AnsweredAssumed Answered

Filtering false positives in AssetView

Question asked by briandra3 on Sep 14, 2016
Latest reply on Sep 15, 2016 by Busby

Hi,

 

I am trying to filter out vulnerabilities in AssetView that we have internally identified as false positives.  However, every approach I have tried has not worked:

 

- Marking a vulnerability as "Ignored" in VM, still makes the vulnerability appear in AssetView

- Disabling the vulnerability in the knowledgebase still makes the vulnerability appear in AssetView

- Lowering the severity of the vulnerability to a 1 (to try to indicate it's a false positive) doesn't work either.  AssetView still lists the vulnerability with the default severity level.

 

This seems really odd - I would have expected at least one of the above approaches to affect AssetView's data, but it doesn't.  It's almost like AssetView has it's own instance of the knowledgebase that is not synced with VM's knowledgebase.

 

One other approach I was thinking of is excluding the QIDs of the false positives when setting up the option profile, so that Qualys doesn't even scan for the QID and (I would assume) won't list it in AssetView. 

 

Any other ideas on how to filter out false positives from AssetView?

 

Thanks!

Outcomes