Hello,
I am having trouble executing exclusion rules.
I followed the steps described in the official documentation to set up the rules.
1. I defined the exclusion rule with the following criteria:
Schwachstelle.Quellinstanz.Name=Tenable.sc and Schwachstelle=TEN-10736.
2. I set the system parameter sn_vul.close_vit_with_excluded_detections to true.
3. I restarted the ingestion process. Vulnerability Response -> Administration -> Integration -> Tenable.sc Open Vulnerabilities Integration (Execute Now).
The system didn't throw any errors. However, the exclusion does not apply. Although the preview shows over 13,000 hits for this filter, everything remains unchanged for over a week now. The detection runs every day at a fixed time.
My goal is to exclude invalid vulnerabilities from the detection process. Furthermore, I want to close the invalid vulnerabilities ingested prior to the exclusion rules.
Has anyone experienced this issue and can provide advice on how to solve it?
Thanks!
Bolivar
