Vulnerability data is saved on a per scan and per host basis, resulting in accurate reporting and trend analysis. After each scan, vulnerability data is updated in your account for all scanned hosts. Use the Scan Results Selection options to specify how you want vulnerability data collected for custom scan reports. You may select run time (manual) or current vulnerability status (auto).
The run time (manual) option provides a view of your risk at a particular moment in time (at the time of the scan). Vulnerability data and hosts included in your report are specific to the scans that you choose at run time. Note that you can view saved scans from the scan history list (select Scan on the left menu).
The status (auto) options provide the most up-to-date information and current vulnerability status for hosts specified in your report template. Vulnerability data is automatically collected based on the most recent scan data. Trend information is precisely calculated when analyzing results generated with the same scan options, and results generated for a full scan compared to a partial scan.
The current vulnerability status is also displayed in other locations throughout the web application including your Dashboard, asset search results and remediation tickets. Note that you can view current vulnerability information for any host from the host assets list (select Host Assets on the left menu and then click view for any host).
The Run Time option uses vulnerability data collected at run time. Each time you generate a report with this setting, you must manually select saved scan results to include in the report. Vulnerability data and hosts included in your report are specific to the scans that you choose at run time. The report does not use other host data to identify the current status of vulnerabilities or generate trends.
The Status and Status with Trend options use vulnerability data collected from the most recent scans. Each time you generate a report with one of these settings, the service automatically collects vulnerability data for the hosts you've specified in the template. These reports use vulnerability history and host data to identify the current status of vulnerabilities and produce trend information.
Status. Select to view the most current vulnerability information and status (New, Fixed, Re-Opened, Active) for all hosts included in the report. This is the default option in new scan report templates.
Status with Trend. Select to include trend information along with the current status for all hosts included in the report.
• Include daily | weekly | monthly data. Generate a trend report analyzing vulnerability information on a daily, weekly or monthly basis. The reporting engine will select results based on the time frame you specify. You may specify up to 31 days, 20 weeks or 12 months.
• Only include scan results from the specified timeframe. Select this option to ensure that only vulnerability information gathered in the timeframe that you've specified is included in the report. If this option is not selected, vulnerability information for hosts that were last scanned prior to the specified timeframe may be included.
For example, let's say you want to generate a report analyzing data for the past 4 weeks. Host A was scanned 5 weeks ago, and has not been scanned since then because it was firewalled and unreachable. To exclude Host A from the report and only analyze vulnerability information detected in the past 4 weeks, select this option. To include Host A in your report with the last known vulnerability information from 5 weeks ago, clear this option.
• Include vulnerability information for the past 2 detections. Select to compare the most current vulnerability information to the last known information. The reporting engine will analyze the last two detections for each vulnerability on each host, comparing the current vulnerability status (New, Fixed, Re-Opened, Active) to the last known vulnerability status.
Note: This section only applies if you've selected the option Status or Status with Trend.
Select hosts to include in the report. You may include asset groups and individual IP addresses/ranges.
Asset Groups. Enter the name of each asset group to include. Click Select to choose from a list of groups in your account.
IPs/Ranges. Enter IP addresses/ranges to include. Click Select to choose from a list of IPs in your account.
Important: If you are using the Scan by Hostname feature and you want to report on hosts scanned by hostname, note the following requirements. In IPs/Ranges you must enter IPs/ranges that are resolved from the scanned DNS and NetBIOS hostnames. In Asset Groups you must enter asset groups which contain IP addresses that are resolved from the scanned DNS and NetBIOS hostnames. See Scan by Hostname for information.