Hi everyone. I’m looking to get some help with making a SQL query that will output all systems that have vulnerability exceptions and provide me with a list of IP and hostname. Is this something that is doable in Rapid7? If the query could include the vulnerability that the exception covers that would be nice as well but not required.
I would start with something like this query: SQL example - vulnerability exceptions | InsightVM Documentation
The tables in that query have the hostname and IP, so you should be able to just add them to the SELECT statement
So you’ll have to forgive me for not being very good with SQL yet but I tried modifying the Select portion to add
END AS exceptionscope, COALESCE(dve.additional_comments,’’) as additional_comments, dve.submitted_date, dve.submitted_by,8 dve.review_date, dve.reviewed_by, dve.review_comment, dve.expiration_date, des.description as status, der.description as reason,9 dv.title, dv.nexpose_id, da.host_name, da.ip_address
but all that generated when the report ran was 2 commas and no data.
The most basic version of what I am trying to get is just a report that will show every asset that has a vulnerability exception and what the exceptions are on the assets in question.
If anyone has any ideas on how to accomplish this it would be appreciated.