Create approval levels for Exception Management
Define the levels of users and user groups that are going to approve the exception requests.
Before you begin
Role required: sn_vul.vulnerability_admin
Procedure
- Navigate to All > Vulnerability Response > Administration > Approval Rules.
- Select an approval rule and navigate to the Approval Configurations tab.
- Select a configuration.
- In the Approver Levels section, select an approver level.
-
On the form, fill in the fields.
Table 1. Approver Level form Field Description Name Approval level name. Required approval Select how many approvals are required for the selected level: - One approver required
- All users must approve
Active Enabled by default, signifying that the approval level is in use. Order Execution order of various configurations within a rule. For example, a configuration with an order entry of 100 runs before a configuration with an order entry of 200. Approval rule Contains the table and type details for the approval rule. Approval configuration Contains the approval configurations. Assign using Select an option from: - User and user group
- Approval table field
- Script
Groups Approver level group consisting of multiple users. The user must have one of the following roles: - sn_vul.exception_approver: For exception management and exception rules
- sn_vul.false_positive_approver: For false positive
Users Edit the users listed in the groups. -
To save the changes, select Update.
Note:Prior to v15.0, the workflow process is functional if there are users only in Exception level 1. However, starting from v15.0, there must be at least one user in each level.
Prior to v15.0, in the workflow, if there was no user in the second level, the vulnerability item or vulnerable group was deferred. However, v15.0 onwards, if there is no user in the second level, the approval request is automatically rejected.
Example
There can be different approval levels for vulnerabilities for Linux and Windows servers.