In our environment we are using both the agent and engine authenticated scans. We would like to be able to do a true comparison of what vulnerabilities the engine (remote) scans are giving us vs what the agent is giving us, but since we have been using them complementary, it’s been a bit difficult to do a comparison. Is there are way to see exactly what the engine scans are providing? A report that can show just the remote vulns would be ideal
You can report on what just a scan finds.
In Scan history, look for the scan of the host you are interested in. When you select the host from the list of completed assets, it will present the vulnerability found by that scan.
You can also Select the Site “Rapid7 Insight Agents” in the report filters to see Agent vulnerability findings just from the Agent, a good report to show every check would be “Report Card”