On the Vulnerability Management Explore page. you can modify the status of a vulnerability to help your team prioritize the vulnerabilities that matter and to track the lifecycle of your vulnerabilities. Cisco Vulnerability Management offers four vulnerability statuses:
- Open: The vulnerability is still a risk in your organizational data and is available in Cisco Vulnerability Management for remediation. This is the default status for vulnerabilities.
- Closed: Your team has remediated the vulnerability. Once closed, it is removed from the Open vulnerability view.
- Risk Accepted: The vulnerability truly represents a risk, but the business has decided not to remediate it for some reason. A good example of a Risk Accepted vulnerability is an Internet Explorer vulnerability on a server in a data center that is not accessed, or Java vulnerabilities that cannot be remediated because a legacy application will not be replaced until the next fiscal year.
- False Positive: The vulnerability identified in your scan file is not actually a vulnerability.
Modify the status of a vulnerability
- Navigate to the Vulnerability Management Explore page.
- Click the checkbox beside the vulnerability that you want to change the status for.
- Click Set Status.
- Select a vulnerability status option.
You will see the risk status that you’ve assigned to the vulnerability when you click one of the vulnerabilities in the table and view its details. You can also flag many vulnerabilities at once as either risk accepted or false positive in the Vulnerability table (or all at once using the Display drop-down). Once selected, just assign the new status using the drop-down list.
Flagging a vulnerability as risk accepted or as false positive will remove those items from the risk meter score, as only open vulnerabilities contribute to an asset score. For Risk Meters that would have contained vulnerabilities that you marked risk accepted, you will see the Risk Meters True Risk score on the Group Overview of the Reporting page.
You can add additional information to your vulnerability statuses (such as justification of the decision or a date to reevaluate) by creating a custom field for each. For Risk Accepted items, a Due Date is also recommended so that the business can revisit the decision to not remediate the risk. More information on using custom fields can be found here.
Comments
Please sign in to leave a comment.