You might have observed stale 'Last Detected' dates in vulnerability report.
Following are the reasons:
1. Authentication not happening properly (Credentials expired or have insufficient privileges)
2. Closed ports
3. Changes made to scan settings (option profile in Qualys)
4. Changes in firewall rules
Because of above reasons, the vulnerability which was discovered earlier, now there is no way to figure out if it exists or not. VM scanning vendors normally choose a false postive rather than a false negative in such a case and decide to keep 'Last Detected' date as when it was actually last detected.
In Qualys, to work around a finding like this, you can adjust the scan option profile being used (or create a new one) with the "Authoritative Option" selected. This make the resulting scan override previous finding and mark them as closed. I would highly caution the usage of this option until clarification on the original finding is clear.
Happy Learning !!
No comments:
Post a Comment