Hello Wazuh Team,
I am currently working on the Vulnerability Detection feature in Wazuh 4.14.5 and have a few questions regarding how to identify active vulnerabilities.
From the Vulnerability Detection in Threat Intelligence section, I can see the Dashboard, Inventory and Events tabs.
1. Identifying active (unsolved) vulnerabilities
My requirement is to list only the vulnerabilities that are currently active (not solved).
I came across a few discussions on the Wazuh mailing list stating that the Inventory tab displays the CVEs that are still active and not solved. However, in my Wazuh 4.14.5 environment, I can see CVEs that have already been marked as Solved in the Events tab, and those same CVEs also appear in the Inventory tab.
Could you please clarify the following?
Does the Inventory tab contain both active and solved vulnerabilities?
If so, what is the recommended way to list only the currently active (unsolved) CVEs?
Is there a filter, query, or dashboard that can be used to display only active (not solved) vulnerabilities?
2. Meaning of "Evaluation" and "Under Evaluation"
I have also noticed Evaluation and Under Evaluation in Vulnerability Detection.
Could you please explain what these mean?
3. CVE evaluation frequency
How often does Wazuh check for vulnerabilities on an agent?
Thank you in advance for your help.