Join GitHub today
Added selective agent software request in vulnerability-detector #404
No vulnerabilities will be checked on packages that have already been scanned, unless no Syscollector scans are detected in a period longer than 24 hours.
The default interval field has changed from 1 day to 1 minute because with this change we can allow a more constant monitoring of the agent software.
To test the feature, you can launch wazuh-modulesd with -dd. With tail -f ossec.log | grep vulnerability you will see how in the first iteration all the packages that have coincided with any vulnerability, whether they are affected or not, will be displayed. In the next iterations you will no longer see new packages appearing unless the syscollector scan has detected new versions, candidate packages to be vulnerable, or the last scan reported is older than 24 hours.
A new option (ignore_time) which allows to limit the time we will ignore packages that have already been checked has been added.