If you determine that the issue associated with a vulnerable item (VIT) is of low risk and can be immediately deferred without further analysis, you can use the Defer feature.

Before you begin

Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated)

Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

About this task

A scheduled job runs every day checking for deferred vulnerable items that have reached their reopen date. On the day the VI's deferral is set to expire, the record is reopened.

Starting with Vulnerability Response v20.0, before reopening a deferred VI, the Check Vulnerable Item and Groups Deferment Expiration scheduled job checks if any exception rule is applicable on a deferred VI and updates the Reason and Until fields as per the exception rule. The state of the VI remains Deferred till the latest expiry date.

Procedure

  1. Navigate to All > Vulnerability Response > Vulnerable Items.
  2. Open a vulnerable item.
  3. Click Request Exception.
  4. Fill in the fields on the form, as appropriate.
    Field Description
    Until

    Select the date when the Deferred state expires and the remediation task is reactivated.

    Note: Starting with version 18.0 of Vulnerability Response (VR), if a deferred vulnerable item is closed and reopened by a scanner before the exception window expires, the state of the VIT reverts to deferred state honoring the active exception window. To enable this functionality, set the value of the system property sn_vul.auto_defer_vit_in_active_exception_window to true. Also, the deferred Until date persists even after the vulnerable item gets closed or the exception expires. The role required is sn_vul.manage_exception_configuration for both read and write.

    After the record is submitted, if email notifications are defined, members of the Vulnerability Response group receive an email when the expiration date is within one week. When the defer date expires, the vulnerable item is set back to Open and a second email notification is sent out.
    Reason Enter the reason for deferring the issue.
    Choices include:
    • Awaiting maintenance window
    • False positive
    • Fix unavailable
    • Risk accepted
    • Mitigating control in place
    • Other
    Additional information Enter any other relevant information.
  5. Click Submit.
    The group is marked In Review. A Reopen related link appears. The reopen date and reason appear in work notes under the State Change Approvals tab.