There are a few routers, switches and loadbalancers that I have that even though are set to Not Applicable, and I clear the alarms, the next day I get a flurry of new alarms for the NOT APPLICABLE!
This is getting old. I only want alarms for actual NEW CVE, and not for CVE that either have been resolved or have no bearing on the equipment. For example, the Citrix LB alerts based on the image but NOT the build number.
One CVE in particular states 13.0 before build 41.28. and the device in question is build NS13.0: Build 92.19.
We just upgraded/patched all our Netscalers and they are ALL triggered for the old CVE that are Not Applicable.
Same for the Cisco routers and Juniper switches where we disabled HTTP(s), so the HTTP vulnerabilities are not applicable.