One challenge that security professionals in general share is the difficulty in prioritizing the vast amount of information of security threats, vulnerabilities and misconfigurations. In conversations with customers and partners we often hear how much they value the rich reporting capabilities of Nexpose. The fact that Nexpose helps users clearly prioritize based on real risk which goes beyond the standard CVSS scores to include the notion of contextual exploitability, malware information and weighted and temporal risk scores continues to be a key capability that makes the lives of a security professional so much easier. So we've decided to take those capabilities one step further. With our Nexpose 5.2 release, which shipped on March 21st, we have included some cool enhancements to the CSV export feature. The CSV export has been expanded to include a wide range of new data fields that can now be exported. The data that gets exported is entirely customized through the use of field based templates that can be easily created and reused across new and existing CSV export reports. The use of these new templates makes CSV exporting extremely simple and powerful.
Why is this important? Security professionals are often asked by their CISO's to prepare security information for their business units. Nexpose does this all out of the box with a number of pre-defined templates but often users want to further manipulate the data. With the new export options users can now slice and dice the data based on more than 30 different criteria.
Existing CSV Export Users
When upgrading to Nexpose 5.2, you will notice some minor enhancements to the CSV report format. Existing CSV export reports will automatically be upgraded to utilize a new template called Basic Vulnerability Check Results. This template contains the exact same columns in the exact same order in comparison with the definition of the columns that were exported in previous releases of Nexpose. However, there are some subtle differences in the data that is now generated.
1) The column headers have been enhanced to provide more meaningful names.Old Column Headers
New Column Headers<host>Asset IP Address<port>Service Port<result-code>Vulnerability Test Result Code<vuln-id>Vulnerability ID<cve-id>Vulnerability CVE IDs<severity>Vulnerability Severity Level<vuln-title>Vulnerability Title
2) The Vulnerability CVE IDs column now contains a comma separated list of all exported CVE IDs. Previously, the <cve-id> column only contained the first CVE ID found.
3) All values are properly escaped using the following algorithm: If a value contains a newline, double quote, or comma, that value is escaped by wrapping it in double quotes.
Microsoft Excel Support
To better support Microsoft Excel, all values are truncated at 32,000 characters. Carriage returns found in values are converted to spaces. It is also important to note that recent versions of Excel (2007 ) have an increased row limit of 1 million rows. To help accommodate this restriction, new filtering capabilities have been added to CSV (and also XML) export reports allowing for the filtering of vulnerability data by status.
You can now reduce the CSV export size by excluding all non-vulnerable vulnerabilities that were tested against an asset. This filter alone can reduce export sizes by over 80%!
API users benefit from this upgrade as well! Template creation support for CSV export reports is supported through the existing ReportTemplateSave API. CSV exports can continue to be generated using the ReportGenerate and ReportAdhocGenerate APIs. When upgrading your API clients, be sure to include the template ID as part of the ReportAdhocGenerate request. For more details on the Reporting APIs consult the Nexpose API v1.1 Guide.
With the new exporting features, you can now export a richer, customized data set tailored to meet your security needs! The great thing about these enhancements is that all users of the Nexpose Enterprise Edition and Consultant Edition will receive these improvements at no additional cost.