Hello!
Please bare with me as this is my first post on these forums.
I have some questions about ESMC v7 and its displaying of Unhandled Threats and dealing with "Resolved" threats.
So for the Unhandled Threats I have setup a Dynamic Group thats using the following experssion:
Active threats . Threat handled = no (I also attached a screenshot as well)
This should the way I understand it show any Threats that are outstanding that have not had any "action" done to them correct? By action I mean clean, delete, block etc...
The reason I ask this is that I see that if I look at my threats tab I have several more devices listed there with threats that have no Action done to them and are unresolved that do not show up in my Unhandled Threats group.
As for the "Resolved" Threats question - I read that in v7 it should be possible to have the system auto resolve and clear out the threat listing by performing a scan? Is this correct? If so what type of scans qualify for this? Has anyone successfully automated this to clear out the low hanging fruit leaving only the issues that need actual attention left in the Threats tab?
Any advise you guys and gals can provide would be greatly appreciated.