- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-27-2022 05:58 AM
Nexpose closes the vulnerable items when issue is fixed for assets/configuration items which is alive/operational in nexpose scanning but it is not happening for dead/non-operational assets, may i know why?
I want to know is there any process to close vulnerable items when assets/configuration items are removed from nexpose scanning?
I have gone through this below link, but it doesn't help me:
Solved: How to deal with the issue of decommissioned asset... - ServiceNow Community
# sandiego #vulnerablityrespose #secops #secopsforum
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-27-2022 03:38 PM
Hey Sai,
Without R7 reporting that the vulnerability was Fixed, VR has no way of knowing that it should be closed. There are a couple of things you can look into. Both can be found by navigating to:
Vulnerability Response > Administration > Auto-Close Configuration:
Stale Detections
- This will automatically close a Vulnerable Item when the scanner has not reported the vulnerability for X number of days.
- I have seen customers set this value anywhere from 15 to 60 days
Configuration Item Lifecycle
- Auto-close VIs linked to Retired CIs [checkbox]
- Before deciding to use this feature, you should consider how well you trust your CMDB processes. If a CI is Retired in the CMDB but the actual device is still running on your network, the VI will be closed even though it is in reality an active vulnerability in your environment.
I hope that this helps,
--Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2022 11:35 AM
Hey Sai,
here are the jobs that process the configurations that I mentioned [System Definition > Scheduled Jobs]
- Close detections/VIs for decommissioned CIs
- Auto-Close Stale Detections
--Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-27-2022 03:38 PM
Hey Sai,
Without R7 reporting that the vulnerability was Fixed, VR has no way of knowing that it should be closed. There are a couple of things you can look into. Both can be found by navigating to:
Vulnerability Response > Administration > Auto-Close Configuration:
Stale Detections
- This will automatically close a Vulnerable Item when the scanner has not reported the vulnerability for X number of days.
- I have seen customers set this value anywhere from 15 to 60 days
Configuration Item Lifecycle
- Auto-close VIs linked to Retired CIs [checkbox]
- Before deciding to use this feature, you should consider how well you trust your CMDB processes. If a CI is Retired in the CMDB but the actual device is still running on your network, the VI will be closed even though it is in reality an active vulnerability in your environment.
I hope that this helps,
--Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2022 03:28 AM
Thanks @joe_harvey it got worked for me!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2022 04:32 AM
may i know which scheduled job it runs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2022 04:32 AM
may i know which scheduled job it runs? @joe_harvey
