Auto-Closing Vulnerabilities

Cisco Vulnerability Management supports auto-closing vulnerabilities for all connectors with the exceptions of AppScan, the Data Importer, and a custom CSV. No setup is required. The connector analyzes which assets were scanned with which plug-ins to determine whether or not the asset is still vulnerable to specific vulnerabilities. 

For most scanners, Cisco Vulnerability Management compares the output of your scanner to the previous connector run and auto-closes the delta (for example, the vulnerabilities no longer deleted). Qualys differs slightly as it sends the status explicitly to Cisco Vulnerability Management. In short, vulnerabilities that come from Qualys must be reported from Qualys as closed before Cisco Vulnerability Management will mark the vulnerability as closed. Until that happens, the vulnerability will remain open.

For the Data Importer, you can choose if you want to use auto-closing. There is an option to skip auto-closing when configuring the connector. For more information, refer to the Data importer information here.

Auto-closing vulnerabilities makes it much easier to track the state of your vulnerabilities over time. Once vulnerabilities are closed, they no longer affect asset scores and they do not appear on the VM Explore page by default. Closed vulnerabilities can still be found using the "status = closed" checkbox filter on the right-hand side of the VM Explore page. 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.