Reporting: Agents vs Scans

How would I generate a report using only agent data without running a scan. I realise there is a little loss without using scans, but for now just want to see agent provided data.

Actually there is very little difference between the amount of coverage from scan engine versus agent. Scan engines perform most of the same functions as the agent does. So essentially, scanning with the engine on an agented asset is complimentary. However, scan templates have an option to skip all checks previously performed by the insight agent.

Someone keep me honest here. I dont actually believe you can specifically select scans performed by the agent in the reporting section? Can you?

The InsightAgent only reports on roughly 90% of the vulnerabilities for an asset as the agents only check for the internal vulnerabilities. All of the Network level vulnerabilities would need a scan ran against them. However that can essentially be done with an unauthenticated scan.

The part of the scan template you’re referring to for an authenticated scan against an asset with an agent would simply improve the efficiency of a scan because the scanner would still do the Network level checks and anything else that the agent wouldn’t do. However for all checks that CAN be performed by the agent, the scanner will skip.

As far as reporting on assets that only have an agent you would simply scope any given report to ONLY the “Rapid7 Insight Agents” site.