8 Replies Latest reply on Feb 2, 2010 10:46 AM by cgrim

    Asset Reports and Template Selected Vulnerabilities

    epo909

      Hi all.

       

      Can anyone confirm if Asset Reports Templates automatically include the newest vulnerabilities?

       

      For example, if you create a weekly asset report where you specify only to include High risk vulnerabilities. Will new High risk be automatically inserted on my asset report template?

      If not, it may happen that new checks performed by vulnerability scan are not included in the asset report template unless you edit and select high risk vulnerabilities again.

       

      Every time I perform a FSL update, I notice that the high risk checkbox, when sorting by high vulns at the asset report template, no loger shows that all high risk vulns are selected (its beveled).

       

      Thanks in advance

      RD

        • 1. Re: Asset Reports and Template Selected Vulnerabilities

          Hi RD,

           

          I believe the vulnerabilities are calculated based on the filter at the time the report is run.  This is easy enough to test out.  I will be running a test on it today - a FSL Release should be going out tonight, so hopefully I can answer for sure tomorrow.

           

          -Cathy

          • 2. Re: Asset Reports and Template Selected Vulnerabilities
            epo909

            Hi Cathy.

             

            Any news?

             

            I have checked it again and, after the Jan 27 update, it seems that new checks aint included in the asset reports. however they are included in the scan reports... this means that asset reports might need manual update in order to detect new checks. If so, it would be a huge design flaw. hope not.

             

            Can anyone confirm this please?

             

            Tia,

            RD

            • 3. Re: Asset Reports and Template Selected Vulnerabilities

              Hi RD,

               

              I'm trying to track down a target that's vulnerable to any of the scripts released this week.

               

              I will update the thread when I have an answer.

               

              -Cathy

              • 4. Re: Asset Reports and Template Selected Vulnerabilities

                Hi RD,

                 

                Worked great for me.

                 

                Steps

                ==========

                On Monday:

                1. Created an Asset Report Template with the following filter(s):

                Asset Status is Active

                Vulnerability Severity contains Medium, High

                2.  Ran the report

                 

                Today:

                1.  Ran a scan that would find any of the recently released Vulns.  It specifically found:

                7623 - (MS08-001) Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

                7636 - (MS08-004) Vulnerability In Windows TCP/IP Could Allow Denial Of Service (946456)

                2.  Re-ran the report from the template above

                 

                The report shows both the above HIGH risk vulns.

                 

                Perhaps you're trying to limit the vulns displayed based on the Sections, and Vulnerabilities there - that indeed is NOT dynamic.

                 

                Hope that helps!
                Cathy

                 

                 

                 

                 

                 

                 

                • 5. Re: Asset Reports and Template Selected Vulnerabilities
                  epo909

                  Hi Cathy,

                   

                  I dont know about other members, but I have 30 templates (and growing) that automatically produce weekly and monthly reports, that will not include new checks, unless I edit them each time FSL is updated...

                   

                  Everyone in the VM/VA knows about asset prioritization, its on the lifecycle! We need proper reports based on asset criticality and vuln level, to deliver them to asset owners.

                   

                  Whats the point on having scheduled asset reports if they never report new checks on the choosen risk?

                   

                  Can this be fixed? I think this is a HUGE design flaw, very, very,very limitative....

                   

                  Or is there a logical explanation for desining MVM like this?

                   

                  It would be great to see other user comments on this. I find hard to belive that I'm the only one missing the point.

                   

                  Best Regards,

                  RD

                  • 6. Re: Asset Reports and Template Selected Vulnerabilities

                    hi RD,

                     

                    Sorry, but did you try out my suggestion to have the "filter" set for "High and Medium".  Like I said in my previous post, that worked out well for me in my tests.

                     

                    -Cathy

                    • 7. Re: Asset Reports and Template Selected Vulnerabilities
                      epo909

                      Hello Cathy.

                       

                      You said:

                      "Perhaps you're trying to limit the vulns displayed based on the Sections, and Vulnerabilities there - that indeed is NOT dynamic."

                       

                      My previous post was regarding this statement. It doesn't make sense to be static...


                      I have scheduled asset reports that run every week and month, and I need to edit them everytime I want new checks to be included.

                       

                      Thanks,

                      RD

                       

                       

                      Message was edited by: epo909 on 2/2/10 10:44:13 AM CST
                      • 8. Re: Asset Reports and Template Selected Vulnerabilities

                        You will not need to edit them if you use the filter as I suggested.

                         

                        Please open a Service Request to pursue this request:

                         

                        For contact details:

                        -  Go to: http://www.mcafee.com/us/about/contact/index.html
                        -  Non-US customers - select your country from the list of Worldwide Offices.


                        Alternatively:
                        Log in to the ServicePortal at: https://mysupport.mcafee.com:

                        -  If you are a registered user, type your User Id and Password and click OK.
                        -  If you are not a registered user, click New User and complete the required fields. Your password and login instructions will be emailed to you.

                         

                        -Cathy