Vulnerability Detection Dashboard

[Sam Heuchert]

Hi!

I recently updated to 4.3.3 from 4.2.5.  Unlike 4.2.5, 4.3.3 doesn't give me the "single pane of glass" view for all my vulnerabilities across agents when I click on the module from the Wazuh tab WITHOUT an agent pinned.  Is this a known issue?

-Sam

[Javier Castro]

Hello Sam,

prior versions of Wazuh run vulnerability detection scans based on an interval and ignore settings. This means that every time a new scan happens (and the ignore setting is surpassed) you will see alerts related to a vulnerability that already triggered an alert scans ago. To put it in other words, Wazuh wasn't able to show state information related to vulnerability detection data about an endpoint at a given point in time.

In Wazuh 4.3.x, the vulnerability detection panel shows the current state of an agent while offering historic information about a CVE in that particular endpoint when you click on the detailed view of that CVE:

You still can get alert information related to vulnerability detection across the whole environment by going to Security Events (or creating a custom dashboard) and applying a filter for rule.groups: vulnerability-detector.

Hope that helps!

[Sam Heuchert]

Got it - thanks for the explanation!