I'm having some trouble with Qualys' Remediation Tickets.
We have a bunch of scheduled scans, that are run every weekend in our network. As you all know, qualys opens and closes tickets depending on what it finds during scans.
The problem here is that when some scan is not run due to some authentication failure, ALL OPEN TICKETS related to the servers for which authentication failed are CLOSED by the system.
That should be a problem, shouldn't it? The fact of a server has not been scanned mustn't mean that its vulnerabilities were fixed...
We elaborate some KPI's and charts and a lot of statistical data based on the amount of open and closed tickets, but if this kind of issue happens, we can't trust the numbers.
Does anybody know something about this?
I've contacted Qualys Support and even the instructor Nick Dlouhy (via e-mail and during my training class via WebEx), but they couldn't answer it...