Log in to create and rate content, and to follow, bookmark, and share content with other members. Not a member? Join Now!

AnsweredAssumed Answered

Maintaining vulnerability ignore status

Question asked by apedret on May 4, 2012
Latest reply on Nov 5, 2012 by apedret

Like • Show 0 Likes0
Comment • 6

We have a challenge maintaining the Ignore status of vulnerabilities against assets that have been waived from Active reporting.

By default a new vulnerability's status is Active and reported as such.

What options are available to Ignore an asset's vulnerabilities on a recurring basis or otherwise as new vulnerabilities are detected?

Any constructive feedback in appreciated.

Tony Pedretti

No one else has this question

Outcomes

6 Replies

pklahn May 9, 2012 10:26 AM
Mark Correct
Correct Answer
Tony -- two ways to ignore a vulnerability for a given host or hosts --

1. within the html scan report we can choose the interactive "ignore vulnerability" selection for a vulnerability on a chosen host. This will place it in an ignored state for that host going forward.

2.. within the remediation module, you can create a rule to ignore vulnerabilities (defined by a search list) for specific hosts (defined by asset groups / IP's). This method would put the vulnerabilities for those hosts in an ignored state after the next scan (assuming that rule in the remediation policy is acted on before another rule)

Let me know if you want to Webex it or we can go over it in person.

-Paul
1 person found this helpful
Like • Show 0 Likes0
Actions
- apedret @ pklahn on May 9, 2012 11:31 AM
  Mark Correct
  Correct Answer
  Thanks Paul.
  We recently discussed the neglect of our remediation policies. I'll schedule some time to review the options within and report back here.
  
  Or how about you get on a plane and join us for a Lou Mitchell's breakfast?
  
  Tony
  Like • Show 0 Likes0
  Actions
- apedret @ pklahn on May 11, 2012 11:54 AM
  Mark Correct
  Correct Answer
  I've created a new remediation policy based on the conditions we report Active vulnerabilities and reordered as apporiate in the list.
  
  I have yet to test but the action "Ignore: Do not create a ticket for these conditions" does that mean as stated it simply will not ticket new vulnerabilities as detected or as you implied setting "the vulnerabilities for those hosts in an ignored state after the next scan"?
  
  Thanks,
  
  Tony
  Like • Show 0 Likes0
  Actions
  - pklahn @ apedret on May 11, 2012 2:56 PM
    Mark Correct
    Correct Answer
    It will put the vulnerability in an ignored state for those hosts.
    Like • Show 0 Likes0
    Actions
    - apedret @ pklahn on Aug 2, 2012 9:18 AM
      Mark Correct
      Correct Answer
      After talking with support on this one, the action "Ignore: Do not create a ticket for these conditions" means as stated it simply will not ticket new vulnerabilities during detection.
      It will not set the status of newly detected vulnerabilities to Ignored.
      
      We're looking to configure our report templates with the policy in the Exclude QIDs section of their filter and possibly an enhancement request to develop logic to set them Ignored and allow us to target and keep up with them in our Ignored reports.
      Like • Show 0 Likes0
      Actions
    - apedret @ pklahn on Nov 5, 2012 11:46 AM
      Mark Correct
      Correct Answer
      I haven't tested the QG 7.5 option yet but I have updated our applicable remediation policies with the Create tickets - set to Closed/Ignored setting. Curious if this applies to Vulnerabilities as it does Tickets.
      
      Like • Show 0 Likes0
      Actions

Qualys Community

Maintaining vulnerability ignore status

Outcomes

Related Content

Recommended Content