Need help creating a new patch management/security report
I am looking to create a report for patch management after accepted risks on certain software version. For example, I need to use Java 7 Update 67 for some software that is not yet compatible for Java 8. So I would like to have an "exception report" that shows this list of devices using this outdated version of Java. Then I would like an adjusted OVAL Device Compliance report that shows vulnerabilities with the accepted risks of the outdated version of Java. So I would have two OVAL reports - one with the total of all vulnerabilities and one with the total of vulnerabilities that can actually be fixed.
Any suggestions would be appreciated.
There are no answers at this time