Create an exception rule

  • Rversion finale: Australia
  • Mis à jour 13 mars 2026
  • 2 minutes de lecture

    • Create a rule to automatically request an exception for a specific condition for a group findings, such as a rule with a condition that is based on the vulnerability severity of these findings. With this rule, you can defer new and existing findings automatically if they match the approved rule condition.

    Avant de commencer

    Role required: See Access control lists (ACLs) for administration rules

    Pourquoi et quand exécuter cette tâche

    The rule is applied from the "Valid from" until the "Valid to" date. The remediation task (VUL) is created when the rule is approved. The grouping method for this VUL is known as exception rules. The VUL is created in the Deferred state. You can't close, reopen, or delete this VUL. New and reopened VIs are deferred and added to this VUL from the "Valid from" date until the group expires on the "Valid to" date.
    Remarque :

    Email notifications are sent at every stage of the exception rule work flow. These emails provide the status and other details of a request. For example, when an exception rule is requested, the requester receives an email that confirms that the request is submitted.

    Remarque :
    If the rule is rejected, you can reopen it in the Draft state, update it, and then resubmit it for approval.

    Procédure

    1. Navigate to Workspaces > Security Exposure Management Workspace.
    2. Select Administration in the navigation pane.
    3. Select Review on the Exception rules tile.
    4. On the Exception Rule new record page, click New to create a rule.
    5. On the form, fill in the fields.
      Tableau 1. Exception Rule form
      Field Description
      Name Name of the exception rule.
      Valid from Date from which this rule is active to defer the Findings.
      Valid to Date from which the remediation task stops accepting new Findings.
      Reason Reason to create this exception rule.
      Assignment group Group that the remediation task that was created for tracking the deferred Findings is assigned to.
      Additional information Additional information that the requester wants to provide to the approver. This information is populated in the description field of the remediation task.
      Condition Filter condition for the Findings that can be defined while processing the Findings.
      Execute on existing data Option that enables you to run this rule on existing data the first time that this rule is run.
      Workflow stage Current approval status of the exception rule.
      State State of the exception rule.
      Execution order Unique order for each exception rule.
      Deferred until Date until when the VULs and Findings are deferred. On this date, the created VUL is closed, all the Findings move out of the group, and group rules are reapplied.
    6. Add the assignment group when you are creating the rule.
    7. Submit the form for approval.
      The status of the request changes to In review. Until you submit the exception rule, it remains in the Draft state.