Reading of Reports

The report contains a list of all of the vulnerabilities detected by the Scanner.

reportvuln.png

List of discovered vulnerabilities

To support the administrator with the analysis of the results the severity of a vulnerability (CVSS, see also section CVSS)is displayed directly as a bar.

To point the administrator to a simple solution the column Solution-Type solution_type displays the existence of a solution. The column will display if a vendor patch st_vendorfix exists or a workaround st_workaround is available. It will also be displayed if no solution for a vulnerability exists st_nonavailable. If the column of the respective vulnerability still appears empty then the respective NVT has not been updated yet.

The column Quality of Detection (QoD) provides information in regards to the reliability of the successful detection of a vulnerability. This assessment is implemented into all existing NVTs step by step (see section Network Vulnerability Tests). This column allows to be filtered as well. You can use the min_qod in the Powerfilter. By default only NVTs with a QoD of 70% are displayed.Vulnerabilities with a lower reliability of detection are not displayed in the report. The possibility of false positives is thereby lower.

In the respective vulnerability view, additional, more detailed information is available.

_images/vuln.png

Detailed information about the vulnerability and solution options.