I have an issue at a large customer of mine. They have MVM 7 with SP1 and ePO 4.5 with SP3 and it seems that the FoundScores do not match between the products. If you draw reports and check the foundscore in MVM for a particular machines, and then check the FoundScore in ePO they are not the same.
I believe as well as the customer that they should match as it gathers this data from Foundstone.
I have done MVM imports continuously. the MVM server is registered, the extension is installed, the FC agents are connected, etc.
Any ideas why this may happen?
Ok here is the scoop.
ePO is asset based and reports the average Foundscore of each asset. When the Founstone import into ePO pulls the asset information it calculates the Foundscore of each asset based on the vulnerabilities known at that time. The ePO data is only as accurate as your latest import.
Foundstone calculates the Foundscore based on the entire environment scanned.
So let me try and makes sense of this.
On a specific scan there is a limit on to how much you are going to get dinged on your Foundscore in MVM. For instance if you scanned 10,000 targets and we found 6 high vulns on each target we will deduct the max and no more.
In ePO there no limit on how much your Foundscore will get dinged so generally the ePO score is lower that the one in MVM.
This has lead to some confusion in the past and we are working on a solution for that. I don't have an eta on the solution or any idea as to what the solution is going to be. I can say that this isn't a bug, but sometimes when things are working as designed they may not be working as desired. This is one of those times.
The bottom line is that those scores currently are not supposed to match.
I do want to thank you for taking the time to answer my question. It is definatly a time where the design is not desired. We have customers who have been sold the idea that a vulnerability scanner that can be integrated with the rest of your security products such as MVM and ePO is a far superior way of doing things then a general vulnerability scanner. These are large customers of ours.
We have ourselves tested this in a lab and have the same problems. My question is this now. Why bother intergrating it with ePO if they do not match?
Hi gents, same here, created 3-3173731913, in which I will refer to this bulletin. We aim to utilize ePO5 as the only dashboard for enterprise risk reporting (of the whole thing basically), meaning we do need to have a match that is solid. I can create all the individual delat reports with like 4 months back including all the respective moves and changes in MVM - but not in ePO, as the scores are not matching (hence we cannot use ePO).
I read above a post date of 2010, which is 2,5 years ago. So allow me to ask if anything happened yet?
Brgds, and have a great day!