I'm in the process of automating the qualys vulnerability scan reports into jira tickets.
Right now I am attempting to incorporate the Qualys detection API "/api/2.0/fo/asset/host/vm/detection/?action=list" ... which gives me details about QID, IP related vulnerabilities.
Im looking for guidance on what to do with any IP's that no longer have any reference from these Vulnerability Status Levels. I.E are no longer reported in the detection API.
My assumption is that these can be deemed resolved. Is this the case?