How to Check Vulnerability Scan Results on Linux

How to Check Vulnerability Scan Results on Linux

Need to check vulnerability scan results on your Linux server? Want to monitor vulnerability findings, track severity, and detect new vulnerabilities? This guide shows you how to check vulnerability scan results using scan reports and set up automated monitoring with Zuzia.app.

For comprehensive vulnerability scanning monitoring strategies, see Vulnerability Scanning Security Monitoring Guide. For troubleshooting vulnerability issues, see Vulnerability Exposure Security Risk.

Why Checking Vulnerability Scan Results Matters

Vulnerability scan result checks help you track vulnerability findings, monitor severity distribution, detect new vulnerabilities, ensure timely remediation, and maintain security compliance. Regular result checks prevent vulnerabilities from going undetected.

Method 1: Check Scan Execution Status

Verify vulnerability scans are running and completing:

Check Scan Status

# Check if vulnerability scanner is installed
which openvas-scanner || which nessus || which nikto || echo "Scanner not found"

# Check scan process status
ps aux | grep -E "openvas|nessus|nikto|nmap" | grep -v grep

# Check scan log files
ls -la /var/log/vulnerability-scans/ 2>/dev/null || ls -la /var/log/nessus/ 2>/dev/null

# Check last scan timestamp
find /var/log/vulnerability-scans -name "*.log" -type f -exec stat -c "%y %n" {} \; | sort -r | head -1

Scan status checking shows whether scans are running and completing.

Method 2: Check Vulnerability Findings

Review vulnerability scan results:

Check Vulnerability Count

# Parse vulnerability scan report (example for XML format)
if [ -f /var/log/vulnerability-scans/last-scan.xml ]; then
  VULN_COUNT=$(grep -c "<vulnerability>" /var/log/vulnerability-scans/last-scan.xml 2>/dev/null || echo "0")
  echo "Vulnerabilities found: $VULN_COUNT"
else
  echo "No scan report found"
fi

# Count vulnerabilities by severity
CRITICAL=$(grep -c "severity.*critical" /var/log/vulnerability-scans/last-scan.xml 2>/dev/null || echo "0")
HIGH=$(grep -c "severity.*high" /var/log/vulnerability-scans/last-scan.xml 2>/dev/null || echo "0")
MEDIUM=$(grep -c "severity.*medium" /var/log/vulnerability-scans/last-scan.xml 2>/dev/null || echo "0")
LOW=$(grep -c "severity.*low" /var/log/vulnerability-scans/last-scan.xml 2>/dev/null || echo "0")
echo "Critical: $CRITICAL, High: $HIGH, Medium: $MEDIUM, Low: $LOW"

Vulnerability count checking shows security findings.

Check Vulnerability Severity

# Track severity distribution
echo "Vulnerability Severity Distribution:"
for severity in critical high medium low; do
  COUNT=$(grep -ic "severity.*$severity" /var/log/vulnerability-scans/*.xml 2>/dev/null | wc -l || echo "0")
  echo "$severity: $COUNT"
done

# Calculate severity percentage
TOTAL_VULN=$(grep -c "<vulnerability>" /var/log/vulnerability-scans/last-scan.xml 2>/dev/null || echo "0")
if [ "$TOTAL_VULN" -gt 0 ]; then
  for severity in critical high medium low; do
    COUNT=$(grep -ic "severity.*$severity" /var/log/vulnerability-scans/last-scan.xml 2>/dev/null || echo "0")
    PERCENT=$(echo "scale=2; $COUNT * 100 / $TOTAL_VULN" | bc 2>/dev/null || echo "0")
    echo "$severity: ${PERCENT}%"
  done
fi

Severity checking shows vulnerability risk levels.

Method 3: Detect New Vulnerabilities

Identify recently discovered vulnerabilities:

Compare Scans

# Compare current scan with previous scan
if [ -f /var/log/vulnerability-scans/current-scan.xml ] && [ -f /var/log/vulnerability-scans/previous-scan.xml ]; then
  NEW_VULN=$(comm -13 <(grep -oP 'vuln-id[^<]*' /var/log/vulnerability-scans/previous-scan.xml | sort) \
                       <(grep -oP 'vuln-id[^<]*' /var/log/vulnerability-scans/current-scan.xml | sort) | wc -l)
  echo "New vulnerabilities: $NEW_VULN"
else
  echo "Cannot compare scans - previous scan not found"
fi

# Track vulnerability discovery date
grep -oP 'discovered[^<]*' /var/log/vulnerability-scans/last-scan.xml | head -10

New vulnerability detection identifies recently discovered issues.

Method 4: Automated Vulnerability Scan Results Monitoring with Zuzia.app

Manually checking vulnerability scan results works for small environments, but for production systems, you need automated vulnerability scan results monitoring that alerts you when new vulnerabilities are detected or remediation SLAs are at risk.

Setting Up Automated Vulnerability Scan Results Monitoring

1. Add Scheduled Task in Zuzia.app Dashboard

   • Navigate to your server in Zuzia.app
   • Click "Add Scheduled Task"
   • Choose "Command Execution" as the task type

2. Configure Vulnerability Scan Results Check Command

   • Enter command: Parse vulnerability scan reports
   • Set execution frequency: After each scan completion
   • Configure alert conditions: Alert when new vulnerabilities detected or critical vulnerabilities found
   • Set up comparison with previous scans to detect new vulnerabilities

3. Set Up Notifications

   • Choose notification channels (email, webhook, Slack, etc.)
   • Configure alert thresholds (e.g., alert if new high-severity vulnerability detected, critical vulnerability found)
   • Set up escalation rules for critical vulnerability issues
   • Configure different alert levels for different severity levels

Monitor Specific Vulnerability Scan Results

For critical systems, create dedicated monitoring tasks:

# Check scan execution status
ps aux | grep -E "openvas|nessus" | grep -v grep

# Parse vulnerability count
grep -c "<vulnerability>" /var/log/vulnerability-scans/last-scan.xml

# Check for new vulnerabilities
# (Compare current and previous scans)

Zuzia.app stores all command outputs in its database, allowing you to track vulnerability scan results over time, identify new vulnerabilities early, and detect remediation SLA violations before they cause compliance issues.

Best Practices for Checking Vulnerability Scan Results

1. Check Vulnerability Scan Results Regularly

Check vulnerability scan results after each scan completion. New vulnerabilities can be discovered at any time, so regular checks help detect issues early. Use Zuzia.app automated monitoring to check vulnerability scan results continuously without manual intervention.

2. Prioritize by Severity

Prioritize vulnerability remediation by severity. Critical vulnerabilities should be addressed immediately. High-severity vulnerabilities should be addressed promptly. Medium and low-severity vulnerabilities can be addressed based on risk assessment.

3. Track Remediation Progress

Monitor vulnerability remediation progress. Track which vulnerabilities have been remediated and which are outstanding. Calculate remediation rates and track remediation times.

4. Detect New Vulnerabilities

Compare scans to detect new vulnerabilities. Track vulnerability discovery dates. Set up alerts for new high-severity vulnerabilities.

5. Plan Remediation

Use vulnerability scan results data for planning remediation. Prioritize vulnerabilities by severity and exploitability. Plan remediation windows based on vulnerability data.

Troubleshooting Common Vulnerability Scan Results Issues

High Vulnerability Count

If vulnerability count is high:

# Review vulnerability details
grep -A 10 "<vulnerability>" /var/log/vulnerability-scans/last-scan.xml | head -50

# Check severity distribution
# (Use severity checking commands above)

# Plan remediation

High vulnerability counts require prioritized remediation.

New Critical Vulnerabilities

If new critical vulnerabilities are detected:

# Identify new vulnerabilities
# (Use comparison commands above)

# Review vulnerability details
grep -A 10 "severity.*critical" /var/log/vulnerability-scans/last-scan.xml

# Plan immediate remediation

New critical vulnerabilities require immediate attention.

FAQ: Common Questions About Checking Vulnerability Scan Results

How often should I check vulnerability scan results on my Linux server?

We recommend checking vulnerability scan results after each scan completion. New vulnerabilities can be discovered at any time, so regular checks help detect issues early. For critical systems, check more frequently. Use Zuzia.app automated monitoring to check vulnerability scan results continuously without manual intervention.

What should I do when vulnerability scan results show new vulnerabilities?

When vulnerability scan results show new vulnerabilities, first prioritize vulnerabilities by severity. Critical vulnerabilities should be addressed immediately. Review vulnerability details and plan remediation. Track remediation progress and ensure SLAs are met.

Can I check vulnerability scan results without running scans?

Yes, you can check vulnerability scan results from existing scan reports without running new scans. However, scan reports should be recent to be useful. Regular scans ensure results are current.

How do I identify which vulnerabilities need immediate attention?

Prioritize vulnerabilities by severity (critical > high > medium > low), exploitability (actively exploited vulnerabilities first), and business impact. Critical vulnerabilities affecting internet-facing systems should be addressed immediately. Zuzia.app can track vulnerability severity and help prioritize remediation.

Why is checking vulnerability scan results important?

Checking vulnerability scan results helps track vulnerability findings, monitor severity distribution, detect new vulnerabilities, ensure timely remediation, and maintain security compliance. Vulnerabilities can expose systems to security risks, so tracking vulnerability scan results is essential for maintaining security posture.

How do I compare vulnerability scan results across multiple servers?

Use Zuzia.app to monitor vulnerability scan results across multiple servers simultaneously. Each server executes vulnerability scans independently, and all results are stored in Zuzia.app's database for centralized comparison and analysis. You can view vulnerability scan results for all servers in a single dashboard.

Does Zuzia.app track vulnerability scan results changes over time?

Yes, Zuzia.app stores all command outputs in its database, allowing you to track vulnerability scan results over time and identify when new vulnerabilities are discovered or remediation progress occurs. You can view historical data to see vulnerability trends, identify remediation patterns, and verify that vulnerability fixes were successful.

Related guides, recipes, and problems

• Related guides

  • Vulnerability Scanning Security Monitoring Guide
  • VPN Connections Security Monitoring Guide
  • Network Segmentation Access Control Monitoring Guide

• Related recipes

  • Monitor Security Hardening Status
  • Check Encryption Status Compliance
  • Monitor VPN Connection Status

• Related problems

  • Vulnerability Exposure Security Risk
  • Security Hardening Failures