Result code definitions for "Vulnerability Test Result Code" field

InsightVM
1

Hello, I am trying to find the definitions for the results in the “Vulnerability Test Result Code”. I ran a Basic Vulnerability check report and I am trying to understand the results from the report.

Is there a Data Dictionary document or page that lists the report fields definition of values? Thank you.

2

Hi @pppelis ,

Is this it? Reporting FAQs

Each code corresponds to results of a vulnerability check:

  • ve (vulnerable, exploited): The check was positive as indicated by asset-specific vulnerability tests. Vulnerabilities with this result appear in the CSV report if the Vulnerabilities found result type was selected in the report configuration.
  • vv (vulnerable, version check): A check was positive because the version of the scanned service or application is associated with known vulnerabilities.
  • vp (vulnerable, potential): The check for a potential vulnerability was positive.
  • ee (excluded, exploited): A check for an exploitable vulnerability was excluded.
  • ev (excluded, version check): A check for a vulnerability that can be identified because the version of the scanned service or application is associated with known vulnerabilities was excluded.
  • ep (excluded, potential): A check for a potential vulnerability was excluded.
  • nv (not vulnerable): Nexpose did not find the target application or service to be vulnerable.
  • uk (unknown): Nexpose was unable to determine whether the scanned service or application is vulnerable.
  • sd (skipped because of DoS settings): Nexpose skipped the check because it involves Denial of Service settings.
  • sv (skipped because of inapplicable version): Nexpose skipped the check because the version of the target service or application is not associated with the given vulnerability.
  • er (error during check): Nexpose encountered an error during the check.
  • ds (skipped, disabled): A check was not performed because it was disabled in the scan template.
  • ov (overridden, version check): A check for a vulnerability that would ordinarily be positive because the version of the target service or application is associated with known vulnerabilities was negative due to information from other checks.
  • nt (no tests): There were no checks to perform.