I'm currently trying to differentiate between hosts that have new vulnerabilities and actually have been picked up on the last scan and hosts that have vulnerabililities but have not been picked up on the last scan but they may have been offline, they are still on the report. Is there a way to categorize hosts with Vulnerabilities that have not been seen in a few months to something else other than ACTIVE.
I'm currently running a trending scan report with a filter I created to show only vunerabilities which are patchable AND have active exploits available. The trend is for two scanning cycles. My report has active vulnerabilities with hosts that have been detected on the latest scan, which could be rated as NEW - Either it's the HOST that is new or the Vulnerability. I could also have ACTIVE hosts that have been seen on either scan and has a known vulnerability which may not have been fixed (ACTIVE). However, I'm also seeing hosts that have Vulnerabilities but they have not been seen for months, these maybe laptops ect. I know since Qualys cannot verify the remediation of those hosts they keep them as ACTIVE however is there a way to differentiate them as UNVERIFIABLE (or something)?
Thanks for your help.