What's the issue?
There are one or more databases that have not had a full backup completed, or there are one or more databases using the Full or Bulk Logged recovery model that have not had a log file backup completed.
Why is this a problem?
By default, SQL Server does not perform any backups of your databases. If a database is missing a full backup then it is likely unrecoverable.
Also, if your database is using the Full or Bulk Logged recovery model, you will need to perform log file backups at regular intervals. Failing to do so will result in the log file growing until there is no more available drive space.
What should you do about this?
You should probably schedule full backups to be completed at regular intervals for any databases with critical data you may need to recover some day.
Also, if you need to recover data to a point in time between full or differential backups, schedule log file backups to be completed at regular intervals. If you do not need to recover to a point in time between full or differential backups, consider changing your recovery model to Simple.
Vulnerability
Category
What do the Vulnerability Levels mean?
0 - Information only. This is stuff you should know about your instances like version and service account used, but if you don't know it…well, now you do.
1 - High vulnerability requiring action. These are the issues that could most likely lead to your company being front page news for all the wrong reasons. If your instances have any results at this level then we recommend cancelling that 3-martini lunch and instead huddling with your team to figure out when to address these issues.
2 - High vulnerability to review. These include settings and assigned permissions you should review soon, if not immediately. These findings may not necessarily indicate a clear vulnerability, but we've found unexpected vulnerabilities in these categories at many, many clients.
3 - Potential vulnerability to review. These are configurations or assigned permissions you may be using that could lead to problems for users. Or maybe they're just required for your applications. Either way, we recommend reviewing these to make sure these are correct.
4 – Low vulnerability with recommended action. These are typically security inconsistencies that should be addressed. They aren't likely to cause problems, but you should clean up the mess.