How to report on a past scan?

I need to generate a PDF or CSV report for vuln. findings from a specific past scan that occurred a month ago? I see the scan history calendar shows the scan, but I cannot seem to find the scan under the site or the ability to run a report based on a specific past scan. In reports, the scope option for ‘scan’, only shows the most recent scan.

Same here, maybe you should open a case in order to check if it is possible or not.

Check your Admin > Maintenance > DATA RETENTION settings.

Hi Lee,

This query will report risk, vuln count etc at points in time (based on the INTERVAL set) - does this help? It doesn’t give specific vulnerability info though, which might be what you actually want. When set as below it will give you the data per week per asset for the last year. If running on a lot of assets this could end up a long report, but you can limit it by adding specific dates in (replace current_date with ‘yyyy-mm-dd’) or change the INTERVAL to ‘1 month’ or pick specific assets.

FROM fact_asset_date (current_date - 365, current_date, INTERVAL ‘1 week’) fad
JOIN dim_asset da ON da.asset_id = fad.asset_id
JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id

UPDATE: it looks like this details the fact_asset_vulnerability_finding table you’ll need which will link an asset id, scan id and vuln id to get you more specific data. Understanding the reporting data model: Facts | InsightVM Documentation

I need to simply report on all mitigated (remediated) vulnerabilities by asset for a given site. Why is this type of PDF and CSV report not readily available?

This is a very basic and common report I regularly used with in the past and prior to moving to Rapid7.