Report to show recent changes

Seems like this data must be in the system somewhere. I’m relatively new to the product but I’ve got my team asking for something sort of specialized. Is there a sql query that might show what vulnerabilities were recently remediated? From a sysadmin / testing perspective knowing what was changed in the past week / month could be valuable information to have. From a cybersec perspective, it would literally show work that was done.

I believe this is possible using the Data Warehouse. The DW allows you to export data from the VM console to an external warehouse to get richer data for things like reporting.

If you look at the Data Warehouse schema, you can search fact_asset_vulnerability_remediation_date on the page and see the table that could help you here. It contains asset, vuln, and date info so you can see remediations as they occur.

I think there is also a Rapid7 created dashboard titled ‘Significant Changes in the Last 30 Days’ that would show some of this information in a dashboard/chart type view, if you’re looking for a more visual representation of your vulnerability remediation. The dashboard should be available in the R7 Library by searching for ‘Significant Changes’.