In the first screenshot, that section is meant to filter out the particular assets (scanned targets) you'd like to include in the report. Now if you look closely at the second screenshot there is a section you've left unchecked named "Vulnerability assessment". You need to check that box than follow up by clicking on the link to select the vulnerabilities. From there you would include a "Vuln Set" that is configured Med and High Sev vulnerabilities.
Hope you find that this resolves your issue.
Thanks for your reply Moniker. If Section tab will setup the "filter" to get High and Medium vulns. what is the purpose to include "Vulnerability Severity" option in Filter tab?
By the way get the report based on "Vuln Set" it is a non dynamic configuration, if a new high or medium vulnerability appears and you dont't manually update the "Vuln Set" that new vulnerabilities won't appear in following reports.
1 of 1 people found this helpful
I believe the point of the vulnerability severity in the filter tab, is to allow you to include assets that have vulnerabilities matching the level you've filter for (in your case med and high). But if those assets also have low and info severities, those will also be added to the report as you've encountered and prompted this thread.
So filter tab is used for filtering the list of assets you want to appear on the report, the sections tab allows you to filter out the vulnerabilities you want to appear on the report.
As far as I know, when you use rule-based vuln sets than future vuln updates are added to the vuln set automatically. If you created you're vuln set by checking off the individual vulnerabilities, then new updates are not be included.
Thanks so much Moniker, I'm starting to see the light at the end of the tunnel.