Add "data source" as a column to vulnerabilities view #19907
Labels
Comments
dherder
added
:product
|
@dherder when you get the chance can you please describe the exact workflow that inspired this feature request. Something about false positives? It could be bug. It could also be documented clearly. There's specific rule for each type of software. |
|
@noahtalerman I raised #19920 to investigate the actual false positive, but by doing that, further proved that we need to show the data source within the UI and API |
noahtalerman
removed
the
:product
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
As a vulnerability analyst, it is difficult to determine which data source is linked to vulnerabilities (CVEs) raised in Fleet. This is an important datapoint when determining whether or not a CVE might be a false positive. For example, if I investigate CVE-2332-73839 (fake) I'd first check NVD's linked listing of the CVE. By doing this, I'm still not sure if the CVE source is NVD or vulncheck. I would have to hit the public vulncheck api and correlate that with what I see in NVD.
This is a tedious process and makes it appear that Fleet is not transparent in the data backing the vulnerability detections.
The request is to add a column in the vulnerability views called "data source" that would be populated with either NVD or VulnCheck or any future potential data source, oval, etc.
The text was updated successfully, but these errors were encountered: