Requesting a False Positive

How to submit a false positive request in the RiskSense platform.

While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark that finding as a False Positive (FP).

To submit a false positive, go to either the Network > Host Findings or Application > Application Findings pages. For this example, we will show you how to submit a false positive using the Network > Host Findings page.

Host Findings Menu Location-2

Select the finding(s) you want to mark as a false positive by clicking the check box in the page’s first column. You may select several vulnerabilities at a time for marking false positives.

False Positive Request - Selecting Host Findings

Click the Workflow button.

False Positive Request - Workflow Button Location

In the Workflow drop-down menu, click Request under the False Positive category. This option can be used for single and multiple vulnerabilities.

False Positive Request - Request False Positive Menu Location

You may also select a single vulnerability and right click the line item to select workflow options from the pop-up menu. Note that using the right-click option only works for a single row, as designated in the screenshot below.

False Positive Request - Request False Positive Right Click Menu Location

Clicking Workflow > False Positive > Request brings up the Request False Positive window.

False Positive Request - Request False Positive Window

The following list describes the fields that appear in the Request False Positive window.

  • Description: Description of the false positive.
  • Reason: Why should those false positives be accepted?
  • Expiration Date: Date that the false positive should expire. If the date is blank, the false positive will not expire. You may enter your own expiration date or select one of the presets underneath the expiration date field, as well.
  • Compensating Control: If there is a compensating control in place to support the risk acceptance request, enter it here. Click the information bubble next to the title for more information.
  • Drag Files Here: Allows users to upload documents or images supporting the false positive request.

Once the form is complete, click Submit. Once a user requests a false positive, the vulnerability state will change to FP Requested. The false positive request is then sent to a group manager or manager to either approve or reject the false positive request.

False Positive Request - FP Requested State