I have a weekly vulnerability scan that is followed 1 day later by a weekly CVE scan. The problem I am having is that the CVE scan always adds CVE results for hosts that no longer exist.
For example, at one point I had a host with IP 192.168.1.1. No host has had that IP address for at least 3 years. Yet the report for the CVE scan every week shows results for 192.16.1.1 created that day. I’ve even deleted the host from the assets. But still, every week the scanner insists that there is a new CVE for 192.16.1.1. If I click on one of the results in the CVE report, the result shows zero hosts.
Is there a standard practice for dealing with retired hosts so that the CVE scanner doesn’t list them as new CVE results? I thought deleting the host would do something, but nope. This makes the CVE scanner completely useless since I cannot believe any results are truly present.