Wanted clarification on the Exception / Deferral Process

Venkatesh4 · ‎10-16-2023

Hi All,

I have two scenarios and wanted to know how the VR will will react to these scenarios

1. When a remediation task is marked as differed and the associated open vulnerability item is marked as deferred following exception approval, will that deferred vulnerable item and the associated remediation task also be marked as closed the next day if Qualys identifies that vulnerability as closed?

2. The other side opposite to the above statement. If a manually closed vulnerable item associated with a remediation task which is marked as differed now and the next Qualys scan identify that this vulnerable item is open will it change the state of VIT to open and also will it change the remediation task state to open?

Please assist with your valuable response.

Thanks in advance

Nitesh Tolani · ‎01-02-2024

1. Yes, if Qualys says that the vulnerability is closed, then the deferred item would be marked as Closed-Fixed and the corresponding state would be rolled up to the Remediation Task. And if all the Vulnerable Items in a Remediation Task are closed, then the Remediation Task will also be closed.

2. This depends on the substate or the reason by which the vulnerable item was manually closed. If the Vulnerable Item was Closed-Fixed, then only it will be reopened by Qualys. If it is closed using some other substates like Cancelled, then the Qualys scan will never reopen it.