How to send a false positive request back to the user for rework.
While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark that finding as a False Positive (FP).
Only managers and group managers can send false positive requests back to users for rework.
To rework a false positive request, navigate to either the Network > Host Findings or Application > Application Findings pages. For this example, we will show you how to rework a false positive using the Network > Host Findings page.
Select the FP Requested finding(s) you want reworked by clicking the check box in the page’s first column. You may select several vulnerabilities at a time for reworking false positives. If you are having trouble finding false positive requests, see Filtering for False Positive Requests.
Click the Workflow button at the top of the list view.
In the Workflow drop-down menu, click Rework under the False Positive category. This option can be used for single and multiple vulnerabilities.
You may also select a single vulnerability and right click the line item to select workflow options from the pop-up menu. Note that using the right-click option only works for a single row, as designated in the screenshot below.
Clicking Workflow > False Positive > Rework brings up the Rework False Positive window.
In the provided text box, enter the reason for reworking the false positive request. Once complete, click Apply.
When a risk acceptance request is reworked, the state changes to Assigned, as shown below.