Starting from Vulnerability Response (VR) v17.1, you can automatically resolve any duplicate vulnerabilities on an asset.

When an asset is scanned with multiple scanners, there’s a chance of identifying the same vulnerability as duplicates by the different scanners. For example, if the Qualys and Microsoft scanners identify the same vulnerability, you can choose to automatically resolve the duplicate one.

Sample scenario

VR creates a record, VI1, for vulnerability 1 from the Microsoft Defender for Endpoint scanner. A second record, VI2, is created from the Qualys scanner for the same vulnerability. The remediation team applies the patches that might resolve the VI1 and VI2 records. If you configure the Qualys scan schedule beyond one day, by that time the Microsoft Defender gives the fixed vulnerability information and VR closes the VI1 record as Closed/Fixed.

In this scenario, VI2 record is still in Open state and VR waits for the Qualys scan results. In this situation, VI records from the second scanner remain in Open state even if the patch is applied and the VI is confirmed as fixed by the other scanner.

To address this situation, you may consider to resolve the duplicate vulnerability record based on the condition that the vulnerability is closed by the first scanner.