Hello everyone,
I am currently using two report templates: PCI Host Details (PDF) and Basic Vulnerability Check Results (CSV).
My problem: Some unidentified CVEs are missing in the CSV but are included in the PDF.
Is there a SQL query to get all the information of the PCI Host Details PDF?
Thanks!
Are you looking for a PCI PASS/FAIL Marker in the CSV export for each of the VULNS identified?
No, I am looking for a dataset that includes all VULNS which are part of the PCI Host Details PDF.
Both the Basic Vulnerability Check Results CSV report and the SQL query “All-Assets-All-Vulns.sql” from GitHub deliver only part of the VULNS, certain ones are simply missing.
ahhh i see, I THINK… lol
something like this?
Then select your assets as your normally would…
SELECT DISTINCT
da.ip_address AS "IP Address",
da.host_name AS "Hostname",
dos.description AS "Operating System",
dv.nexpose_id AS "Nexpose ID",
dv.title AS "Vulnerability Title",
proofAsText(dv.description) AS "Description",
dv.date_published AS "Published Date",
dv.cvss_vector AS "CVSS Vector",
dv.cvss_score AS "CVSS Score",
dv.severity_score AS "Severity Score",
dv.severity AS "Severity",
dv.pci_severity_score AS "PCI Severity",
dv.pci_status AS "PCI Status",
dv.exploits AS "Exploit Count",
dv.malware_kits AS "Malware Kits",
dp.name AS "Protocol",
fpssf.port AS "Port"
FROM fact_pci_asset_scan_service_finding fpssf
JOIN dim_asset da USING (asset_id)
JOIN dim_service ds USING (service_id)
JOIN dim_protocol dp USING (protocol_id)
JOIN dim_vulnerability dv USING (vulnerability_id)
JOIN dim_operating_system dos ON da.operating_system_id = dos.operating_system_id
-- Optional filter to show only PCI-relevant findings
WHERE dv.pci_status = 'Fail'
ORDER BY dv.title ASC;