There are vulnerabilities that can have multiple outputs and if those dont update, the one shown in splunk wont be accurate, for example...a plugin 21745 which shows authentication failure, has 6 different ouptuts...but if it only shows the first one found for a device and it's been scanned over and over and in SC there are new outputs Splunk would only show the first one it saw.
... View more