Close or ignore a vulnerability

If you determine that a vulnerability is a low priority and can either be deferred or immediately closed without further analysis, close or ignore the vulnerability.

Before you begin

The sn_vul.vulnerable_item.approval_required property determines whether an approval request is sent to members of the Vulnerability Response group for approval when a vulnerability is closed or ignored. If you do not want to require approval, deactivate this property.

Role required: sn_vul.vulnerability_write

Procedure

  1. Navigate to Vulnerability > Vulnerabilities and open the vulnerability (VUL) record you want to close or ignore.
  2. Click Close/Ignore.
  3. Fill in the fields on the form, as appropriate.
    Field Description
    Desired State Select Ignored or Closed.
    Until If you selected Ignored as the desired state, select the date and time when the Ignored state expires, and the vulnerability and all vulnerable items are reactivated.
    Substate Select the reason that best applies for ignoring or closing the issue.
    Close now? If you selected Closed and the desired state, and Fixed as the substate, select one of the following options:
    • Wait for confirmation from next scan to set the vulnerability and the items to a closed, pending confirmation state.
    • Close vulnerabilities now, reopen if found to set the vulnerability and its vulnerable items to a closed fixed state. It reopens if a later scan finds again finds any of the vulnerable items.
    Reason Provide more reasons for ignoring or closing the issue.
  4. Click Submit.

    Depending on how the sn_vul.vulnerable_item.approval_required system property was set and the action taken, the following results occur.

    Property setting Result
    Active
    • The State of the vulnerability changes to In Review.
    • An email notification is sent to the members of the Vulnerability Response group for approval.
    • When a member of the group approves the request:
      • The State changes to Ignored or Closed, as requested.
      • The Substate changes to the requested value and is read only.
      • The fields in the Ignore/Close section are filled and set to read-only.
      • The Notes section indicates the change.
    • When a member of the group rejects the request:
      • The State changes to Analysis, as requested.
      • The Desired fields are reset.
      • The Notes section indicates the rejection.
    Inactive
    • The State of the vulnerability and all its vulnerable items change to Ignored or Closed as requested.
    • The fields in the Ignore/Close section are filled and set to read-only.
    • The Notes related list indicates the change.