I would like to create a static vuln set without having to
Take the use case for creating a vuln set including ONLY high rated vulnerabilities and No Intrusive checks, where this check set remains static, as we will want to base future scans across a month on the same vulns set for like comparison.
MVM version 7.5.0
We have tried to use the search feature in mvm while creating a vuln set, but it did not work.(used the following steps)
Result: Nothing at all appears to be checked, so we cant even move on to the next step to disable new checks(de-select "run new checks")
All help is appreciated!
I've been thinking about this in conjunction with the question I posted about this, and in my case, the only way I see to be able to do this is to have a scan engine that doesn't update fsl scripts. In our case however, it's just not practical as the scan I want to do the validation with touches 45,000 machines and runs across 6 scan engines.
In playing with what Cathy suggested, and I think what you referred to in creating a new vuln set, I found if I create a new scan based on my vuln set, preview it, then "un-preview" it, the selected vulns will remained checked and I can click the advanced button to display the "run new checks" check-box.
The problem I see with that however is in the case of a check that has been updated, how does MVM determine how to do this? Are the old fsl scripts kept and somewhere in the job the old fsl script is kept static? Or is an updated script technically not a new script so it will run against the updated script which might include a patch/workaround that didn't exist before. To explain better, if I create a scan today, and it includes 111111.fsl, and I run the same scan again in 30 days and 111111.fsl has been updated, will there be a new 111111a.fsl, and if so, does the original 111111.fsl remain on the system and is referenced somewhere in the scan job. OR, is 111111.fsl overwritten with the updated check and keeps the same name. Hope that's understandable!
Thanks for the workaround via the preview/unpreview. It works! I hope some time in development is spent on revamping the vuln selection though-not a big fan of leveraging workarounds for key tasks.