5 Replies Latest reply: Sep 25, 2017 10:01 AM by coyote10a RSS

New to Tenable

rkrick Novice

I seem to be missing a step somewhere in my process. I am running a scan against all of our pc's. I get the monthly scan report and I work with our desktop support team to have them patch the listed vulnerabilities. The desktop support person with then launch a remediation scan for each vulnerability listed and we can both see that when you switch to the mitigated view that they have been fixed. The missing step I cant seem to figure out is when I run the report again it is still showing the previous vulnerabilities.

 

How do I get the mitigated ones to not show on my report?

Do I need to created a different report?

What information do you need to know?

  • Re: New to Tenable
    cezar Apprentice

    In the scan definition, in the "Post Scan" add the name of the report you'd like to be updated with new data.

     

    Cezar

    • Re: New to Tenable
      rkrick Novice

      I am sorry in advance but things with tenable were not explained very well when I took this over. Is that in the report section or in the active scan section? I found in my active scans section in my pc scan there is an option for post scan and it shows  "reports to run after scan completes".  I have my pc report selected.

       

      I still feel like a step was not relayed to me,  so please bear with me. My support person logs into tenable and goes to Scans - Scan Results. They open the scan for the pc's and review the vulnerabilities. They would then fix the issues and then would click on launch remediation scan. After they go through the list I then go into the scan results and select the scan and I switch the view to mitigated and they no longer up.

       

      What should be the next step be?

      • Re: New to Tenable
        rkrick Novice

        This is where i am running into my problem, Do i need to run the whole scan again or is there a way to re scan against just the scan that had vulnerabilities list? or is this done through the report?

        • Re: New to Tenable
          selman.jon@cryolife.com Novice

          I'm new to Tenable as well and am also interested in an answer on this. I can see it as being something I'll definitely encounter in the near future.

           

          In this situation, though, I would expect you'd have to re-run the scan, at least on the vulnerable hosts, in order to acquire a report reflecting the newly patched state. Who knows...

  • Re: New to Tenable
    coyote10a Novice

    What may be happening is the report you are running is against the individual scan, versus the repository. The repository is just the database (and you could have several of these - another topic) that collects all the scans and results. If you have SC, try to use the analysis tab, with filters, and on the right menu, click on "cumulative". Then save that as a query, and run your reports against the query (scheduled, on demand or otherwise). Repeat the process for mitigated results if desired (except on the right menu, change the query to "switch to mitigated" vs cumulative.