3 Replies Latest reply on Aug 6, 2010 11:23 AM by jhaynes

    Deleting old asset data

    epo909

      Hello all.

       

      I have noticed that some of my assets have old vulnerabilities (i.e., more than three months old) that were discovered by scans that were deleted.

      How can I remove vulnerabilities that were detected by scans that no longer exist?

       

      Thanks in advance,

      RD

        • 1. Re: Deleting old asset data
          jhaynes

          Ok I need to ask a few questions before I can answer this.

           

          • You have deleted the jobs but are you still scanning those assets with other jobs?
          • Do you just want the vulns discovered on those jobs to go away on those assets or do you also want the assets to go away?
          • Log into the Enterprise Manager. Go to Manage>Assets. Click the Manage Asset Identification Rules button. In the Asset Activity section how many days are specified?
          • Open up the FCM and go to Tools>Preferences and click the database tab. Take a screen shot of that and attach it to this post so I can have a look.

           

          Jeff Haynes

          • 2. Re: Deleting old asset data
            epo909

            Hello Jeff,

             

          • > You have deleted the jobs but are you still scanning those assets with other jobs?
          • Yes.
          • > Do you just want the vulns discovered on those jobs to go away on those assets or do you also want the assets to go away?
          •  

            Just the Vulns.

             

          • > Log into the Enterprise Manager. Go to Manage>Assets. Click the Manage Asset Identification Rules button. In the Asset Activity section how many days are specified?
          •  

            30 days.

             

          • > Open up the FCM and go to Tools>Preferences and click the database tab. Take a screen shot of that and attach it to this post so I can have a look.
          •  

            File attached.

             

            By the way, can you explain how does MVM handle these vulnerabilities that have been detected by deleted jobs? I.e., if new scans are capable to mark those vulns as 'removed' (if they have been corrected in the meanwhile).

             

            Thanks

            RD

            • 3. Re: Deleting old asset data
              jhaynes

              Well this can either be tricky or difficult depending on if the vulnerabilities still exist on the targets or not. If the  vulnerabilities no longer exist then just re scan the targets and check for those vulnerabilities. Once the scan engine detects that they aren't there any longer you will be good to go.

               

              If the  vulnerabilities still exist you are kind of stuck as there isn't any way to age out  vulnerabilities. You can age out assets, which in your environment happens after 30 days, but your targets are still considered active assets. For active assets we will report on all vulnerabilities that have not been remediated no matter how old they are.

               

              Jeff Haynes

              1 of 1 people found this helpful