Continual Compliance using projects and goals

is anyone using The Projects and Goals to track PCI Compliance? I am looking for a way to list assets that are compliant/non-compliant on the dashboard. I can not figure out how to scope the vulnerabilities to only include unauthenticated vulnerabilities from the scanners.

Our environment is too big to have a separate site and not link the assets. an i don’t want to rely on the console reports we are currently working on.

I have looked into creating tags to with certain vulnerability categories. I have looked at using discovered dates, but the agent report the same days as the scanners. I have tried using query builder and the filtered search but i can not figure out a way to get a list of vulnerabilities for PCI. this seems like it could be fixed if they just have a “Discovered Via” field that listed scan templates and agent.

has anyone else figured this out?

Unfortunately the only way I know of to essentially report on what you are looking for would be through a SQL report.

You would essentially need to build a report based off of scans and do a WHERE statement on assets without credential success. From there you could display all the vulnerabilities found to get what you’re looking for. You could set this as a recurring report to run after each scan as well.

We are doing something similar to this. We scope it to the latest site scan. but I like adding the scope to the query then you can set a schedule. Currently you cant set it to a schedule since you have to select the latest scan every time.