What's the purpose of Auto-Close Stale Vulnerable Items ?

Go to solution
Scott58
Kilo Contributor

‎02-01-2021 09:42 AM

Could someone explain the purpose of the Auto-Close Stale Vulnerable Items feature?

I thought this was a big win for me on 2 different issues:

1.) CI's that are Decommissioned and thus no longer able to be validated by Qualys as remediated.  

2.) Vulnerabilities that are remediated thru removal of an offending application - at times Qualys does not mark these as Fixed since it can't verify it exists nor verify that it doesn't. 

I currently have this set to 15 days and my application teams are noticing that they are remediating vulnerabilities thru those methods above and the VITs are changing to Closed, however the corresponding Vulnerability Groups are remaining in a Resolved or Open state and not moving to Closed.

State-Reason:   Closed-Fixed will closed the VUL, but Closed-Stale does not effect the State of VUL.  

Why not?  Is there a setting I can check to Close VULs with Stale VITs?  Or am I completely off-base here.

thanks!

Labels:
0 Helpfuls
  • 2,066 Views
1 ACCEPTED SOLUTION

Go to solution
Jerald Carter
Giga Expert
In response to Scott58

‎02-01-2021 01:14 PM

Check the Closed-fixed roll up to group level Business Rule on the VIT.  Base configuration only checks if the substate / reason is Fixed. 

Adding an Or clause for the Stale substate / reason should do the trick.

View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
Matthew19
Tera Contributor
In response to Kevin Lillis

‎07-19-2021 01:20 PM

Has anything changed in this regard with Paris or Quebec?

0 Helpfuls

Go to solution
Kevin Lillis
Tera Expert
In response to Matthew19

‎07-19-2021 01:26 PM

I don't know.  We only just started noticing this because we were wanting to use the auto-close stale VIs.  We don't use it yet, but were researching it.

We are on Quebec.

 

 

0 Helpfuls

Go to solution
Scott58
Kilo Contributor

‎02-02-2021 12:13 PM

Thank you! 

I'm working with my group in Dev to make the change now so I can get the fresh view and compare to Prod.  I understand this is a fairly new feature, but can I suggest adding a reference to this in the article noted earlier by Chandra.

I would almost expect the Rule to be changed automatically, since this seems to be an improvement feature.  Leaving Groups Open with all Items Closed seems to go against a good 'workflow'.

0 Helpfuls

Go to solution
Scott58
Kilo Contributor
In response to Scott58

‎02-03-2021 05:26 AM

Well, I know I'm just replying to my own comment but I won't know the results for a bit as my SN admins view this as a customization (which it seems to be) and are thus a little more apprehensive.  So it looks like it's story creation time.

Thanks again for help!

0 Helpfuls