Wazuh vulnerability events

223 views
Skip to first unread message

Nerses Avakyan

unread,
Aug 4, 2023, 1:06:08 AM8/4/23
to Wazuh mailing list
Hello World! Please help understand what means "solved" value in  data.vulnerability.status column.

Harshal Paliwal

unread,
Aug 4, 2023, 3:06:01 AM8/4/23
to Wazuh mailing list
Hi Nerses,
Thanks for using the Wazuh.

To detect vulnerabilities, Wazuh agents collect a list of installed applications from monitored endpoints and send it periodically to the Wazuh server. Local SQLite databases in the Wazuh server store this list. Also, the Wazuh server builds a global vulnerability database from publicly available CVE repositories. It uses this database to cross-correlate this information with the application inventory data of the agent.
So when Wazuh scans any endpoint and it found any vulnerability the status will be "Active". Once you fix that vulnerability and in the next scan, it found the package is not vulnerable more now so it updates the status as "solved".


image_720.png


You can check all details at the event.


Hope this information helps you. Please feel free to contact us if you have any questions.
Regards,

Costinel Negrila

unread,
Mar 11, 2024, 11:19:14 AM3/11/24
to Wazuh | Mailing List
Hi,

I know I am reviving an old thread, but this doesn't seem to work for me.
When a vulnerability get solved, I have a duplicate entry saying it is solved:
Screenshot 2024-03-11 152930.png

Regards,
Costi
Reply all
Reply to author
Forward
0 new messages