Good Day! I am Eric Pattenden, a Sales Engineer with Rapid7.
The Nexpose CSV Export can now be customized to show only desired data for discovered vulnerabilities and the order in which it appears. After sampling a few options I found that pivot tables are a great way to visualize the CSV export data in graph form.
The bottom line for vulnerability assessment is valuable visibility into your network that can be quickly interpreted. In accordance with that objective I have tried to answer two questions I frequently run into:
Report 1 – What is really left for PCI?
WHO: Organizations who fall into PCI compliance and need an overview of how much real work is left.
WHAT: A breakdown of which vulnerabilities are confirmed vulnerabilities against those which cannot be positively confirmed by Operating System and PCI Compliance.
WHY: When it is necessary to have visibility into how many of the discovered vulnerabilities on your network are actually confirmed versus those that are suspected.
HOW: The data fields I used for this representation are Asset OS Family, Vulnerability PCI Compliance Status, and Vulnerability Test Result Description.
Report 2 – Do ancient vulnerabilities still exist on your network?
WHO: High level management who need to know if their remediation team is effective.
WHAT: A display of vulnerabilities found on the network sorted by the year the vulnerability was published or disclosed.
WHY: Find out if ancient vulnerabilities exist on your network.
HOW: The data fields I used for this representation are Vulnerability Published Date, and Vulnerability Risk Score.