Hey all,
My team is trying to create a report that helps our Regional Information Officers to rank the vulnerabilities by a security urgency ranking. For the report we need to combine a large set of fields which include (also explained below):
The recommended fix, remediation summary, asset region, asset location (country), asset hostname, asset OS, Asset IP address, a tag containing the location, vulnerability details, affected services/area, severity, #vulnerabilitis of the host, number of exploits, number of malware kits.
So the basic idea is that we want to group the list by the “recommended fix”-field for a specific region, seperated by every IP/Asset.
The field “vulnerability details” should accumulate all the vulnerabilities (title, description, reference → CVE xyz) which can be fixed via the remediation from the “recommended fix”-field.
The #vulnerabilitis - field should show the number of vulnerabilities on the asset which can be fixed by the “recommended fix”-field.
For severity the highest according the the found CVEs should be taken.
e.g
Fix Region Asset IP Address #Vulnerabilitis …
update windows, region a 192.168.178.1 3 …
patch xyz, region a 192.168.178.1 24 …
update windows, region a 192.168.178.2 1 …
Can you help us building a query?
Thank you very much in advance!