Create auto-close rules

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Use auto-close rules to close older detections automatically based on the filter conditions that you set.

    Avant de commencer

    Role required: sn_vul.manage_auto_close_stale_vi

    Procédure

    1. Navigate to All > Vulnerability Response > Administration > Auto-Close Rules.
      The base system provides the following auto-close rules:
      • Assets last scanned: Detections associated with assets that haven’t been scanned within the last 90 days are transitioned to Stale state.
      • Manual detections last found: Manual detections that haven’t been found within the last 90 days. If you activate Detections last found record, then this feature requires a successful integration run of Rapid7 Comprehensive Vulnerable Item Integrations and Microsoft TVM Machine Vulnerabilities Integration (Full import) within the last seven days.
      • Detections last found: Detections that haven’t been found within the last 90 days.
    2. Select New to create a new auto-close rule.
    3. Fill in the fields on the form.
      Field Value
      Name Name of the auto-close rule.
      Active Option to activate the rule. If activated, it closes any detections automatically that match its filter criteria.
      Ignore deferred items If selected, any detections that are mapped to the In-review or Deferred states are ignored and not closed. If you clear this option, any detections that match your criteria are closed.
      Execution order Unique value for the execution of the auto-close rule. This value determines the order of execution. The default value is 100.
      Description Description of the auto-close rule.
      Condition Filter conditions used to identify detections that should be closed.
    4. Select Submit.
      The Auto-Close Stale Detections scheduled job runs daily. It identifies detections based on the specified conditions and transitions the matching ones to the Stale state. The job handles the following scenarios:
      • If all the detections within a vulnerable item (VIT) are marked as stale, the VIT is closed with the sub-state set as "Stale".
      • If there is at least one detection that remains open within a VIT, while others are in the Stale status, the VIT remains open.
      • In cases where there are detections with both "Closed" and "Stale" statuses within a VIT, the VIT is closed with the sub-state set as "Fixed".

      When you upgrade to the latest version of Vulnerability Response, the conditions set in your auto-close rules also get updated accordingly. Additionally, if the rules are associated with different domains, the rules are created specifically within those domains.