Automatically closed VI on Closed/Fixed detections

Korneil Kim · ‎08-15-2022

We have found numerous Vulnerable Item records that are still in Open status with closed detection(s). Ideally, when all related detections are closed, related Vulnerable Item will automatically closed as well but this does not happen. We ran a daily Qualys host detection scan and these items no longer exist in Qualys and they are marked as Fixed. Here is an example:

How do we get all Vulnerable Items with Closed/Fixed detections automatically closed apart from using the auto-close stale configurations?

Btw, we are using the application version 16.2.1

Shivam Sarawagi · ‎08-15-2022

Hi,

Ideally, whenever the detection is getting closed the state rollup happens and it closes the VIT as well. There might be some error in the logs around the detection closed time which can provide why the item was not closed. If this is happening for a lot of recent items as well, you can consider logging a case.

Coming to autoclose, it works from detection and it picks the open detections and then closes them and state rollup will close the items as well. In this case, detection is already closed hence autoclose job won't pick these. You have to write a custom script to close such VITs.

Thanks,

Shivam

Salma Laskar · ‎03-03-2024

Hi Shivam,

The below article suggests dependencies on other integrations - TVM full import and Rapid 7. Any idea what is the OOB dependencies.

Article: Closing stale detections in Vulnerability Response (servicenow.com)

guptapooja · ‎11-24-2022

Hi, we are facing the same issue where many Vulnerable Items still linked with stale/closed Detections. I checked the auto close stale detection job, there is a function being called if you check that function code it queries only open 'Detection' hence whenever the run running its skipping these closed/stale detections.

guptapooja · ‎01-16-2023

We made a custom solution for this, we created a scheduled job with custom script to close such VITs.