Vulnerability scan results include a Detailed Results section listing the scanned hosts (sorted by IP address) with detected vulnerabilities, potential vulnerabilities and information gathered for each host. The scan results include complete results that have not been filtered. Disabled vulnerabilities are included in your scan results and they appear grayed out. To filter results or view vulnerability trending information, generate custom scan reports based on vulnerability scan data.
This help topic describes the sections and details that appear in your vulnerability scan results when presented in one of these formats: HTML, PDF and MHT. For scan results in XML format, refer to the document Vulnerability Scan Results in XML (PDF) for a description of the DTD associated with the XML output.
Vulnerability scan results include the following sections:
The Report Summary provides general information about the scan results.
section |
Description |
Date |
The date and time the scan was launched. |
Active Hosts |
The total number of hosts alive at the time of the scan. |
Total Hosts |
The total number of hosts included in the scan target. |
Type |
Identifies whether the scan was run on demand or scheduled. |
Status |
The status of the scan task. |
Reference |
This is an automatically generated, unique reference number for this scan. A vulnerability scan reference starts with "scan/". Example: scan/1254206150.19976 |
Scanner Appliance |
This field identifies the perimeter scanner(s) used to launch the scan. For Scanner Appliance users, this field displays the name assigned to the scanner appliance used. Also included: the version of the scanning engine (Scanner), the version of the Web application (Web) at the time of the scan, and the version of the vulnerability signatures package (Vulnsigs). |
Duration |
How long the scan took from start to completion. |
Title |
The title assigned to the scan task. If you did not assign a title, then this field does not appear. |
Asset Groups |
The asset groups that were included in the scan target. |
IPs |
The hosts included in the scan target. For each target host, the host's IP address or hostname appears. A hostname will only appear when the Scan by Hostname feature is used (see Scan by Hostname). |
Option Profile |
The name of the option profile applied to the scan task. Click the option profile name to link to the Appendix section where you can view the preferences set in the option profile. |
The Summary of Vulnerabilities provides an overview of the vulnerabilities detected during the scan.
section |
description |
Total |
The total number of vulnerabilities, potential vulnerabilities and information gathered detected. Vulnerabilities and potential vulnerabilities with a Fixed status are not included in this total. In trend reports, an overall trend is also displayed, indicating whether the total increased, decreased or remained the same as compared to previous scans. |
Security Risk (Avg) |
The average security risk for all active hosts in the report. For each active host, security risk is equal to the highest severity level detected across all vulnerabilities and potential vulnerabilities. See Security Risk in Scan Results. |
By Severity |
The total number of vulnerabilities, potential vulnerabilities and information gathered at each severity level (1 through 5). If you're viewing a trend report, then a trend also appears for each, identifying whether the number increased or decreased since the previous scan. See Severity Levels for a complete description of each. |
5 Biggest Categories |
The top 5 vulnerability categories are listed with the total number of vulnerabilities, potential vulnerabilities and information gathered in each. For example, if you had more Firewall vulnerabilities than any other category, then Firewall appears at the top of this list. Vulnerabilities and potential vulnerabilities with a Fixed status are not included. If you're viewing a trend report, then a trend also appears, identifying whether the number increased or decreased for each category. |
The following graphics are included in your scan results.
This graph displays the total number of vulnerabilities detected at each severity level. Each total is based on the most current vulnerability information for all hosts included in the report. Note that vulnerabilities in a Fixed status are not included in this graph. See Severity Levels for a complete description of each.
This graph displays all detected operating systems. Note that the operating system may not have been detected on all hosts. If you performed selective vulnerability scanning, and did not include the "Operating System Detected" vulnerability (QID 45017), then no data will be available for this graph.
This graph displays all services, such as ssh, ftp and smtp, discovered under the Open TCP and Open UDP Services lists. Note that a service may be counted more than once for a single host if the service is discovered on different ports. Also note that services may not have been detected on all hosts included in your report.
If you performed selective vulnerability scanning and did not include the following vulnerabilities, then no data will be available for this graph: "Open TCP Services List" (QID 82023) and "Open UDP Services List" (QID 82004).
Each scanned host is listed by IP address with the following information (if available):
IP address (DNS hostname, NetBIOS hostname) Operating System
For a host scanned by DNS or NetBIOS hostname, the IP address represents the IP address resolved for the hostname by the service. If the hostname could not be resolved to an IP address in your account, then no scan results for that host will appear.
For each host, a list of the vulnerabilities, potential vulnerabilities and information gathered detected during the scan appears. Select any vulnerability title to expand vulnerability details. Details include the assigned QID, CVE ID, Bugtraq ID, CVSS Base and Temporal scores, descriptions of the threat, impact and solution, exploitability and malware information from third party vendors and/or publicly available sources if available, and specific scan test results for the vulnerability on the host. See Vulnerability Details for more information.
The appendix provides additional information about the vulnerability scan, including a list of hosts that were scanned and not scanned, the preferences set in the option profile applied to the scan task and a report legend. See Appendix for more information.
The following options are available from the File menu:
Print. Click to print your report. Your printed report will appear as it does online, meaning that expanded sections will appear expanded and collapsed sections will appear collapsed. For large reports that have been divided into segments of IPs, the section currently displayed is the only section printed. To print the entire report, you must first select All from the View menu located at the top of your report.
Download. Click to download your report in PDF, HTML pages (ZIP), MHT, XML or CSV format. See Report Formats for more information.