cancel
Showing results for 
Search instead for 
Did you mean: 
john.m.sopp
Level 11

Vuln set Question: Microsoft Non-Superseded Patches vs Microsoft Office Non-Superseded Patches

Jump to solution

I've noticed a new vuln set to help filter out superseded and had two questions:

  1. Is the _McAfee_ Microsoft Non-Superseded Patches vuln set all encompassing and also include all checks in the _McAfee_ Microsoft Office Non-Superseded Patches vuln set?
  2. How could we go about creating one report with everything except anything contained in the _McAfee_ Microsoft Non-Superseded Patches vuln set?

          Update: To create this report, which I should mention applies to csv output, I created a sql query to list enabled checks by vuln set name. I outputted the Check IDs for the Microsoft  non superseded vuln set. I then did a compare in my vulnerabilities.csv to the superseded list for all items with vuln name containing MS_ _-  .

If the MVID is not in the non superseded list, record as potential false positive.


Message was edited by: john.m.sopp on 11/1/11 4:12:54 PM EDT
0 Kudos
1 Solution

Accepted Solutions
cgrim
Level 13

Re: Vuln set Question: Microsoft Non-Superseded Patches vs Microsoft Office Non-Superseded Patches

Jump to solution

Hi John,

Looks like you may have answered your own questions?

1)  = YES, it has everything Non-Superseded including the Microsoft Office Non-Superseded patches.

2)  This is a tough one, and it looks like you're getting around it w/ your own SQL queries?  I think with an Asset Report you can accomlish the opposite by using the same Vuln Set in the Vulnerabilities / Select Vulnerabilities Sections Tab.  But from what you said it looks like you want to filter those OUT?

-Cathy

0 Kudos
1 Reply
cgrim
Level 13

Re: Vuln set Question: Microsoft Non-Superseded Patches vs Microsoft Office Non-Superseded Patches

Jump to solution

Hi John,

Looks like you may have answered your own questions?

1)  = YES, it has everything Non-Superseded including the Microsoft Office Non-Superseded patches.

2)  This is a tough one, and it looks like you're getting around it w/ your own SQL queries?  I think with an Asset Report you can accomlish the opposite by using the same Vuln Set in the Vulnerabilities / Select Vulnerabilities Sections Tab.  But from what you said it looks like you want to filter those OUT?

-Cathy

0 Kudos