Use the revised detection key to update the existing detections and vulnerable item records.
始める前に
Role required: sn_vul.vulnerability_admin can modify detection key configurations and apply changes to existing detection records.
手順
-
Navigate to .
-
Open a detection key configuration record.
The Configuration Item (CI) field is available. The Asset ID and Configuration Item fields are editable, while all other fields can't be edited.
-
Select Configuration Item, de-select Asset ID to switch to CI-based detection.
-
If both Asset ID and CI are selected, the system displays an error message.
- The record moves to a Pending state.
- An info message appears, notifying that changes are made but not yet applied to existing detections.
-
Select Apply Changes.
For the following cases, the detection key can't be modified:
- If the integration for the respective scanner or the CI lookup rules job is running, then detection key can’t be modified.
- If the detection key has been updated and the scheduled job is run to update the detections with the new key, configurations can't be modified until the job is completed.
- If the detection key update job is running, then the integration for that particular scanner will not run.
-
The scanner for which the detection keys are changed:
- Fixing the detections for updated key for Qualys
- Fixing the detections for updated key for Rapid7
- Fixing the detections for updated key for Tenable
All existing detection and vulnerable item records are updated using the revised detection key. New detections generated by integrations use the new detection key fields.