and are not recoverable.

Important! Deleting scan results does not delete host based findings. This means that you can delete all scan results for a particular host and still create vulnerability scan reports including the latest host based findings using a scan report template.


About Vulnerability Data indexed by host

This indexed version of your vulnerability data is what makes it possible for you to get the most comprehensive and up to date picture of your vulnerability status. This is updated as new scans are completed and new scan results are processed. You'll see this throughout the user interface (your Dashboard, host information, asset search results, etc) and in vulnerability scan reports when the report template includes Host Based Findings.

How do I remove vulnerability data for a host?

You need to purge the host. We provide workflows for purging a single host and purging multiple hosts in bulk. Once purged, vulnerability data is not recoverable. Learn more

Why doesn't my host have any vulnerability data?

A host that is in your account may not have findings (vulnerabilities, information gathered).

- A host may not have findings because the host was included in a scan target however the host was identified as not alive during host discovery and thus not scanned.

- A host will not have findings if it was scanned, then purged, and not scanned again.