If you carefully observe vulnerability reports, you will find one column as detections or no. of times detected. Do not ignore this column.
Now, suppose you run scans on weekly basis. So, in a year, you should run 52 scans. Now, suppose a low priority vulnerability which was out in public in 2022 April. So, from April to October, no. of times the vulnerability is detected should be at least 20(4*5) (excluding April and October month).
What if the detections are 4/5 times or somewhere near it. Following conclusions can be drawn by the observation:
1. The server on which the vulnerability was detected was offline during the scan
2. There may be intermittent networking issues (Firewall rules or routing issues)
3. One should also check for authentication issues if any
Impact: Due to the above issues, suddenly you can observe age of the vulnerability as 4 or 5 months (because as the vulnerability was detected 4/5 months ago, hence the first detected date would of 4/5 months ago). Now, corresponding platform team would start complaining that the vulnerability didn't appear in subsequent reports and they need time to remediate it as they were not aware of its presence.
Hence, always analyze vulnerability reports carefully so that you can detect such issues in time and take appropriate action on them.
Happy Learning !!
No comments:
Post a Comment