The following article describes how to set a false positive scan result from Alert Logic® Threat Manager™ to inactive in the Alert Logic user interface (UI).
A best practice in vulnerability assessment is to set false positive scan results as inactive; thereby removing it from view in the UI, as well as from future generated reports. This process allows you to easily identify vulnerabilities that require remediation.
- At the top of the Alert Logic UI, in the drop-down menu, click Scans.
- On the Scans page, click the Scans tab.
- If you manage more than one customer, in the Customer drop-down list, select the customer and then click Go.
- Next to the scan that identifies the false positive to mark inactive, click and expand Results.
- Next to the date the scan was run, under the Results column, click the hosts link. A list of all hosts and associated vulnerabilities display.
- Locate the appropriate host and click the name of the false positive to set inactive.
- Click Change Status.
- For Change the status of this vulnerability for, select This Host.
Note: Do not select All Hosts unless you are certain that the vulnerability in question is a false positive for all hosts in your environment.
- Select Inactive.
- Click Save.
More information about scanning, ignoring vulnerabilities, and reporting false positives is available in our Scans documentation.