We need to track patching effectiveness; therefore, we need a way to report on total found vulnerabilities month over month (new+active+remediated).
We then need a way to generate total remediated (mitigated) vulnerabilities month over month.
We plan on dividing [total found vuln] by [remediated vuln] to get the "patching effectiveness month over month.
This needs to be a running percentage month over month, not month to month constrained.
I know how to report on total active, remediated, and new vulnerabilities month to month using the Cloud Reports > Cloud executive report, or the dashboard card. BUT this does NOT give us total found and remediated month over month (cumulatively). Instead it gives us total active vulnerabilities or remediated findings month to month (within month).
I already tried the âNew vs. Remediated Vulnerability Comparison over timeâ dashboard card. Again, the problem with this card is that the total vulnerability findings blue line is for total (active) findings within that month (month to month) and not cumulatively (all findings) month over month.
How to get all vulnerability findings (not just active) as far back as our scan data retention period, out of R7 in a dashboard card, query builder, CSV / SQL report?
I have had multiple R7 support cases open on this very question and I am not getting a solution.
I have tried to leverage Remediation Projects for this but using this give us patching effectiveness from an asset count standpoint (affected vs. completed). Moreover, the last 6 months our Remediation Project produced inaccurate and unreliable affected assets counts.
Depending how you want to slice it, patching effectiveness from a vulnerability instance count or asset count perspective.
1 way we have deal with R7 and the month to month vs total is to export the executive summary report data to excel⌠This is a very manual process but it lets us compare all the months data next to each other.
LOL, Iâm have also been doing this. AGREED! very manual and time consuming.
BUT, this is only for total active vulnerabilities, and it does not provide ALL vulnerability findings (active + remediated). We need to report on and track ALL vulnerabilities findings to compare against remediated to truly get a âpatchingâ effectiveness percentage.
For reporting on total vuln. findings (active + remediated), I verified with R7 support the only way to do this w/o a data warehouse setup, is to use the monthly executive summary cloud report and track it in Excel.
As we discussed earlier, our current reporting model doesnât include remediation dates, so directly exporting this data via CSV isnât possible. We did explore using the âfirst foundâ date as an option, but this only scopes vulnerabilities based on when they were initially identified. This method doesnât account for vulnerabilities discovered in previous years but remediated within the current year.
The best alternative is to leverage the Executive Summary Report. This report provides a clear breakdown of total vulnerabilities (both remediated and unresolved) and separately lists remediated vulnerabilities.
To determine the total number of vulnerabilities for the year, you can sum the monthly totals from your Executive Summary Reports. Then, to calculate the number of remediations, subtract the number of remediated vulnerabilities from the total count.