Our InfoSec dept runs a Most Vulnerable Host Scorecard Report each week. The report is set to select "All Asset Groups" (roughly 2500 assets), but the parameters are set to show only the top 10 most vulnerable hosts (Display:->Display->Display 10 rows in the results).
When I ran the weekly report last Thursday, it allegedly showed the top 75 most vulnerable hosts, despite the top 10 parameter still being checked, and the assets were not sorted according to the level 5,4, and 3 severities. Most of the vulnerable hosts that have appeared on the list week after week are no longer showing up on the VH scorecard report at all anymore. However, if I run an individual scan on these missing IPs, I can still confirm that they have 55 Lvl 5 severities, 42 Lvl 4 severities, etc.
Our authentication rate is still in the 90th percentile, so I know that is not the issue. Has anyone else experienced this problem? Or have any suggestions for remediation?