The following article describes how to set a false positive scan result from the Alert Logic® network intrusion detection system solution to inactive in the Alert Logic console.
A best practice in vulnerability assessment is to set false positive scan results as inactive; thereby removing it from view in the console, as well as from future generated reports. This process allows you to easily identify vulnerabilities that require remediation.
Solution
- In the Alert Logic console, perform one of the following:
- Alert Logic Cloud Defender or Threat Manager customers, click Overview > Scans.
- Alert Logic Essentials, Professional, or Enterprise customers, navigate to the main menu () > Configure > PCI Scanning.
- Click the Scans tab.
- If you manage more than one customer, in the Customer drop-down list, select the customer and then click Go.
- Next to the scan that identifies the false positive to mark inactive, click and expand Results.
- Next to the date the scan was run, under the Results column, click the hosts link. A list of all hosts and associated vulnerabilities display.
- Locate the appropriate host and click the name of the false positive to set inactive.
- Click Change Status.
- For Change the status of this vulnerability for, select This Host.
Note: Do not select All Hosts unless you are certain that the vulnerability in question is a false positive for all hosts in your environment. - Select Inactive.
- Click Save.
Additional Information
More information about scanning, ignoring vulnerabilities, and reporting false positives is available in our Scans documentation.
Comments
0 comments
Please sign in to leave a comment.