The following article describes how to set a false positive scan result from the Alert Logic® network intrusion detection system solution to inactive in the Alert Logic console.
A best practice in vulnerability assessment is to set false positive scan results as inactive; thereby removing it from view in the console, as well as from future generated reports. This process allows you to easily identify vulnerabilities that require remediation.
- In the Alert Logic console, click Overview in the main menu and then click Scans in the left sidebar.
- On the Scans dashboard, click the Scans tab.
- If you manage more than one customer, in the Customer drop-down list, select the customer and then click Go.
- Next to the scan that identifies the false positive to mark inactive, click and expand Results.
- Next to the date the scan was run, under the Results column, click the hosts link. A list of all hosts and associated vulnerabilities display.
- Locate the appropriate host and click the name of the false positive to set inactive.
- Click Change Status.
- For Change the status of this vulnerability for, select This Host.
Note: Do not select All Hosts unless you are certain that the vulnerability in question is a false positive for all hosts in your environment.
- Select Inactive.
- Click Save.
More information about scanning, ignoring vulnerabilities, and reporting false positives is available in our Scans documentation.