6 Replies Latest reply on Nov 5, 2012 11:46 AM by apedret

    Maintaining vulnerability ignore status

    apedret Level 1

      We  have a challenge maintaining the Ignore status of vulnerabilities against assets that have been waived from Active reporting.

      By default a new  vulnerability's status is Active and reported as such.

       

      What options are available to Ignore an asset's vulnerabilities on a recurring basis or otherwise as new vulnerabilities are detected?

       

      Any constructive feedback in appreciated.

       

      Tony Pedretti

        • Maintaining vulnerability ignore status
          pklahn Level 2

          Tony -- two ways to ignore a vulnerability for a given host or hosts --

           

          1. within the html scan report we can choose the interactive "ignore vulnerability" selection for a vulnerability on a chosen host. This will place it in an ignored state for that host going forward.

           

          2.. within the remediation module, you can create a rule to ignore vulnerabilities (defined by a search list) for specific hosts (defined by asset groups / IP's). This method would put the vulnerabilities for those hosts in an ignored state after the next scan (assuming that rule in the remediation policy is acted on before another rule)

           

          Let me know if you want to Webex it or we can go over it in person.

           

          -Paul

          1 of 1 people found this helpful
            • Maintaining vulnerability ignore status
              apedret Level 1

              Thanks Paul.

              We recently discussed the neglect of our remediation policies.  I'll schedule some time to review the options within and report back here.

               

              Or how about you get on a plane and join us for a Lou Mitchell's breakfast?

               

              Tony

              • Maintaining vulnerability ignore status
                apedret Level 1

                I've created a new remediation policy based on the conditions we report Active vulnerabilities and reordered as apporiate in the list.

                 

                I have yet to test but the action "Ignore: Do not create a ticket for these conditions" does that mean as stated it simply will not ticket new vulnerabilities as detected or as you implied setting "the vulnerabilities for those hosts in an ignored state after the next scan"?

                 

                Thanks,

                 

                Tony