Scenario - I am facing difficulty to identify the number of hosts, that need to be patched When i identify the Petya Ransomeware i pull the patch report based on the CVE and QIDs. I was able to identify xxx workstations and xxx servers. Shared the details to the GOC team and they started to patch, on the process, we again saw more hosts then what we had initially identified not sure why? Which method is convenient for post validation of patching?
1. Pull the patch report after the scan?
2. Pull the report from asset view?
3. Is there any solution that i can pull at once?
4. Any query to pull from asset view for only alive machines?