Wazuh vulnerability events

[Nerses Avakyan]

Hello World! Please help understand what means "solved" value in  data.vulnerability.status column.

[Harshal Paliwal]

Hi Nerses,

Thanks for using the Wazuh.

To detect vulnerabilities, Wazuh agents collect a list of installed applications from monitored endpoints and send it periodically to the Wazuh server. Local SQLite databases in the Wazuh server store this list. Also, the Wazuh server builds a global vulnerability database from publicly available CVE repositories. It uses this database to cross-correlate this information with the application inventory data of the agent.

So when Wazuh scans any endpoint and it found any vulnerability the status will be "Active". Once you fix that vulnerability and in the next scan, it found the package is not vulnerable more now so it updates the status as "solved".

You can check all details at the event.

Hope this information helps you. Please feel free to contact us if you have any questions.
Regards,

[Costinel Negrila]

Hi,

I know I am reviving an old thread, but this doesn't seem to work for me.

When a vulnerability get solved, I have a duplicate entry saying it is solved:

Regards,

Costi