Approve exception requests for vulnerable items or remediation tasks that can't be remediated immediately. You must assess these requests for risk and then approve them for deferral until they can be remediated.

Before you begin

You can approve exception and false positive requests in the Vulnerability Response Workspace. See Approve or reject requests in the Vulnerability Manager Workspace.

Role required: sn_vul.exception_approver
You can also approve exception requests in the classic environment.
Note:

Starting from v21.0 of Vulnerability Response, you can configure the time frames for approving false positives and exceptions, along with email notifications for both the approver and requester after a set number of days. When a request is raised, the vulnerable item changes to In-Review status and a state change record is created. If the approver doesn't respond within the configured time frame, the vulnerable item or remediation task reverts to Open status. The previous state is stored in the backup_state field. For more information, see Configure approval rules for Exception Management.

Procedure

  1. Navigate to All > Vulnerability Response > My Approvals.
  2. Select a request from your queue.
  3. Approve or reject the request with appropriate comments.