False Positive: Overview

Summary: High-level overview of the false positive workflow.

While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible.  For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the Ivanti Neurons platform provides an option to mark that finding as a False Positive (FP).

Once a scanner finding/vulnerability is marked as a false positive, that finding will remain as a false positive unless a user manually removes it from that state or the false positive status expires. Users do not have to account for or address those vulnerabilities marked as false positive each time they are erroneously identified by a scanner.

Vulnerabilities marked as false positive are removed from the Ivanti RS³ calculations entirely, providing neither negative or positive impact.

There are three states associated with the false positive workflow.

• FP Requested: The false positive request was submitted and is awaiting approval.

• FP Approved: The false positive request was approved by a user.

• FP Reworked: The user received the false positive request but selected this option because the finding needs more justification for approval.

When a false positive request is outright rejected, the state will revert to Assigned.