Good Morning. Are there are specific QIDs generated for vulnerabilities found in an inactive kernel image? Is there some way for me to avoid creating tickets for issues only in inactive kernels? Thanks, John
Currently kernel filtering is not in ticketing, only in reporting.
We hope upgrade this in the future, however there is no ETA for this funtionality currently.
Are there a range of QIDs that are elated to inactive Kernels? If there are we can search the tickets for those QIDS and have them ignored…I think.
All the vulns are equal, non-running kernels are the same QIDs are running kernels.
We created a reporting process which reading the running kernel and then can filter out vulns on non-running kernels.
Currently there is no way to filter these in ticketing.
John, you can leverage the API to programmatically mark QualysGuard remediation tickets ignored that are linked to vulnerabilities from non-running kernels.
See this unsupported, proof of concept script:
Retrieving data ...