Vulnerable items with empty Configuration items

Harish V · ‎04-08-2022

I have noticed that there are several Vulnerable items in our instance with empty configuration item. When I look at the Discovered Item associated with this record, they all have a CI associated with it. Questions I have is,

1. Why would a VT be created with out a CI?

2. Was it initially created with a CI and then the CI got deleted?

I have tried deleting a CI in Dev and at least the first audit record of when the CI got associated with the VT persisted in history. What is baffling is the VTs in question do not even have an audit record in history of a CI getting associated with them.

3. Does CI ever change on a Discover Item with status of matched with out manually running CI look up rules on them?

The Discovered item does have a CI associated with it but the CI was created in the system after the VT was created.

4. Is there any negative impact on auditing Discovered Item table?

emir · ‎04-08-2022

Please get familiar with these concepts: Discovered Items

Think of DI as staging and an attempt to match to a CI, that will not always happen, but you want to track the VI, so it wil be bound to a DI only, and you can match a CI later on using a Reconcile unmatched discovered items scheduled job.

Have you taken the VR training/cert?

Harish V · ‎04-11-2022

Hello @emir ,

Thank you for your reply. I am familiar with the concept of Discovered Items. However, the question here is why or how would a Vulnerable Item be created without a CI? There is no audit log on those Vulnerable items of having a CI. The screenshot below is just a few from last month. Also, I have taken the VR training and have a VR cert. This might not be an issue that all customers are facing.

emir · ‎04-11-2022

can you show the qualys payload/discovered item?

Harish V · ‎04-13-2022

Hello Emir,

Here is the discovered item. Can you please look at the questions I had on my original post and let me know your thoughts on that?