Request a false positive for a vulnerable item or remediate task
Indicate a false positive request for a finding or a remediation task in the Security Exposure Management Workspace. A false positive is a condition where a scanner incorrectly reports that a finding exists in the system due to situations such as an incorrect classification, improper logic, or an algorithm in the scanner.
Before you begin
- sn_vul.remediation_owner for host vulnerable items (VITs)
- sn_vul.app_security_champion for application vulnerable items (AVITs)
- sn_vul_container.remediation_owner for container vulnerable items (CVITs)
- sn_vulc.remediation_owner for configuration test results (CTRs)
About this task
Procedure
Result
The state of the vulnerable item or remediation task transitions to In Review.
Your request is submitted for approval and the approver receives an email notification about your request.
You will receive an email notification upon approval or rejection of your request.
What to do next
| Approval state | Record | Remediation task |
|---|---|---|
| Approved | The State of the record transitions to Closed with Reason as False positive. | The State of the remediation task transitions to Closed with Reason as False positive. The state is rolled down to the records in the remediation task
accordingly. Navigate to the Details tab of a Remediation task and set the expiry date for false positive in the Until field if required. The remediation task reverts to the Open state after the specified date and the state is rolled down to the test results. |
| Rejected | The state of the record does not change. | The state of the remediation task and its records reverts to previous state. |
In the Activity stream of a record or remediation task, you can view the entire workflow of the false positive request.