When we run our scans we want to create tickets for the vulns. As I understand it, a ticket will be created for all vulnerabilities on each host scanned based on the policies associated with the asset. We have a number of older systems that, for whatever reasons, cannot be patched and we also have some vulnerabilities that we accept the risk on. Can I ignore these vulns so they do not create a ticket but still show up in the scan results? Also, the same vuln we want to ignore on asset A we may want a ticket created for that vuln on asset B. Is this possible?
Basically, we want all vulns to show up in the scan results but do not want a ticket created for thos vulns that we will live with. I am having some difficulty wrapping my head around this whole remediation/ticketing features. Is there more comprehensive documentation on this?