AnsweredAssumed Answered

Removing (or including) hosts in report with certain vulnerabilities

Question asked by kkchris on Feb 25, 2020
Latest reply on Feb 26, 2020 by Rob Dewhirst

Hi, everyone. My name is Chris, AFIR this is my first post here

 

I've tried dozens of deferent things and finally decided to fo public with my problem.

My goal is to get (for example) hosts that are clean, which means 0 Vulns other than level 1 Info Gathering. I know it can be done by query like

 

vulnerabilities.typeDetected:"Information" and not vulnerabilities.typeDetected:"Potential" and not vulnerabilities.typeDetected:"Confirmed"

 

but the customer wants to have it included in the report. Same goes for Critical Vulns etc. So far I exported the AssetView Queries and included this as additional information. However, I keep hearing I should find better solution. 

 

I tried search-list approach, when I create one SL with Info-only Vulns and other with all the rest, and then including Info-list and excluding rest of QIDS. However, this results in report covering all hosts since all of them have (at least) Info Gathered Vulns. Is it possible to generate report for hosts with certain QIDs an only them? I'm stuck, did anyone had similar problem / request and was able to do it properly? Does anyone has any ideas / suggestions I could use? This would be greatly appreciated.  

Outcomes