Scan Variance

The Scan Variance report provides a comparison of new, resolved, and unresolved vulnerability instances found by the selected scan. Use this report to gain insights into the effectiveness of your vulnerability management and remediation efforts.

To access the Scan Variance report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Vulnerabilities.
  3. Under Scan Schedule Breakdown, click VIEW.
  4. Click Scan Variance.

View the latest scan report for a specific schedule

To view the report for the latest or most recent scan for a specific schedule, you must:

  1. Select a single value for the Customer Account, Deployment Name, and Scan Schedule Name filters.
  2. Select Show Latest Scan for the Scan Date Option to automatically set the Scan Start Date to Latest.
You will need to select Latest from the Scan Start Date filter if it is not automatically set.

View a previous scan report for a specific schedule

To view the report for a previous scan for a specific schedule, you must:

  1. Select a single value for the Customer Account, Deployment Name, and Scan Schedule Name filters.
  2. Select Show All Available from the Scan Date Option filter.
  3. Select a single value from the Scan Start Date filter.
The Start Scan Time for a specific scan will not appear until the data refresh following the final scan window defined in the schedule. To validate the most recent data refresh, see the Last Updated Time in the top right of the report window.

Filter the report

To refine your findings, filter your report by Category and Variance.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Download the report

You can download the Scan Variance report as a CSV or PDF file. To learn how to download reports, see Report Download Option.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

You can only schedule the Scan Details List report after you select Show Latest Scan for the Scan Date Option. This is required to ensure that a report is generated for the most recent scan and not the same scan on a recurring basis.

Scan result categories

If the selected deployment has agent-based scanning enabled, Alert Logic consolidates agent-based scan results with the latest available internal network scan to provide a complete vulnerability assessment. You can use the Category filter to isolate vulnerability assessments in consolidated results. Listed categories include the vulnerability scan type(s) associated with the selected schedule:

Category Vulnerability Scan Type
Agent Agent-based scan
Credentials Internal network scan with credentials (authenticated)
Network Internal network scan without credentials (unauthenticated)
External External network scan

For information about each scan type, see About Alert Logic Scans.

In the Category filter list, if you see only Non-Attributable, it indicates that the selected scan did not detect any vulnerabilities.

Variance status

Alert Logic categorizes vulnerability instances into different statuses, which are referred to in sections of the report:

  • New: Vulnerability instances that existed on the selected day, but not on the previous day
  • Resolved: Vulnerability instances that existed on the previous day, but not on the selected day
  • Unresolved: Vulnerability instances that existed on the selected day and on the previous day

CVSS scores and severity

Alert Logic assigns each vulnerability instance with a severity rating based on the CVSS score set by the National Institute of Standards and Technology (NIST) and reported to the National Vulnerability Database. Alert Logic supports both CVSS v2 and CVSS v3 scores.

Severity rating CVSS v2 score range CVSS v3 score range
Critical Not applicable 9.0 - 10.0
High 7.0 - 10.0 7.0 - 8.9
Medium 4.0 - 6.9 4.0 - 6.9
Low 0.1 - 3.9 0.1 - 3.9
Informational 0.0 0.0

Some vulnerabilities in the National Vulnerability Database have both CVSS v2 and CVSS v3 scores. Alert Logic displays the newer CVSS v3 score and severity rating in prominent locations and both scores in detail views. If only one CVSS score exists, Alert Logic uses that score and severity rating.

Scan variance list

The list provides details of the vulnerability instances found by the selected scan. The list is organized by variance, vulnerability name, host name, IP address, CVSS score, and severity. The list is sorted by descending CVSS score.