Approve or reject requests that are submitted by remediation owners.

Before you begin

Roles required:
Table 1. Approver roles required for various approval requests
Approval type Approval levels required Approver roles Additional information
False positive approvals One
  • sn_vul.false_positive_approver granular role for vulnerable items (VITs).
  • sn_vul.app_false_positive_approver role for application vulnerable items (AVITs)
  • sn_vul_container.false_positive_approver role for container vulnerable items (CVITs)
  • sn_vulc.false_positive_approver for configuration test results

Or

Approvers are required to be in the False Positive Approver user group.

 -
Exception approvals (deferrals) Two
  • One approver is required in the Approver - Level 1 group
  • One approver is required in the Approver - Level 2 group
 An exception request for a record or remediation task is approved by using a default, two-level approval workflow. The exception request requires two levels of approvers. After the request is approved by the level 1 approver, it’s sent on to the second-level approver and is then visible in approver 2's queue.
Unassign approvals One approver is required in the Approver – Level 1 group
  • sn_vul.unassign_approver for AVITs and VITs
  • sn_vul_container.unassign_approver for CVITs
  • sn_vulc.unassign_approver for configuration issues (CIs)
Note: By default, an approval configuration is provided and an unassign approval group is created. Users (Unassign Approver - Level 1) of this group can approve the request. This group contains an unassign approver role, sn_vul.unassign_approver, by default. You can modify or create a new group and update the approval configuration. To configure approval rules, navigate to the respective Approval Rules module, select any of the following approval rules, and navigate to the approval configuration in the Approval Configurations tab:
  • Vulnerable item field change request for a vulnerable item.
  • Vulnerability field change request for a remediation task.
  • Application vulnerability field change request for an application vulnerable item (AVIT).
  • Approval for container management for a container vulnerable item (CVIT).
Risk reduction approvals Two
  • One approver is required in the Approver - Level 1 group
  • One approver is required in the Approver - Level 2 group
 The approval flow for risk reduction is same as the exception approvals (deferrals).

See Vulnerability Response personas and granular roles and Assign the Vulnerability Response persona roles using Setup Assistant for more information about assigning persona roles to users and users to groups.

Note: Add users to the approval groups before you submit approval requests. If you create requests before you add users to the approval groups, the requests might not be visible to those users that have the approval permission.

Procedure

  1. Navigate to Workspaces > Security Exposure Management.
    If an approver doesn’t have access to the workspace, approvals can be processed at Vulnerability Response > My Approvals in the classic environment.
  2. Select the List view icon (LIst view icon.).
    The List page is displayed.
  3. In the Approvals filtered list, select Assigned to me.
  4. Locate a request that you want to process and then select the link in the State column.
    The Vulnerability State Change Approval record (VCA#) is displayed.
  5. Choose one of the following options to approve or reject the request.
    OptionDescription
    Click the Details tab, enter text in the Comments field, and click Reject
    • A message is displayed indicating that there’s a rejected approval for the Vulnerability State Change Approval record.
    • The state on the Vulnerability State Change Approval record transitions to Rejected.
    • The state on the remediation task or the record remains the same.
    • The Vulnerability State Change Approval record is no longer displayed on your Approvals list view in the workspace.
    From either the Request or Details tabs, click Approve
    • A message displays indicating that the Vulnerability State Change Approval record is approved.
    • The state on the remediation task or the record transitions to Deferred.
    • Active records on the remediation tasks transition to Deferred.
    • The Vulnerability State Change Approval record is no longer displayed on your Approvals list view.