4 Replies Latest reply on Feb 9, 2012 1:42 PM by John M Sopp

    Removing Informational Vulnerabilities

      Is there a way to remove these from the csv and pdf scan reports.  My group is only interested in the high, medium, and low vulnerabilities. 

        • 1. Re: Removing Informational Vulnerabilities
          John M Sopp

          I use the following settings when creating a new asset report, after all of the scans complete which the data has come from.

          Create an Asset report using the following

          • Report Type: Vulnerability Report: Single Date report
          • Asset Filter: Create filter rules that include: Scan name (begins with , contains, equals) "something that results in covering the scans you wish to report on"
          • Sections: Select all that you wish, but be sure "Vulnerability Assessment" is selected. this is the part that will filter out informationals  Click "Select vulnerabilities" and the familiar vuln selection dialog appears. In the bottom left change the dropdown selection to "Risk Level"..now you can select highs, mediums, and lows and leave informationals unselected

          • You may set the rest of your options as you normally would.
          • 2. Re: Removing Informational Vulnerabilities

            Experiment with using a vuln set for reporting to see if this gets you the behavior you want (or is close enough.)

            Go to Vuln Sets

            Create a new set

            Select 'Rule Based'

            Set the condition

            Vulnerability Severity Contains High

             

            Save this.

             

            Now create a new report template

            Put in an asset filter that will select the assets you want to report on.

            Don't do anything with vulnerabilities in the asset filter

             

            Under Sections, check 'vulnerability assessment'

            Click 'select vulnerabilities'

            and use the drop arrow to select your vulnerability set.

             

            Finish tailoring your report as usual and run it.

             

            You'll still get some graphs showing vulnerability info you aren't interested in, but the vulnerabilities section will have the focus that I think you want.

             

            J.

            1 of 1 people found this helpful
            • 3. Re: Removing Informational Vulnerabilities

              to clarify, my answer is the same as John's, except that I used a vuln. set.

              • 4. Re: Removing Informational Vulnerabilities
                John M Sopp

                ^Confirmed. Vuln set works just as well-as long as you're using IE, FFox + mvm can be buggy