Hi there,
We are currently evaluating Insight for CVE vulnerability reporting.
We have two kinds of import
- a discovery running on our landscape
- a CVE import using he default importer provided by Insight
The goal is to be able to open issue when new vulnerability is detected on asset from our landscape.
For this purpose, I wonder if you have any good practices, experience to share regarding the link between an application coming from Insight Discovery and a product coming from CVE import.
Ideally we want to be as automatic as possible, but for the time being it seems to be hard to make a link between both objects, as they never have same name or other identifier.
Do you have any advice or experience to share ?
Thanks a lot.