what is Stale Vulnerable Item？

lizijing · ‎03-26-2024

Based on which field is Stale Vulnerable Item used to determine whether it is Stale ?

Joe Kline · ‎03-26-2024

In the version I have installed, stale "Detections" are based on the Auto-Close configuration rule, where you give it a number of days and choose if it gets based on the Detection Last Found field or the Asset Last Scanned field. I believe I read in release notes, a newer version allows more granular rules to enable other conditions.

lizijing · ‎03-26-2024

Thank you for your answer, but I still want to confirm. If Auto-Close configuration rule is set to close after 90 days, is the stale time determined using the red box field?

Joe Kline · ‎03-26-2024

I think, not exactly. The auto-close rule works on Detections not VITs, so if you click into one of your VITs and look at the Detections tab, the Last Found in that display is what is used, if you select that option on the rule. Then, if all detections on a VIT get closed, the roll-up will then close the corresponding VIT, and possibly VUL records per the definition of that process. Since you can have more than one (depending on how you set granularity) detection on a VIT, I am not 100% sure the red outlined Last Found is exactly a copy of that field from the Detections table.

lizijing · ‎03-26-2024

I probably understand now. Thank you very much for your help.