Approving a False Positive

How to approve a false positive request in the RiskSense platform.

While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark that finding as a False Positive (FP).

Only managers and group managers can approve false positive requests.

To approve a false positive request, navigate to either the Network > Host Findings or Application > Application Findings pages. For this example, we will show you how to approve a false positive using the Application > Application Findings page.

Application Findings Menu Location-1

Select the FP Requested findings you want to approve by clicking the check box in the page’s first column. You may select several vulnerabilities at a time for approving false positives. If you are having trouble finding false positive requests, see Filtering for False Positive Requests.

False Positive Approve - Selecting Application Findings

Click the Workflow button.

False Positive Approve - Workflow Button Location

In the Workflow drop-down menu, click Approve under the False Positive category. This option can be used for single and multiple vulnerabilities.

False Positive Approve - Approve False Positive Menu Location

You may also select a single vulnerability and right click the line item to select workflow options from the pop-up menu. Note that using the right-click option only works for a single row, as designated in the screenshot below.

False Positive Approve - Approve False Positive Right Click Menu Location

Clicking Workflow > False Positive > Approve brings up the Approve False Positive window.

False Positive Approve - Approve False Positive Window

The following list describes the fields that appear in the Approve False Positive window.

  • Expiration Date: Date that the false positive should expire. If the date is blank, the false positive will not expire. You may enter your own expiration date or select one of the presets underneath the expiration date field.
  • Override Expiration Date: If the requestor submitted an expiration date on the false positive and you want to modify it, you must change the expiration date and click this check box.

Once the form is complete, click Submit. Once a manager approves a false positive, the vulnerability state will change to FP Approved, as shown below.

False Positive Approve - FP Approved State