How to submit a false positive request in the RiskSense platform.
While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark that finding as a False Positive (FP).
To submit a false positive, go to either the Network > Host Findings or Application > Application Findings pages. For this example, we will show you how to submit a false positive using the Network > Host Findings page.
Select the finding(s) you want to mark as a false positive by clicking the check box in the page’s first column. You may select several vulnerabilities at a time for marking false positives.
Click the Workflow button.
In the Workflow drop-down menu, click Request under the False Positive category. This option can be used for single and multiple vulnerabilities.
You may also select a single vulnerability and right click the line item to select workflow options from the pop-up menu. Note that using the right-click option only works for a single row, as designated in the screenshot below.
Clicking Workflow > False Positive > Request brings up the Request False Positive window.
The following list describes the fields that appear in the Request False Positive window.
- Description: Description of the false positive.
- Reason: Why should those false positives be accepted?
- Expiration Date: Date that the false positive should expire. If the date is blank, the false positive will not expire. You may enter your own expiration date or select one of the presets underneath the expiration date field, as well.
- Compensating Control: If there is a compensating control in place to support the risk acceptance request, enter it here. Click the information bubble next to the title for more information.
- Drag Files Here: Allows users to upload documents or images supporting the false positive request.
Once the form is complete, click Submit. Once a user requests a false positive, the vulnerability state will change to FP Requested. The false positive request is then sent to a group manager or manager to either approve or reject the false positive request.