Vulnerability Aging

Idea ID 2757433

Vulnerability Aging

We would like to see the ability to set a TTL or max age for vulnerability reports against a specific target, This way you can set the age of a vulnerability to be the scan interval for the asset.


The above suggestion would allow for vulnerabilities to be remediated and by the time of the next scan the vulnerability would have timed out allowing for rules using this data to not fire on vulnerabilities that no longer exist.

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Status changed to: Waiting for Votes
Honored Contributor.. Honored Contributor..
Honored Contributor..

Or improve the handling of information import using vulnerability scans. Only the signatures get added to an asset, the vulnerability has no description. Hence the vulnerability reports from ESM only contain the signature and no description. 

Some vulnerability management would also be great. Maybe even the ability to remediate the vulnerability on an asset. Add the "owner" of the asset, so he can be notified on a critical vulnerability. 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.