Mar 15 2022 02:54 AM - edited Mar 15 2022 02:55 AM
Hello everyone,
I have a question about the CVE's displayed in the risk assessment report.
According to the documentation the list of CVE's is generated based on the detected devices. Does the IoT Defender displays the CVE's based on patch or software version? Or does it display CVE's associated with the detected device without further filtering?
In other words: How to exclude false positives? COuld you give me more information or sources about this matter?
Thank you so much! Have a great day!
Kind regards,
Vanina
Mar 15 2022 06:37 AM
CVEs are shown according to device and OS. In case you patch the vulnerability or its false positive it can be excluded via data mining.
1)Open CVEs report in data mining
2)Edit admin mode and
3)Select CVEs which needs to be excluded and exclude CVEs
You will find excluded CVEs in Exclude CVE report in data mining
Mar 15 2022 06:42 AM
Thank you for your response!
Could you elaborate on "CVEs are shown according to device and OS."? Will this mean that if I patch a vulnerability and run a scan again the software will detect the change and not show the CVE?
Greetings,
Vanina
Mar 15 2022 06:49 AM
Solution@VaninaYord
Device and OS means like if its Windows XP,Windowsn 10 ,Windows Server 2016 etc.
Sensor will not detect whether you patch or you don't because it doesn't scan. It just shows you CVEs with respect to each OS and device and then we have to exclude manually from the report.
If you apply a patch it will not detect those changes because it doesn't scan so only option is to exclude after patching
Mar 15 2022 06:49 AM
Solution@VaninaYord
Device and OS means like if its Windows XP,Windowsn 10 ,Windows Server 2016 etc.
Sensor will not detect whether you patch or you don't because it doesn't scan. It just shows you CVEs with respect to each OS and device and then we have to exclude manually from the report.
If you apply a patch it will not detect those changes because it doesn't scan so only option is to exclude after patching