Prevent Reopening of Vulnerable Items (VITs) from New Detections – Best Practice? Hi Team,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6 hours ago
I am working on the module and have a requirement where certain Vulnerable Items (VITs) should not reopen when new detections are received from the scanner (e.g., ).
I understand that, out of the box, when a new detection matches an existing VIT (based on CI and vulnerability), the system automatically reopens the VIT even if it is in a Closed/Resolved state.
To handle this, I tried implementing a Business Rule to prevent reopening for specific scenarios. However, I am concerned that this approach may interfere with OOTB detection correlation logic and impact standard VR functionality.
Could you please suggest:
- What is the recommended OOTB approach to prevent specific VITs from reopening?
- Should this be handled using False Positive / Risk Acceptance (Exception) workflows?
- Are there any best practices using Exception Rules or detection filters to achieve this?
- Is there any supported way to conditionally control reopening without impacting the correlation engine?
Appreciate your guidance and any references or documentation.
Thanks in advance!