Good morning, everyone. I wanted to throw this question out there and see if there is something that someone has been able to figure out on remediating this issue. I manage Continuous Monitoring for my company, which includes a number of sites in other countries. Well, here is my situation. On every Sunday night/Monday morning, there is a full scan done to show not only the vulnerabilities, but ports detected, OS detected, etc., etc. Well, during this week's full scan, a specific host was not there. Yesterday, after a daily standard scan, it showed up with a vulnerability. 24 to be exact. Now, this host was first and last detected in August 2014. According to my colleagues at that location, this specific host was "turned down" a few months ago. I understand that the first and last detected dates and what they show, but what I don't understand is why this host is showing up again, and not being updated as being detected. Today's scan report is showing the same thing, and it should only be showing the changes. Is this because of the severity of the vulnerabilities that it's continuing to show up? If that's the case, why wouldn't it show up on the full report then? I only need to be showing the changes/updates from the full scan, nothing more.
Also, this specific vulnerability doesn't even show up in the CM module as a vulnerability for the last week. I have to ensure that the information is accurate, and it doesn't seem as if Qualys is providing accurate information. What information am I supposed to use - the report from the scan, or the CM module? Believe me, I would be using that module more often if there was a way that I could pull a pdf report of the changes for the day! I would use on of the templates that I currently use for the daily scan reports that has everything that I need. It would make my life easier, but again, which information can I depend on if both the CM and VM modules are showing different information. Please help.