Vulnerability Reports

CQ Vulnerability Reports

CYBERQUEST Vulnerability Reports are based on OpenVAS integration (https://www.openvas.org/).

To access Reports, please firstly open Vulnerability Manager in Web Interface by navigating to Settings > Management > Vulnerability Manager and go to Reports section.

In the Reports you can find the results of generated scanning tasks with status, information about owner, task name and date, numbers of hosts and vulnerabilities, which were found during scanning process.

Also, you can click Actions button to export these events from scanner to CYBERQUEST and check them in dashboards and reports module in details. For more information, please access the link: Vulnerabilities dashboards in CYBERQUEST.

With quick filter you can make search of specific reports by names or use other searching requests.

If you click in specific report by pressing button, you will see more details about this report, including: creation time, owner, name, format, applications, number of scanning hosts, Operation systems, ports and vulnerabilities:

In the table, you can find more detailed information regarding vulnerabilities based on ports, hosts, severity, Nvt (Network Vulnarability tests), name, Nvt.cve (Common vulnerabilities and exposures), QoD (Quality of detection):

More description regarding Network Vulnarability tests and other OpenVAS terms please find below:

1) The OpenVAS Scanner performs several security checks. These are called Network Vulnerability Tests (NVTs) and are mostly implemented in the programming language NASL. Some NVTs are wrappers for external tools. As new vulnerabilities are published every day, new NVTs appear in the Greenbone Security Feed.

2) A Host is a single system that is connected to a computer network and that may be scanned. One or many hosts form the basis of a scan target.

A host is also an asset type. Any scanned or discovered host can be recorded in the asset database. Hosts in scan targets and in scan reports are identified by their network address, either an IP address or a hostname.

3) CVE® is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services, per the terms of use.

The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Record added to the list is assigned and published by a CNA.

You can find more information via https://cve.mitre.org/cve/.

4) The Severity is a value between 0.0 (no severity) and 10.0 (highest severity) and expresses also a Severity Class (None, Low, Medium or High).

Comparison, weighting, prioritisation is possible of any scan results or NVTs because the severity concept is strictly applied across the entire system. Not a single severity is just expressed as “High” for example. Any new NVT is assigned with a full CVSS vector even if CVE does not offer one and any results of OSP scanners is assigned an adequate severity value even if the respective scanner uses a different severity scheme.

5) The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. Scores are calculated based on a formula that depends on several metrics that approximate ease and impact of an exploit. Scores range from 0 to 10, with 10 being the most severe.

6) The Quality of Detection (QoD) is a value between 0% and 100% describing the reliability of the executed vulnerability detection or product detection. By default, only results that were detected by NVTs with a QoD of 70 % or higher are displayed. The possibility of false positives is thereby lower.

Also, you can choose Action based on the table:

• Set as False Positive - you can define that this vulnerability is false positive/not dangerous for your organization.

• Generate incidents – you can generate event and sent it in browser for further investigation.

To Compare Reports, press button, and choose the task name from the list:

After, you can compare reports by time, owner, task name, application, host, OS, ports counts and vulnerabilities, which were defined during scanning:

Native Reports

You can also find information about Vulnerabilities events in CYBERQUEST Reports Module. The Reports that are generated on imported data from open-vas vulnerabilities.

Access Reports module by pressing button you will find in top-left section of Web Interface.

In Technology Reports you will find the CQ Vulnerability Reports and you have to choose All CQ OpenVas Events report:

To Execute a Report, firstly you have to set a specific Start Date and End Date for report data. After you selected the date interval, you have to choose from drill-down (below Filter Data) text box which event fields will be added to report. By default, the report includes only Computer, Description, Destination IP and LocalTime listed as report columns. Check or uncheck any other field you consider being needed.

After you finished this steps, you have to press button, and you will see the executed reports: