Yes, this is possible. The piece you're missing is the join table between Vulnerable Items (VITs) and Remediation Tasks: sn_vul_m2m_vul_group_item, label "Remediation Task Item". It has two reference fields:

• sn_vul_vulnerable_item → the VIT
• sn_vul_vulnerability → the Remediation Task (the table is named sn_vul_vulnerability for legacy reasons; its label is "Remediation Task")

Build your report directly on sn_vul_m2m_vul_group_item and dot-walk for the columns you need:

• sn_vul_vulnerable_item.cmdb_ci.name — server name
• sn_vul_vulnerable_item.cmdb_ci.os — OS
• sn_vul_vulnerable_item.number — VIT number
• sn_vul_vulnerability.number — Remediation Task number (VUL prefix)

Filter on the dot-walked CI class if you want to restrict the output to servers only.

One thing to be aware of: the VIT-to-Remediation-Task relationship is many-to-many, so the same VIT can appear under more than one task number. Your output will have one row per VIT/task pair, not one row per VIT. Worth confirming that's what you want before publishing the report.

This is scanner-agnostic, so Tenable, Qualys, Rapid7 all populate through the same VIT and Remediation Task tables.

If this helped, please mark it as helpful or accept as solution so others running into the same issue can find it.