Follow

Set a False Positive Scan to Inactive | How To

Description

The following article describes how to set a false positive scan result from Alert Logic® Threat Manager™ to inactive in the Alert Logic user interface (UI).

A best practice in vulnerability assessment is to set false positive scan results as inactive; thereby removing it from view in the UI, as well as from future generated reports. This process allows you to easily identify vulnerabilities that require remediation.

Solution

  1. At the top of the Alert Logic UI, in the drop-down menu, click Scans
  2. On the Scans page, click the Scans tab.
  3. If you manage more than one customer, in the Customer drop-down list, select the customer and then click Go
  4. Next to the scan that identifies the false positive to mark inactive, click and expand Results
  5. Next to the date the scan was run, under the Results column, click the hosts link. A list of all hosts and associated vulnerabilities display.
  6. Locate the appropriate host and click the name of the false positive to set inactive.
  7. Click Change Status
  8. For Change the status of this vulnerability for, select This Host
    Note: Do not select All Hosts unless you are certain that the vulnerability in question is a false positive for all hosts in your environment.
  9. Select Inactive
  10. Click Save

Additional Information

More information about scanning, ignoring vulnerabilities, and reporting false positives is available in our Scans documentation.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.