SQL query - List of vulnerabilities with and without exceptions

shnizdo · May 23, 2023, 1:56pm

Hi,
I need two reports (cvs) with a list of all current vulnerabilities in InsightVM.

All current vulnerabilities without vulnerabilities covered by an exception (netto / standard)
All current vulnerabilities including all vulnerabilities also the vulnerabilities covered by an exception (brutto) including the exception reason.

Does anyone has an idea an how I can get this from InsightVM via a SQL report?

Many Thanks in advance
Sascha

john_hartman · May 24, 2023, 7:17pm

So you can’t actually run a report on vulnerabilities that are excepted because once the exception is put in place it effectively removes those entries from the database or “hides” them to where you can’t report on them.

To get a CSV of ALL the vulnerabilities currently in your environment (exceptions applied) you can just use the “Basic Vulnerabilities Check” report.

john_hartman · May 24, 2023, 7:19pm

Caveat to this is that you could use a script to essentially copy the contents of all the exceptions through the API, delete the exceptions and then resubmit them (WITHOUT APPROVING THEM) and that adds a value to one of the tables to show that the vulnerability has a pending exception for it. With this you could write a SQL report to specifically target those vulnerabilities with a pending exception if that’s all you’re trying to report on.

note: make sure you approve those exceptions after the report runs