Hi @chandukollapart  ,

1. Does false positive vulnerabilities reopened from source scanners (Qualys, Rapid7)?

Yes, false positive vulnerabilities can be reopened from source scanners. This can happen if the scanner finds the vulnerability again in a later scan. When this happens, the VIT (Vulnerable Item) is reopened in ServiceNow.

There are a few reasons why a false positive might be reopened from a source scanner. One reason is that the scanner might have been updated and now identifies the vulnerability as a true positive. Another reason is that the configuration of the scanner might have changed, which could cause it to find the vulnerability again.

2. Once vulnerabilities are marked as false positive what are the options to reopen (Manually click on reopen?)?

There are two ways to reopen a false positive vulnerability in ServiceNow:

• Manually click on "Reopen". This is the most common way to reopen a false positive. When you click on "Reopen", the VIT is reopened and the state is changed to "Open".
• Set an "Until" date. You can also set an "Until" date for a false positive. When the "Until" date expires, the VIT is automatically reopened.

If you do not want the VIT to be reopened automatically, you can clear the "Reason" and "Until" fields before closing the VIT. This will prevent the VIT from being reopened when the "Until" date expires.