You can ignore confirmed and potential vulnerabilities so they don't appear as actionable issues for your vulnerability management program. A vulnerability can be ignored for an instance, in other words a host/vulnerability/port.
By ignoring vulnerability instances:
- You won't see these vulnerabilities throughout the UI (host information, asset search results, your dashboard, etc).
- These vulnerabilities will no longer appear in template based scan reports with host based findings.
- We'll close any remediation tickets for these vulnerabilities automatically. (Are you an Express Lite user? If yes, remediation ticket options do not apply.)
You can ignore a vulnerability while viewing vulnerability details in the UI (host information). Simply hover over the desired host and click View Host Information icon . Then from the Vulnerabilities tab select a vulnerability, place your cursor over the menu icon and select Ignore vulnerability.
You can also ignore vulnerabilities from within template based reports with host based findings. Just navigate to a vulnerability, place your cursor over the menu icon and select Ignore vulnerability.
Once a vulnerability is ignored it is not listed in Asset Search. However, in AssetView the ignored vulnerabilities are listed by default and you need to use an additional query to filter them out.
Tell me about QIDs that cannot be ignored
You cannot ignore information gathered checks, or the following QIDs: 38175 (Unauthorized Service Detected), 82043 (Unauthorized Open Port Detected), 38228 (Required Service Not Detected) and 82051 (Required Port Not Detected).
Tell me about user permissions
Managers and Unit Managers are allowed to ignore any vulnerability instance (host/vulnerability/port). The option to ignore vulnerabilities may be available for Scanners and Readers, depending on remediation options set for the subscription under Remediation > Setup.
We'll create a ticket if there's isn't one for the issue
When you ignore a vulnerability we'll create a ticket for the issue if no ticket currently exists for it, and close it automatically for tracking purposes.
Managers can filter vulnerabilities on a global basis, across all hosts, by disabling them. Just edit the vulnerability in the KnowledgeBase and select "Disable this vulnerability". Note - Disabling vulnerabilities will not result in the automatic closing of tickets because the setting applies to all your hosts.
Still see an ignored vulnerability in my report?
You must refresh the report to remove the ignored vulnerability. Note that you can edit the filter settings in the report template to always display ignored vulnerabilities in your scan report.
How do I include ignored vulnerabilities in my report?
You can choose to include ignored vulnerabilities in template based scan reports with host based findings. Just edit the report template and change the filter settings.