SQL Query Example: Vulnerability Exceptions

Document created by synapsr on Feb 4, 2015
Version 1Show Document
  • View in full screen mode

We often get compliments for Nexpose Exceptions Workflow which allows you to "ignore" vulnerabilities based on compensating controls or say acceptable use or risk.

 

You can change the following to look at the information from different perspectives:

dve.reason_id = 'F'

- False Positive = 'F'

- Compensating Control = 'C'

- Acceptable Use = 'U'

- Acceptable Risk = 'R'

- Other = 'O'

 

 

SELECT da.ip_address as "IP Address", da.host_name as "Host Name", dv.title as "Vulnerability", descope.description as "Scope", dve.additional_comments as "Comments", dest.description as "Exception Type", dve.submitted_by "Submitted by", dve.reviewed_by as "Reviewed by", dve.review_comment as "Reviewer's Comment", dve.expiration_date as "Exception Expiration Date"

FROM dim_asset da

  JOIN dim_vulnerability_exception dve using (asset_id)

  JOIN dim_vulnerability dv using (vulnerability_id)

  JOIN dim_exception_scope descope using (scope_id)

  JOIN dim_exception_status dest using (status_id)

WHERE dve.reason_id = 'F'

GROUP BY da.ip_address, dv.title, da.host_name, descope.description, dve.additional_comments, dest.description, dve.reason_id, dve.submitted_by, dve.reviewed_by, dve.review_comment, dve.expiration_date

ORDER BY da.ip_address DESC

3 people found this helpful

Attachments

    Outcomes