Vulnerability Reports

Vulnerability reports are critical security documents that detail discovered weaknesses in systems and applications. They enable security teams to prioritize and remediate risks effectively. This section explains how to access, interpret, and act on vulnerability reports within CYBERQUEST.

CQ Vulnerability Reports

CYBERQUEST Vulnerability Reports are based on OpenVAS integration (https://www.openvas.org/).

To access these reports, open the Vulnerability Manager in the web interface by navigating to Settings > Management > Vulnerability Manager, then select the Reports section.

The Reports section presents the results of completed scanning tasks, displaying key information like as the report name, associated task, owner, number of detected vulnerabilities, number of scanned hosts, scan start time, current scan status, and available actions.

The Actions button allows exporting scan events from the scanner to CYBERQUEST for further analysis within the dashboards and reports module. For more details, refer to Vulnerabilities dashboards in CYBERQUEST.

Use the Quick Filter to search for specific reports by Reports Name.

Selecting a specific report via the button opens a detailed view containing information:

The table displays detailed information about vulnerabilities categorized by ports, hosts, severity, NVT (Network Vulnerability Tests), name, NVT.CVE (Common Vulnerabilities and Exposures), and QoD (Quality of Detection).

More description regarding Network Vulnerability tests and other OpenVAS terms please find below:

1) The OpenVAS Scanner performs several security checks. These are called Network Vulnerability Tests (NVTs) and are mostly implemented in the programming language NASL. Some NVTs are wrappers for external tools. As new vulnerabilities are published every day, new NVTs appear in the Greenbone Security Feed.

2) A Host is a single system that is connected to a computer network and that may be scanned. One or many hosts form the basis of a scan target.

A host is also an asset type. Any scanned or discovered host can be recorded in the asset database. Hosts in scan targets and in scan reports are identified by their network address, either an IP address or a hostname.

3) CVE® is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services, per the terms of use.

The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Record added to the list is assigned and published by a CNA.

You can find more information via https://cve.mitre.org/cve/.

4) The Severity is a value between 0.0 (no severity) and 10.0 (highest severity) and expresses also a Severity Class (None, Low, Medium or High).

Comparison, weighting, prioritisation is possible of any scan results or NVTs because the severity concept is strictly applied across the entire system. Not a single severity is just expressed as “High” for example. Any new NVT is assigned with a full CVSS vector even if CVE does not offer one and any results of OSP scanners is assigned an adequate severity value even if the respective scanner uses a different severity scheme.

5) The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. Scores are calculated based on a formula that depends on several metrics that approximate ease and impact of an exploit. Scores range from 0 to 10, with 10 being the most severe.

6) The Quality of Detection (QoD) is a value between 0% and 100% describing the reliability of the executed vulnerability detection or product detection. By default, only results that were detected by NVTs with a QoD of 70% or higher are displayed. The possibility of false positives is thereby lower.

Actions available from the table include:

• Set as False Positive - marks the selected vulnerability as a false positive or not relevant for the organization.

• Generate incidents – creates an event and sends it to the browser for further analysis.

To compare reports, click the button and select a task name from the list.

Reports can then be compared based on time, owner, task name, application, host, operating system, number of ports, and identified vulnerabilities during the scanning process.

Native Reports

Vulnerability-related information is also available in the CYBERQUEST Reports Module. These reports are generated based on imported data from OpenVAS vulnerability scans.

To access the Reports module, click the button located in the top-left section of the web interface.

Within the Technology Reports section, locate CQ Vulnerability Reports and select the All CQ OpenVAS Events report:

To execute a report, specify a Start Date and End Date to filter the report data. After selecting the date range, select the event fields to include in the report from the drill-down list under the Filter Data section.

After configuration is complete, press the button to generate and display the report.