Request a false positive in the IT Remediation Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Raise a false positive request for host vulnerable item (VIT), application vulnerable item (AVIT), container vulnerable item (CVIT), or remediation task (VUL, AVUL, CVUL or CRG) in the IT Remediation Workspace.

    Before you begin

    Role required:
    • sn_vul.remediation_owner for host vulnerable items (VITs)
    • sn_vul.app_security_champion for application vulnerable items (AVITs)
    • sn_vul_container.remediation_owner for container vulnerable items (CVITs)
    • sn_vulc.remediation_owner for configuration test results (TRs)

    About this task

    A false positive is a condition wherein the scanner reports that a vulnerability exists in the system, but in reality, there is no vulnerability. There can be multiple reasons, such as incorrect classification, improper logic or algorithm in the scanner.

    For more information on how to request a false positive for a set of test results, see Request false positive for a set of test results.

    Procedure

    1. Navigate to Workspaces > IT Remediation Workspace.
    2. Locate a remediation task (VUL, AVUL, CVUL or CRG) or vulnerable item (VIT, AVIT, or CVIT) that you want to mark as false positive.
    3. In the UI action buttons on the right, select Mark as False Positive.
    4. In the dialog that is displayed, enter information about the request and select Request Approval.
    5. On the Take Questionnaire modal, answer the questions to provide additional information about your request to the approver and select Submit.
      Note:
      The Take Questionnaire modal appears only when the Enable questionnaire to mark false positive check box is selected in the Exception Management Configuration form. For more information, see Configure Exception Management for Vulnerability Response,Configure Exception Management for Application Vulnerability Response, Configure Exception Management for Container Vulnerability Response, and Configure Exception Management for Configuration Compliance.

      The state of the vulnerable item (VIT, AVIT, or CVIT) or remediation task (VUL, AVUL, or CVUL) transitions to In Review.

      Your request is submitted for approval and the approver receives an email notification about your request.

    Result

    You will receive an email notification upon approval or rejection of your request.

    What to do next

    In the IT Remediation Workspace, on the List page, navigate to Exception Requests > My requests and open the corresponding state change approval record (VCA#) and check the status of your request in the Approval state column:
    Approval state Record (VIT, AVIT, or CVIT) Remediation task (VUL, AVUL, CVUL, or CRG)
    Approved The State of the record transitions to Closed with Reason as False positive. The State of the remediation task transitions to Closed with Reason as False positive. The state is rolled down to the records in the remediation task accordingly.

    Navigate to the Details tab of a Remediation task and set the expiry date for false positive in the Until field if required. The remediation task reverts to the Open state after the specified date and the state is rolled down to the test results.

    Rejected The state of the record does not change. The state of the remediation task and its records reverts to previous state.

    In the Activity stream of a record or remediation task, you can view the entire workflow of the false positive request.