The authoritative scan option is intended to be used in an organization has standardized on light port scans and scans on customized port lists as part of their vulnerability management practice. It's not intended to be used in an organization that has standardized on full and standard port scans. Additionally, customers who have strict Business Unit segregation of personnel, IPs, and asset groups can use this feature to standardize on light port scans and scans on customized port lists as part of their vulnerability management practice
Each detected vulnerability and potential vulnerability is given a status level that identifies it as New, Active, Re-opened or Fixed. Status levels are reported in remediation tickets, host information, auto scan reports and other UI views. Each time you run a scan, the vulnerability status levels are updated so that you can report on trending and remediation progress. The scan options applied to your scan tasks determine which vulnerability status levels are affected by the scan results. It's best practice to apply the same set of scanning options across scan tasks to ensure accurate trend reporting.
Light scans, by default, only affect the vulnerability status for vulnerabilities on the specific ports that have been scanned. The vulnerability status is not updated for vulnerabilities on ports outside the scanned port range and vulnerabilities that are not tied to a specific port because the port is not known. If you enable the authoritative scan option in an option profile and apply it to your scan task, then the scan results will affect the vulnerability status for all vulnerabilities on the target hosts, regardless of which ports the vulnerabilities are detected on. This means that if you have a vulnerability on 2 ports and the scan verifies that the issue is fixed, then the vulnerability status for both instances of the vulnerability changes to Fixed. Remediation tickets, if open against the vulnerabilities detected, will also be closed. Using the authoritative scan option allows for vulnerabilities on unknown ports and vulnerabilities outside the scanned port range to be closed by your light scan.
The authoritative scan option is not available for full and standard port scans. Full and standard port scans always affect the vulnerability status for all vulnerabilities on target hosts. If a vulnerability that was previously detected is no longer detected, then it is marked as Fixed regardless of which ports it was detected on. If you've standardized on full and standard scans in your organization, then it is not recommended that you run light scans with the authoritative option. If you do so, vulnerabilities may be closed unexpectedly, and this could have a deleterious effect on your trending data.
Status levels identify vulnerabilities and potential vulnerabilities that are New, Active, Re-opened and Fixed. Status levels are not displayed for information gathered and do not appear when viewing a singled saved scan report without trends.
The following table describes possible status levels.
New. Vulnerabilities that are detected for the first time.
Active. Vulnerabilities that are on-going. These were previously detected and are still being detected.
Re-Opened. Vulnerabilities that were resolved and then re-introduced for some reason.
Fixed. Vulnerabilities that have been resolved and are no longer detected.