1 Reply Latest reply on Aug 31, 2012 7:53 AM by John M Sopp

    CVSS report from MVM

    sisc

      Hi All

       

      I am trying to create report based on CVSS scores, especially, the high ones.

       

      Any ideas?

       

      Greatly appreciated.

        • 1. Re: CVSS report from MVM
          John M Sopp

          Have you tried creating a custom report(called custom reports in mvm7.5 and asset reports in earlier versions)? The report should be based on a rule based vuln set.

          Rule Based Vuln sets will let you use CVSS metrics to pinpoint the vulns (and thus only report on the vulns) assoicated with whatver CVSS characteristic your heart desires.

          A good starting point might be what is listed in the screenshot below but should be tweaked to match what is "high rated" to your organization.

          vulnsetCVSS.JPG

          I'll just go into one case where a company rates high priority vulns as those found that can cause a denial of service condition on web servers-just to get the gears turning faster...

          For this example you'll need to use rule based vuln set, and a report filter.

          See below

          webcvss.JPG

           

          on 8/31/12 8:53:50 AM EDT