False Positive Initiation

To initiate a false positive request perform the following steps:

  1. Go to Incidents or Incident Group > Assigned to My Group (Open).
  2. Click an open incident.
  3. Right-click in the title bar, and click False Positive - Initiate.

    false_positive_initiate.

    The State is changed to False Positive- Identified.

  4. In the vulnerability incident, scroll down to the False Positive tab.

    false_positive_reasons

    In the False Positive tab, enter a reason for marking this vulnerability incident as false positive.

  5. Click the Approval Configuration tab, and select the approval group in the Infrastructure/ App Owner Approval Group.

    false_positive_approval_configuration.

  6. Click False Positive- Request Confirmation.
    The State changes to False Positive- Awaiting Approval.

The false positive request is submitted for approval. The approver group approves or rejects it. See False Positive Approval.

After the false positive request is approved or rejected, go to the incident for which it was sent and click the VMDR Approvals tab.

You can view the approver and the state of approval. After initial application infrastructure approval, you can also view the additional approvers. The other approvers need to follow the false positive approval workflow.

false_positive_additional_approvals

If the approver rejects the false positive request, it is reflected in the incident record | VMDR Approvals tab.

If all the approvers approve the false positive request, the incident's state changes to False Positive - Confirmed. 

false_positive_confirmed

 

Related Topic

False Positive Approval

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.