2 Replies Latest reply on Nov 18, 2016 4:42 PM by lon

    Newbie Question, Critical Findings

    jarin01

      Hi all.  I haven't been using MVM for long but I was asked if I could create a report that shows just the critical findings.  From what I have seen with using MVM so far is that on a scan report it shows Informationals, Lows, Mediums, and Highs.  There doesn't seem to be a critical category like on other vulnerability scanning tools.  Or would we just consider the high findings to be the same as criticals?

        • 1. Re: Newbie Question, Critical Findings
          joaocunhaazevedo

          Hi ,

           

          i work with MVM for 1 and a half year now  in the company where i work actually, we only report the high and medium vulns to the teams for correction the are considered critical.

          • 2. Re: Newbie Question, Critical Findings
            lon

            A vulnerability set based upon CVSS v2 Metrics / Vectors can be created for use in Custom Reports and/or scans. As far as for CVSS v3, that should also be able to be created. I have not created such a set to date.

             

            Below is a screenshot of a CVSS v2 MVM Rule-based Vulnerability Set that will pull CRITICAL Vulns based upon "CVSS v2 == 10"

            The vuln set should include any vuln that has a CVSS score greater than or equal to 9.99509 in the NVD per what is listed in MVM.

            vuln set.jpg