The Patch Report identifies patches you need to install in order to fix vulnerabilities detected on scanned hosts in your account. Your patch report content reflects the selected patch template settings and report source selection (asset groups and/or IP addresses) selected at report run time.
For the most accurate results in your patch report, be sure that authenticated scanning was used to scan the hosts selected for the report. Using authenticated scanning allows the scanning engine to collect the most detailed information about each target host including the host's operating system. The most appropriate missing patch(es) will be identified in your patch report when the most accurate host information, including the operating system, has been detected for each target host.
The basic report sections are described below.
Report Summary. Identifies the user who generated the patch report, the date the report was generated, the report target (IPs and/or asset groups), and the report timeframe when a specific timeframe is selected in the patch report template.
Patch Summary. Provides summary-level information about patches in the report that will fix detected vulnerabilities in your account.
• Total Patches. Total number of missing patches that you need to apply to fix detected vulnerabilities for the target hosts.
• Hosts Requiring Patches. Total number of hosts that you need to apply recommended patches to in order to fix detected vulnerabilities for the target hosts.
• Vulnerabilities Addressed. Total number of vulnerability detections (one QID per host) in your report that will be fixed across all groups in the report when all missing patches listed in the report are applied.
• View Report Targets. Click this link to view a pop-up display of the asset groups and/or IP addresses specified in the patch report template.
Detailed Results. Shows the detailed results of the patch report according to the Display settings in the patch template used to run the report. These settings affect the detailed results:
• Group by. The detailed results is grouped by host, patch, operating system or asset group, depending on the “Group by” template setting.
• Table of QIDs. A table of QIDs that will be fixed by each patch is included in the detailed results when “QIDs that will be fixed by each patch” is selected in the patch template.
• Display Available Links. (PDF and CSV formats only) Links for patches are displayed in the detailed results, if available, when “Available links for each patch” is selected in the patch template.
The layout and format of the patch report data depends on the patch template settings. The look and feel of the report differs greatly based on the patch template's "Group by" setting and report format. See the samples provided below to learn more.
IP address, DNS and NetBIOS hostname, and operating system as this information is available.
Vendor ID. The vendor patch ID for a missing patch. For example, MS03-010.
Sev. or Severity. The service assigns a severity to each patch in the report. The severity may be based on the recommended patch to fix the vulnerability (the default) or the highest severity across all detected vulnerabilities that may be fixed by the patch. Users determine which patch severity to display in the patch report template.
Published. The age of the patch based on the date when the patch was published. For example, "5 days ago" or "2 years ago".
Hosts. (Appears when the report is grouped by Patch or Operating System) The number of affected hosts that the patch needs to be applied to. Click a patch row to view the hosts affected by the selected patch.
Patches. (Appears when the report is grouped by Host or Asset Group) The number of patches that will fix the vulnerabilities on the host. Click a host row to view the patches that will fix the vulnerabilities on the selected host.
Vulns. The number of vulnerabilities on a host that will be fixed by a missing patch. When “QIDs that will be fixed by each patch” is selected in the patch template, the user can click the number to view the QID detection data for the host.
This QID detection data for a host is included when “QIDs that will be fixed by each patch” is selected in the patch template:
QID. A QID associated with a vulnerability detection that the patch fixes. For each QID you'll also see the associated severity level and title from the KnowledgeBase.
Instance. The instance information associated with a vulnerability detection, if applicable. Information such as port, protocol, FQDN, SSL flag (whether SSL was used to detect the vulnerability) is listed when there are multiple detections of a single QID on the same host.
Last Detected. The age of the vulnerability detection, which the patch fixes, based on the last scan date of the host. For example, "53 days ago".
The newest patches that fix the detected vulnerabilities are recommended for installation. The newest patch for any one vulnerability detection may be broader in scope and it may fix more vulnerabilities than the QID associated with the vulnerability detection.
For Microsoft vulnerabilities, the service recommends patch QIDs following the superseding patch sequencing provided by Microsoft. The service automatically determines whether a superseding patch is relevant to the detected patch QID. Specifically, it checks to be sure the operating system and vulnerability tests for a superseding patch correspond to the current vulnerability detection data. If not, the superseding patch is not recommended.
For non Microsoft vulnerabilities, the service always recommends the latest (most recent) version of the operating system or application since the versions are cumulative.
The patch report identifies the patches available for current vulnerabilities on selected hosts based on a patch template selected by the user at run time. These are the vulnerabilities detected by the most recent scan of each selected host. The service identifies patches following a staged approach. See How Patch Analysis Works.
The Online Report format provides a feature-rich user interface including numerous ways to navigate through your report content. The HTML report is displayed in your browser using Ext, a client-side Java framework. A patch report in Online Report format cannot be downloaded to your local filesystem.
Online Report Sample: Group By Host
Online Report Sample: Group by Patch
Online Report Sample: Group by Operating System
Online Report Sample: Group by Asset Group
The PDF format displays your patch report as a downloadable PDF file sorted according to the grouping method selected in the patch report template used to run the report.
The following options are available from the File menu when viewing your report in the Online Report format:
Print. Click to print your patch report.
Download. Click to download your patch report in PDF or CSV format. See Report Formats for more information.