Some Issue's Vulnerability State was not synchronize successfully

Question

Some Issue's Vulnerability State was not synchronize successfully

Closed this issue 6 months ago · 8 comments

The vulnerability has been fixed and the state is fixed in tenable . but some of then still is open state in jira.

For example,
VULN-8
VULN-4

The sync log ：
[09:02:13] INFO INFO:Processor:Building Task SQL Cache. [09:02:14] INFO INFO:Processor:Building Subtask SQL Cache. [09:02:15] INFO INFO:Processor:Closing Task "VULN-307" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-349" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-301" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-324" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-314" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-279" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-225" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-244" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-287" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-298" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-246" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-219" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-316" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-217" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-242" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-289" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-322" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-331" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-268" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-312" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-347" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-274" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-342" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-237" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-250" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-235" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-266" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-210" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-256" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-252" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-214" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-222" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-231" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-303" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-329" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-208" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-339" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-264" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-229" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-305" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-259" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-277" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-206" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-345" as it has no open SubTasks INFO INFO:Processor:Closing Task "VULN-318" as it has no open SubTasks processor.py:130
processor.py:136
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389
processor.py:389

Answer 1 · 2024-05-31T01:24:11.000Z

havengit commented 7 months ago

Answer 2 · 2024-05-31T14:56:11.000Z

Could it be that the miss was a gap in the last observed timeline vs the last pull?

Answer 3 · 2024-06-01T00:47:53.000Z

The last seen is May 29, 2024, 12:23 PM and I synced in May 31, 2024.

Answer 4 · 2024-06-01T01:45:42.000Z

INFO INFO:Processor:Closing Task "VULN-7" as it has no open SubTasks

Log show vuln-7 has no open subtasks, but the subtask vuln-8 was open .

Answer 5 · 2024-06-05T01:07:18.000Z

The task has change to "todo" ,Subtask is "todo" too.
sync.log

Answer 6 · 2024-06-05T02:53:31.000Z

From the log ,no check behavors for vuln-7 vuln-8 .

All data imports from Tenable.io use the last_found/last_seen fields. This ensures that all issues are updated whenever new information becomes available, unless overridden with the --first-discovery flag.

It's seems like if the vuln was fix in tenable and last_seen will not update in tenbable . such those vuln will not sync. but in config age was set to 30 .

Answer 7 · 2024-06-20T13:06:54.000Z

config age isn't used in subsiquent runs, it will use the last_run field that the integration itself places to track state.

Answer 8 · 2024-06-20T13:53:08.000Z

last_seen will not update on a fixed vuln, but the last_fixed field would. In either case, the vuln should have been pulled with the "fixed" state and the issue closed out. I did add a flag to allow you to easily ignore the last_run attribute if something like this does come up. simply run with --ignore-last-run and it will ignore that field in the config. This is functionally equivalent to removing the field within the config itself.

It should be pulling these findings as the state is changing on them and handling them appropriately, if this keeps happening, I'd like you to run a job with --no-cleanup and email me the resulting cache db file.