Help with CVE report

Hello guys. Please, I need your help to create a report from 4 specific sites and for 36’s CVE’s IDs.

I already tried using Tags, Asset groups, Query Builder, but it’s not working.

The report always appears all the vulnerabilities related to the assets from those 4 specific asset. And I need just some specific CVE’s from this list.

Thanks you.

This is a good example of several deficiencies I experience with the reporting. I run into this issue a lot, especially when trying to get granular with my filters and being able to report on them.

I’m curious to see if anyone else has any input.

Under the report section I created my own report template and chose the “Export (CVS Format)” template type. I included almost all the fields (you can customize which one’s you want). From there you can use this to export based on certain criteria like Scans, Assets (groups, tags, etc) and limit your vulnerability scope (Oracle, Java, Microsoft, etc) if you want.

Once you export it to CSV you can use VLOOKUPS to filter out just the CVE’s you want to look at and create pivot tables. One problem is that it shows you ALL instances so if you have multiple instances on a single asset, this could skew your numbers depending on what you are trying to report on.

I unfortunately use this report for most of my reporting needs because it allows me to get more granular. It’s not ideal and it’s pretty manual intensive, but it works most of the time.

Hope this helps!