what is Stale Vulnerable Item?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 07:32 PM
Based on which field is Stale Vulnerable Item used to determine whether it is Stale ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 07:56 PM
In the version I have installed, stale "Detections" are based on the Auto-Close configuration rule, where you give it a number of days and choose if it gets based on the Detection Last Found field or the Asset Last Scanned field. I believe I read in release notes, a newer version allows more granular rules to enable other conditions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 08:05 PM
Thank you for your answer, but I still want to confirm. If Auto-Close configuration rule is set to close after 90 days, is the stale time determined using the red box field?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 08:18 PM
I think, not exactly. The auto-close rule works on Detections not VITs, so if you click into one of your VITs and look at the Detections tab, the Last Found in that display is what is used, if you select that option on the rule. Then, if all detections on a VIT get closed, the roll-up will then close the corresponding VIT, and possibly VUL records per the definition of that process. Since you can have more than one (depending on how you set granularity) detection on a VIT, I am not 100% sure the red outlined Last Found is exactly a copy of that field from the Detections table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 08:32 PM
I probably understand now. Thank you very much for your help.