Skip navigation

Verify vulnerabilities (TSVM for TSNA)

score 0
You have not voted. Not Planned

This IDEA is more relevant for TSNA.

 

If the scanner is running unauthenticated scans, it is highly likely there will be a large percentage of false-positives.

 

This is especially true for TSNA where the scanner is only checking the model and OS then raising a vulnerability without understanding if the vulnerable feature is enabled or configured in a vulnerable way.

 

I'd like to see a workflow where each vulnerability can be (optionally) verified by running the corresponding TSNA rule.  The TSNA rule should have additional checks to test the configuration which will correctly identify if the vulnerability is a valid or a false-positive.

 

If it is a false-positive, TSVM should clear the vulnerability from the Actionable Vulnerabilities list, and possibly create an exception and/or an incident for the scanner team to tune the scans.

 

The value of this is that the vulnerabilities that are listed as actionable have been automatically checked and verified so the Ops teams know they need to work on them.

 

Without this IDEA there is a mixture of real and false vulnerabilities in the dashboard which will waste SecOps and Ops time verifying

Comments

Vote history