Request a False Positive in the IT Remediation Workspace

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • From a remediation task record, mark a false positive in the Vulnerability Response workspace.

    Before you begin

    Role required: sn_vul.remediation_owner, sn_vul.app_security_champion, or sn_vul_container.remediation_owner

    A false positive is a condition wherein the scanner reports that a vulnerability exists in the system, but in reality, there is no vulnerability. There can be multiple reasons, such as incorrect classification, improper logic or algorithm in the scanner. A remediation owner can submit a request for approval for false positives from vulnerable items (VIs) or remediation tasks (RTs) records.

    Starting with version 18.0, you can request exceptions for application vulnerability items and container vulnerability items.

    For more information about false positives in the classic environment in the Vulnerability Response application, see False Positive overview.

    Procedure

    1. Navigate to All > Vulnerability Response > IT Remediation Workspace.
    2. Locate a remediation task or vulnerable items that you want to mark as false positive.
    3. In the UI action buttons on the right, click Mark as False Positive.
    4. In the dialog that is displayed, enter information about the request and click Request Approval.
    5. On the Take Questionnaire modal, answer the questions and click Submit.
      Note:
      Starting with version 18.0, you can answer the questionnaire to provide additional information about your request for the approver. The Take Questionnaire modal appears only when the Enable questionnaire to mark false positive check box is selected in the Exception Management Configuration form. For more information, see Configure Exception Management for Vulnerability Response.
      Your request is submitted for approval. A message displays that indicates the request was successfully submitted. A false positive request for a vulnerable item or a remediation task only requires a single approver.

      To view the status of your approval requests in the IT Remediation Workspace, under Exception Requests on the List page, click My requests. The number for the request (VCA#) is displayed when you open the VI or remediation task record from the list.

      After the request is approved, the State of the VI or task record transitions to Closed. Active VIs on task records that are marked as False Positive are also closed.
      If the request is rejected:
      • The state does not change on the VI or task record. Active VIs remain open.
      • The request record (VCA#) displays Rejected in the Approval state column in your List view under My requests.