InsightVM - Vulnerability instance causes duplication entry on CSV report

nowel · October 7, 2021, 1:59pm

Good day!

Just wondering, does anyone noticed that when generating a report based on CSV using either the default “Basic Vulnerability Check” template or a custom CSV template created from the Reports Tab of the security console yields duplicate entries when a vulnerability found has multiple instances?

Suppose, you have this vulnerability which has two instances on an asset: Adobe Flash Player: APSB15-28 (CVE-2015-7652): Security updates available for Adobe Flash Player

Then when you generate a CSV report from the aforementioned template, you’ll have this entry in your CSV report.

So if a specific vulnerability has more than 2 instances then you will have the exact same number of entries in your CSV report.

Is it supposed to be like that at all? I kind of taking a lot of time checking and deleting the duplicate entries that it become a hassle.

There’s indeed another way I found which is to go directly to the vulnerability page of that asset then do an “Export to CSV” but this doesn’t conform to the process in place wherein as long as the scan is done it will trigger the Recurring report to run.

Hope to get anyone’s input on this. Thanks!

holly_wilsey · October 15, 2021, 6:31pm

Hey @nowel! I just did some testing on my own instance of InsightVM and I was able to see the same thing with vulnerability instances in a report I ran. I’m not 100% sure if that’s intended behavior in the report, but I can try to double check with the team and see what they say.

Are you using Excel or Google Sheets to view your CSV reports? I believe there’s an option you can choose to automatically “delete duplicates” from a selected group of rows. It’s definitely a bandaid for this situation rather than a fix, but I’ll see if I can get any more info from the team.

nowel · October 18, 2021, 2:14am

Hi,

Am using Excel to view it. And yeah, for now am manually deleting the duplicates which takes some time especially if I have multiple CSV report.

Anyway, am just bringing this to attention, hopefully a fix will be implemented the soonest as were actually generating CSV reports frequently.

Thanks and have a great day ahead!

holly_wilsey · October 19, 2021, 9:23pm

Same to you, and appreciate you bringing this up!

jnguyen1 · April 28, 2023, 1:31pm

Has there ever been a solution found for these duplicate entries? I see this on my end too, and it indeed does waste a lot of time

john_hartman · April 28, 2023, 2:46pm

So this is in fact by design. If you go into the Report tab and select “Manage Report Templates” you can make a copy of the “Basic Vulnerability Check Results (CSV)” template and view the other columns that are available to be added into the report. The vulnerabilities shown are “per instance” therefore like mentioned, if an asset is vulnerable on multiple instances it will have multiple lines shown. To make it more apparent WHY there are duplicates you can add the Vulnerability Proof column to your export which will have different values based on either the port, protocol, key, etc.

If you would like to report on Vulnerability Findings instead of Instances I recommend using the SQL Query export and writing a query that specifically shows you what you’re looking for.