I set up some initial reports last year, but now I’m finding that remediated vulns are still showing in the list, e.g. the top on the report is an outdated Chrome version on one server that was remediated last year.
I can see when it was fixed - but I’m not sure why it’s still there.
I think you’ll have to share more information. It is hard to really grasp what you are asking here without more screenshots, the name of the report you are running, what your scope is, and what your expected result is.
FWIW - We run these reports and have not had that issue when it is re-run post remediation.
Thanks for the response. It is just the basic Top 25 remediations report set to run on some UK assets. In November it reported the Chrome issue as follows, I removed Chrome on that device, the Risk score on that device (shown above) drops right down, but every report since it is still on top of that report. Am I missing a step here? Do I need to mark that somewhere as remediated, or create/complete a Remediation project?
I think I would drop a ticket in with support regarding that … the asset clearly has been re-scanned post remediation otherwise the asset page wouldn’t update. That is not expected behavior based on what I am seeing in my enviro.
