Hey Swathi - I understand.
I think there's an opportunity for SN to investigate enhancing the name of this report in the application. It would be an odd functionality to report on Duplicate Vulnerable Items knowingly being created 🙂
There is a hover over 'hint', on the Vulnerability Integration Runs table list view that yields 'Duplicate items' -> Number of imported records that were identical to existing vulnerable item records...
Keeping that in mind, the system did not handle the duplicate Qualys detections by creating new Vulnerable Items; the system routed these identified duplicate Qualys detections --> to a matching / existing Vulnerable Item record.
The term "Duplicates" in the report is being used in the context of - number of detections from the Qualys Host Detection payload, that were identified as matching up to an existing Vulnerable Item... The system recognized the count here as duplicates, but treated them accordingly with the "de-duplication" process. Meaning, the system did not create additional duplicate Vulnerable Item records; the system associated these identified duplicate detections to an existing Vulnerable Item record.
A more practical report name could potentially fall under Identified Duplicates Last 30d, Treated Duplicate Items Last 30d, De-Duplicated Items Last 30d, Duplicate Items Handled Last 30d, etc...
Hey Swathi - Good observation here.
The report you are seeing here, "Last 30days Qualys Duplicates" on the 'Integration Run Status' page, illustrates that duplicate detections were identified / handled, when the Qualys Host Detection XML file was processed.
If you navigate to the table [sn_vul_vi_ip_address], you can actually see IP address and port pairs, that are associated to Vulnerable Items, as part of the "de-duplication" process.
If you choose a Vulnerable Item record, and scroll down to the Related Lists on the record, you will see a Related List called "Associated IP Addresses"... You can infer here, how Detections from Qualys are "de-duplicated" into a single VIT record.
Hey Swathi - I understand.
I think there's an opportunity for SN to investigate enhancing the name of this report in the application. It would be an odd functionality to report on Duplicate Vulnerable Items knowingly being created 🙂
There is a hover over 'hint', on the Vulnerability Integration Runs table list view that yields 'Duplicate items' -> Number of imported records that were identical to existing vulnerable item records...
Keeping that in mind, the system did not handle the duplicate Qualys detections by creating new Vulnerable Items; the system routed these identified duplicate Qualys detections --> to a matching / existing Vulnerable Item record.
The term "Duplicates" in the report is being used in the context of - number of detections from the Qualys Host Detection payload, that were identified as matching up to an existing Vulnerable Item... The system recognized the count here as duplicates, but treated them accordingly with the "de-duplication" process. Meaning, the system did not create additional duplicate Vulnerable Item records; the system associated these identified duplicate detections to an existing Vulnerable Item record.
A more practical report name could potentially fall under Identified Duplicates Last 30d, Treated Duplicate Items Last 30d, De-Duplicated Items Last 30d, Duplicate Items Handled Last 30d, etc...
