Detection Gap in Alerting Pipeline for Null Search Interval Configurations
| Advisory ID | GVD-2026-001 |
|---|---|
| CVSSv 4.0 Vector | AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
| CVSSv 4.0 Base Score | 7.5 |
| Severity | High |
| CVE | Pending |
| CWE | - |
| Date Published | 2026-06-11 |
| Description | In affected Guardsix SIEM versions, when an alert rule is created without an explicit search interval via the LPSM, Director API, SIEM API, or cloning vendor-supplied alerts, the alert rule configuration service assigns an incorrect default interval, causing affected rules to evaluate security events less frequently than intended, which may result in missed detections. |
| Affected Product | Logpoint v7.8.0, v7.8.1, v7.8.4, v7.9.0, and v7.9.1 |
| Solution | |
| Acknowledgements | |
| Remediation | Manually set an explicit search interval on all active alert rules created via LPSM, SIEM API, Director API or by cloning vendor alerts. |
| Additional resources |
Comments
Article is closed for comments.