From the course: Implementing a Vulnerability Management Lifecycle
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Generating actionable vulnerability reports
From the course: Implementing a Vulnerability Management Lifecycle
Generating actionable vulnerability reports
- [Instructor] After you scan your assets, you have vulnerability data to analyze, so it's time to generate a scan report. This report will help you prioritize your vulnerabilities and set you up to design mitigations. There are multiple ways you can set up your reports in your scanning tool. I suggest a report that lists vulnerabilities from the most severe to the least severe. For each vulnerability, make sure the report shows the affected assets. Here's a simple example from OpenVAS. Notice the rows are organized by vulnerabilities, and the affected assets are shown in the Host's column to the right. Now let's take a look at a detailed description of just one vulnerability. Note the QoD percentage. It means Quality of Detection, and it's an indicator of the reliability of test results. Values less than 70% suggest false positives. The lower the value, the more likely it's false. Now, the reason we want to report by…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.