Hello,
as I made my first OpenVAS Default scan an old system was switched on. After the OpenVAS Default-scan I made a CVE-Scan. This old system had many CVEs, so I migrated the services to a new system.
When I’m now making new CVE-Scans based on the same task the old system further exists in the result list with all CVEs. I have also made a new Discovery-Scan and a FullAndFast-Scan before in the hope, the CVE-scan will be executed based on the assets in the last Discovery- or FullAndFast-Scan. But it seems that this was not the case, because all CVEs are further contained in the new report and I can’t see any differences.
Am I doing something wrong or what is the correct process in this case? Should I delete all reports after migrating or deactivating systems?
Thanks
Jack