[Cyber Command] The contents of weak password log files downloaded from the same time period are different after a period of time

Problem Description

Customers reported that the Weak Password Asset logs downloaded from Asset Center-Vulnerability Awareness two days ago were different from the logs downloaded now, and the log volume was reduced. And now Weak Password interface cannot query the Weak Password logs of the corresponding time interval.

Warning Very-Low Risk

Effective troubleshooting steps

In log retrieval, you can view the Weak Password incident at the corresponding time point

Root cause

We confirmed with R&D that the vulnerability display is an aggregation mechanism. When the same source IP triggers the same Weak Password incident, the time update will refresh the old record. Therefore, Weak Password interface displays the weak password records that triggered the same incident.

solution

Vulnerability perception is an aggregation mechanism. The Weak Password interface displays the Weak Password records that triggered the same incident. If you need to query previous Weak Password incident, you can search for the corresponding Weak Password incident in the log retrieval.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=24&type=1&category_id=10040&isOpen=true