CentOS and OVAL definitions

Should I be expecting the Redhat OVAL data that InsightVM ingests to be helping with accurate identification of vulnerabilities on CentOS systems?

I’ve been working with one of our sysadmins and we came across a system where the authenticated scan is listing a CentOS system as vulnerable to CVE-2021-44790, yet the updated package that addresses that issue (RHSA-2021:0860) is very much installed.

Check your permissions on the authenticated scan. We saw something similar with some RHEL boxes and the proof said no patches found, we corrected the permissions and it found them.