AnsweredAssumed Answered

Closing vulnerabilities for hosts/services that do not respond

Question asked by Brian Wilson on May 20, 2014
Latest reply on Jun 30, 2017 by B Mistry

I've asked Qualys many times and I believe there is a feature request opened for this, but I wanted to document the issue in a discussion to see how others handle this issue.  I frequently run into situations where "fixing" vulnerabilities usually involves someone turning off the host/service. Because of this, the host doesn't always respond on a re-scan, thus the vulnerabilities and corresponding remediation tickets never get closed.  I have asked Qualys years ago to add a scan option in their option profiles to "close issues if host does not respond", but this has not been done.  So instead I have go around that:

1) Use the API to close my remediation tickets marking them as Ignored

2) Run TNE to close the internal tickets

3) Purge the hosts

4) Re-launch a scan against the IP.

It would be much easier and make more sense to me if we could have a custom scan profile that allows issues for non-responding hosts to be automatically closed.