Cortex Network Scanner creates findings when it observes CVEs on scanned assets. Cortex XSIAM creates issues if any of those findings match vulnerability issue policies. Cortex Network Scanner findings are part of the overall Cortex XSIAM inventory and vulnerability management views and workflows. Complete the following steps to view issues triggered by network scanner findings:
Navigate to → → .
Filter the list of vulnerability issues on Source = Network Scanner.
Alternatively, you can also view issues triggered by the Network Scanner from the Findings page, → → → .When viewing an issue you also have the option to initiate a rescan to evaluate the success of remediation efforts as described below:
Navigate to → → . From the list view, select the issue you wish to rescan.
Right-click on the issue and select Scan Now from the drop-down options.
Alternatively, Select Scan Now from the options menu to quickly repeat the scan for the already scanned assets. Keep in mind that the rescan option is only available for assets that have already been scanned by the Cortex Network Scanner.
On the confirmation modal, select Scan Now to initiate the scan. Rescan can take up to a few hours. You will not be able to launch another rescan of the same asset until the previous one is completed or if less than 4 hours passed. You can cancel the ongoing rescan through the Scan History view (see below).
Navigate to → → → → to view updated scan history for the scanned asset. You will also receive an email confirmation when the rescan is complete. If the previously detected vulnerability no longer exists, the original issue or finding will be closed.