Set a False Positive Scan Result to Inactive

The following article describes how to set a false positive scan result from the Alert Logic® network intrusion detection system solution to inactive in the Alert Logic console.

A best practice in vulnerability assessment is to set false positive scan results as inactive; thereby removing it from view in the console, as well as from future generated reports. This process allows you to easily identify vulnerabilities that require remediation.

Solution

1. In the Alert Logic console, perform one of the following:
   
   - Alert Logic Cloud Defender or Threat Manager customers, click Overview > Scans.
   
   - Alert Logic Essentials, Professional, or Enterprise customers, navigate to the main menu () > Configure > PCI Scanning.
   
   
2. Click the Scans tab.
   
   
3. If you manage more than one customer, in the Customer drop-down list, select the customer and then click Go. 
   
   
4. Next to the scan that identifies the false positive to mark inactive, click and expand Results. 
   
   
5. Next to the date the scan was run, under the Results column, click the hosts link. A list of all hosts and associated vulnerabilities display.
   
   
6. Locate the appropriate host and click the name of the false positive to set inactive.
   
   
7. Click Change Status. 
   
   
8. For Change the status of this vulnerability for, select This Host. 
   
   Note: Do not select All Hosts unless you are certain that the vulnerability in question is a false positive for all hosts in your environment.
   
   
9. Select Inactive. 
   
   
10. Click Save. 

Additional Information

More information about scanning, ignoring vulnerabilities, and reporting false positives is available in our Scans documentation.