Auto-Closing Vulnerabilities

Kenna supports auto-closing vulnerabilities for all connectors with the exceptions of Qualys, AppScan, the Kenna Data Importer, and a custom CSV. No setup is required. The connector analyzes which assets were scanned with which plug-ins to determine whether or not the asset is still vulnerable to specific vulnerabilities. 

For most scanners, Kenna compares the output from your scanner to the previous connector run and auto-closes the delta i.e. the vulnerabilities no longer detected. On the contrary, vulnerabilities that come from Qualys must be reported from Qualys as closed for Kenna to mark the vulnerability as closed. Until then, it will remain open.

For the Kenna Data Importer (KDI), you can choose whether or not you want to use auto-closing. There is an option to skip auto-closing when configuring the connector. More can be found on that here: https://help.kennasecurity.com/hc/en-us/articles/360026413111-Kenna-Data-Importer-JSON-Connector-

Auto-closing vulnerabilities makes it much easier to track the state of your vulnerabilities over time. Once vulnerabilities are closed, they no longer affect asset scores and they do not appear in the Explore page by default. Closed vulnerabilities can still be found using the status = closed checkbox filter on the right-hand side of the Explore page. 

 

 

 

 

 

 

Powered by Zendesk