We are being asked by our internal audit department to provide a count of how many vulnerabilities have been excepted by various asset groups. For instance we have an asset group for workstations. Is there a query that would provide a list of what vulnerabilities have been excpepted on this asset group and a count for the number of instances for each vulnerability.
There doesn’t seem to be a good dashboard or way to view what vulnerability exceptions have been applied to what system aside from viewing the asset page of each device
Hopefully this question make some sense.
As a concrete example we have vulnerability exceptions in place for any workstation for the following vulnerabilities but not all workstations will have these vulnerabilities.
Obsolete version of Microsoft MSXML 4
Cisco AnyConnect: CVE-2021-1366: Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability]
Is there a way to get a count of the instances that each of these vulnerabilities have exceptions for on this asset group?