-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistent results detected by vulnerability Detector in E2E Tests #23327
Labels
Comments
Rebits
changed the title
Vulnerability Detector detect unconsistent results detected for E2E tests
Inconsistent results detected by vulnerability Detector in E2E Tests
May 7, 2024
This issue is probably related to how the wazuh-db returns the os information during a rescan after the on/off of the VD feature. @sebasfalcone priority on this, please. |
AnalysisEnvironment
Scan during Syscollector synchronization events78 vulnerabilities for Ubuntu 22 Scan after Syscollector synchronization has ended78 vulnerabilities for Ubuntu 22 ComparisonThe issue is easily reproduced |
2 tasks
2 tasks
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
In Release 4.8.0 - RC 1 - Vulnerability Detection E2E tests It was noted that the vulnerability detector identified distinct vulnerabilities depending on whether the module was activated before or after agents were registered.
This discrepancy in results could potentially be attributed to the adequacy of the timeout duration allocated for the E2E tests. Given a duration of 3 minutes per agent, certain vulnerabilities may not have been fully explored within this timeframe. Moreover, variations in architectures further compounded the issue. For instance, in the case of a Windows agent, the detector identified one architecture as "" when vulnerability detection was disabled prior to agent initialization, whereas it detected "x86_64" under different circumstances. Further research is required
CVE-2024-21412
Evidences
Report: https://github.com/wazuh/wazuh/files/15234960/Test_e2e_system_284_test_vulnerability_detector.zip
Note
Currently tests are being launched enabling modulesd debug. Further evidence will be provided on this issue as soon as possible
The text was updated successfully, but these errors were encountered: