We're reclaiming inactive PDIs to keep them available for active builders. Learn what's changing, who's affected, and how to protect your work. Read More

Prevent Reopening of Vulnerable Items (VITs) from New Detections – Best Practice? Hi Team,

chepurip
Kilo Explorer

 

I am working on the module and have a requirement where certain Vulnerable Items (VITs) should not reopen when new detections are received from the scanner (e.g., ).

I understand that, out of the box, when a new detection matches an existing VIT (based on CI and vulnerability), the system automatically reopens the VIT even if it is in a Closed/Resolved state.

To handle this, I tried implementing a Business Rule to prevent reopening for specific scenarios. However, I am concerned that this approach may interfere with OOTB detection correlation logic and impact standard VR functionality.

Could you please suggest:

  • What is the recommended OOTB approach to prevent specific VITs from reopening?
  • Should this be handled using False Positive / Risk Acceptance (Exception) workflows?
  • Are there any best practices using Exception Rules or detection filters to achieve this?
  • Is there any supported way to conditionally control reopening without impacting the correlation engine?

Appreciate your guidance and any references or documentation.

Thanks in advance!

0 REPLIES 0