We are using SeqOps-VR to capture vulnerability information from a third party (InsightVM).
After implementing a vulnerability response for a certain vulnerable item,
If the vulnerability is re-scanned by InsightVM and the vulnerability is no longer on InsightVM (the vulnerability has been addressed), will it be automatically closed regardless of the status of the vulnerable item or the remediation task?
For example, if a vulnerable item is still in the open status, will it be auto-closed if the vulnerability is no longer present due to a rescan?
Looking at the following Docs, it seems that if the status (substate?) of a vulnerable item is not “fixed”, it will not be auto-closed. Is this description correct?
Do I have to manually set the status to “fixed” to close the vulnerability?
https://www.servicenow.com/docs/bundle/xanadu-security-management/page/product/vulnerability-respons...
