Technical people in our Org know and love the query builder. I just send people a link to it, and they can quickly see how many more systems they need to remediate. It’s easy.
But not having the proofs accessible there is slowing us down. I don’t want to have to send a user 5 or 6 more clicks just to access the proof for one asset at a time. I also don’t want to create a remediation project, or bounce over to the legacy report builder, every time I want some proofs. We need to export the proofs every day so I shudder to think how many man hours i’ve used or how much of a bottleneck this has been for remediators.
There should be an “instances” tab on the query builder with an option to export to CSV. Like this:
(i made this mockup by messing with HTML – it does not exist in the tool)
Can someone from Rapid7 chime in with whether or not this is on your radar? Is there an IDEA filed for this?
if anyone else would find this useful, chime in below
There is a current IDEA for this specific request IDEA-1929 that you could link to if you were to open a new support ticket for it and mention that number in the case. Also if you could give me your company name I can add it directly to the JIRA issue for you.
Thanks John!! Appreciate the quick reply. I will reference that IDEA when pushing for this.
Great idea! I also struggle with this same thing throughout the platform. I use the Query builder to help filter things out and find myself going back and forth between the Query Builder (the platform side) to the reports/asset pages/vulnerabilities page (Local Security Console page) and it’s very taxing, especially when trying to relay the information onto the remediation teams. This feature would for sure help, at the very least, give me the information I need while remaining in the Query Builder.
I was looking for this many moons ago too. Will be great if it comes along. Upvote for sure.
I do think it’s worth noting though that the query builder is not meant to be the main point of workflows when talking about running reports for remediation teams. The Query builder is simply meant to filter your results. Those queries (once saved) can be used to load Remediation Projects which is specifically designed to show you the solutions that need to be implemented with a listing of the Vulnerabilities that they would fix and the assets that it applies to. If the remediation team wants to see proof per asset for each vulnerability they can run the Remediator Export which has a column for the proof.
This is ran from inside the Remediation Project by selecting a Solution > Clicking on the Asset Tab > Select all Assets (or the ones of interest) > Hit the drop down for Export to CSV > Click the Remediator Export
Thanks John, I appreciate you working through this with me.
I’ve found that the Remediation Projects screen tends to confuse the Remediation teams. In the example you showed, it divides the CSV Export by 135 solution, so the remediator would have to export 135 different CSV’s to get the full list of proofs. I know most projects don’t have that many solutions, but even for 4-5 solutions that is pretty onerous.
Either way, it’s alot more clicks (and corresponding how-to’s I have to write) and visual noise just to get the information that was right in front of me when I made the query.
And lastly, sometimes I just need to see the proofs for my own information – i don’t want to have to create a project (again, like 5 clicks, some data entry, and waiting for the project to populate) just to surface the proof information.
Proofs are everywhere in the console, they are key pieces of information, so it should not be so hidden in the platform if the goal is for power users to move to the platform.
All fair points. Like you mentioned, the proof is there by clicking on the assets individually and I can’t honestly think of a good reason that it needs to be a pop out instead of just a column. If I had to guess it’s probably because of the instance count. If a vulnerability only has one instance on an asset then it will only have one proof so it makes sense to have it as another column. However if the asset has multiple instances then there would still only be one line on the page because it’s counting findings. With that logic it would have multiple proofs (one per instance) and that could get messy.
So what I think the applicable solution here would be is to have the Vulnerability Details page list out the vulnerabilities by instance rather than finding that way you could simply add in the column of proof to see everything all at once.
If this is something you feel would improve your workflow then I suggest adding in that verbiage above to the IDEA ticket you submitted.
yep, I like your idea that it should also be on Vuln Details page. Maybe in this dropdown:
In my opinion, it should be in both places (query builder and vuln details), so that people can export from wherever they’re viewing
Just wanted to bump this. Still absolutely my #1 feature request and frustration with IVM by a mile. I would use proofs in the query builder literally every day.
I sent this up through our Rapid7 reps back in May and heard they would float it to the product teams, but did not hear anything since. But I haven’t lost hope