Here's an odd thing that's only started happening as of March:
Vulnerabilities that are no longer active are still showing up on reports as active--but the last found date will be several weeks (or even months) old.
Trying to figure out what's going on as these items used to drop off reports once they had been fixed. Opened a ticket with Qualys Support but so far has not been able to reach a resolution. Curious if anyone else has had this problem.
|IP||Vuln Status||Last Detected||Title|
The IP in question is still active--it hasn't been taken offline so it's not just an old reading from the database that hasn't been seen since February. As I said, up until just a little while ago, these were dropping off the reports so I'm not sure what changed--several that had dropped off have now re-appeared but haven't been classified as "re-opened" and, when you actually audit the machine manually, have resolved the vulnerability.
Any ideas are appreciated.