Request exceptions for remediation tasks and records in the Vulnerability Manager Workspace

Release version: Zurich

Updated July 31, 2025

1 minute to read

From the Vulnerability Manager Workspace, vulnerability managers and analysts can request exceptions and false positives for a remediation task (VUL, AVUL, CVUL or CRG) and record (VIT, CVIT, AVIT or CTR). You can also split a remediation task and create change requests.

Role required:

sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
sn_vul.app_sec_manager for application vulnerable items (AVITs)
sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
sn_vulc.admin for configuration test results (CTRs)

Note:

Starting with v19.0 of Vulnerability Response, the following terms have been renamed:

Table 1. Changes in terminology
Terminology prior to v19.0	Terminology v19.0 onwards
Test Result Groups	Remediation Tasks
Configuration Issues	Configuration Test Results
Policy	Test group

In the Vulnerability Manager Workspace, you can perform the following on the records and remediation tasks:

Split a remediation task (VUL, AVUL, CVUL, and CRG).
Request an exception for a record (VIT, AVIT, or CVIT) or remediation task (VUL, AVUL, CVUL, or CRG).
Request a policy exception for records (VIT, AVIT, or CVIT) or remediation task (VUL, AVUL, CVUL, or CRG).
Request risk reduction for a host vulnerable item (VIT) and remediation task (VUL)
Create a change request for remediation task (VUL, CVUL, or CRG).
Request a false positive for record (VIT, AVIT, or CVIT) or remediation task (VUL, AVUL, CVUL or CRG).
Note:
You can raise false positive requests for a set of test results from a remediation task (CRG).

You initiate these UI actions from records in the Vulnerability Manager Workspace, the same way remediation owners perform these tasks in the IT Remediation Workspace.

See the following topics for more information: