The vulnerability instances report differs from the other reports in the risk insight section in a few different ways. The first major visual difference is the visual at the top of the page. Unlike the other reports, the vulnerability instances report does not feature a bar chart of elements that represent risk. Instead, the vulnerability instances report has a that breaks down vulnerability instances by category. Before doing any risk rating analysis on vulnerabilities, DeepSurface first applies rules that help determine the best category to put the vulnerability instance into. One way to think about the vulnerability instances report is by comparing it to a funnel. DeepSurface begins by taking all of the instances reported by your vulnerability scanner(s) and subsequently sorts and categorizes them until arriving at a much narrower set of instances that you should begin your remediation efforts with. After taking context, internal rules, and publicly available information into account, DeepSurface ultimately determines what subset of vulnerability instances in your environment actually pose a risk.
If at any point you would like more information about a particular category, or any of the instances that were included within it, simply hover over a given category (or select the category from the category dropdown to filter down to just that category) and read the helpful explanation of the reasoning behind that category.
Host, patch, vulnerability, and vulnerability instance reprots all have robust filtering options. To learn more about filtering see the Filtering Section of the help documentation.
Any report can be exported as an Excel spreadsheet or PDF. For more information on exporting, see the Exporting Section of the help documentation.
The vulnerability instances report provides a few additional filtering options that are not present in any of the other risk insight reports. It is possible to group the vulnerability instances 4 different ways. To change the grouping, locate the group selector above the table of results and switch between host, patch, vulnerability, or scanner signature.
Viewing a table of vulnerability instances grouped by scanner signature is unique to this report:
There is also a shortcut filter button on every row of the results table, regardless of what grouping method. If you ever want to just see the vulnerability instances that apply to a given host/patch/vulnerability/signature, click the filter button at the end of the row and the results will automatically filter down to that single record. This is effectively the same as applying the specific host/patch/vulnerability/signature filter in the filter builder, but just a handy shortcut. To remove the filter, toggle the same filter button in the remaining row.