Alert Logic has made improvements in the Alert Logic console to how vulnerability variance is determined over time. With this enhancement, more accurate variance counts for new, resolved, and unresolved vulnerabilities are available in reports and dashboards. As a result, you may notice lower overall vulnerability counts or a flattening in weekly and monthly histograms when you next log in to the Alert Logic console, while the trajectory of historical trends remains consistent.
New Way to Count Vulnerabilities
Alert Logic has introduced a new way to count vulnerabilities with the new vulnerability_span_id identifier. Previously, vulnerabilities were counted based on the vuln_instance_key identifier, which could result in duplication of vulnerability instances and flapping vulnerabilities that would disappear and reappear a day later. The new vulnerability_span_id identifier is a fixed length of 36 characters and is unique by asset, IP address, port, protocol, and exposure ID. Also, the new vulnerability_span_id remains the same throughout the vulnerability lifecycle, eliminating duplicate and flapping vulnerabilities. As a result, vulnerability counts and trends are more accurate and consistent in vulnerability reports and dashboards.
Note: The vuln_instance_key identifier is still accessible when you download data for the List of Vulnerabilities report.
With this change, you may immediately notice your overall weekly and monthly vulnerability counts being lower on reports and dashboards. However, your trends should remain relatively consistent while the actual count may be lower.