Viewing and exporting exceptions

You can view the list of exceptions in the system and details of an exception on the Exception Management page. You can use various filtering options to limit the data to be displayed on the page. In addition, you can export the exceptions in comma-separated value (CSV) format. By default, this page displays the exceptions created by the currently logged-in user as well as the exceptions created by other users that are applicable to the currently logged-in user.

When you upgrade to version 3.0.01 or later of TrueSight Vulnerability Management, the vulnerabilities that are excluded in previous versions are converted to exceptions in version 3.0.01 or later. Converted exceptions appear with the following name, upgraded_<vulnerabilityId>. If an exception with the same name exists in the version 3.0.01 or later, the converted exception appears with the following name, upgraded_<vulnerabilityId>_1, if only one security group has excluded that vulnerability. If another security group has also excluded that vulnerability, the exception appears with the following name, upgraded_<vulnerabilityId>_2. The count in the exception name suffix (_<n>) increases by 1 as the number of security groups increase which have excluded that vulnerability. 

Each vulnerability is converted into one exception and that exception is applied to all the assets in TrueSight Vulnerability Management. A converted exception has the following other attributes:

  • Start Date appears as the date on which you upgrade to version 3.0.01 or later. 
  • End date appears as 01/01/9999. 
  • Justification appears as Upgraded exception

This topic contains the following sections:


To view the list of exceptions

  1. Select TrueSight Vulnerability Management > Exception Management.
    The Exception Management page appears.
  2. (optional) Perform the following actions on the exceptions list:

    ActionDescription
    ImportImports a CSV formatted file containing a list of exceptions.
    ExportExports the exceptions currently present in the system to a CSV file.
    FilterFilters exceptions by various properties, such as exception name and creator.
  3. (optional) Perform the following actions on an exception: 

    ActionDescription
    View Exception DetailsDisplays details of an exception, such as exception name, CVE IDs of the applicable vulnerabilities, exception owner, and assets and selection criteria of assets.
    EnableEnables an exception so that it is applied to assets when the exception becomes active. Therefore, the assets on which the selected vulnerabilities are reported will not be remediated. This option is available from the Actions menu. You cannot enable an expired exception.
    Note: Only the users that are part of the creator security group have permission to enable an exception. 
    DisableDisables an exception so that the selected vulnerabilities do not affect the assets. Therefore, the assets on which the selected vulnerabilities are reported will be remediated, until you enable the exception. This option is available from the Actions menu. You cannot disable an expired exception.
    Note: Only the users that are part of the creator security group have permission to disable an exception. 
    DeleteDeletes an exception, after which exception is no more applicable. This option is available from the Actions menu. Once you delete an exception, assets included in the exception can be remediated for the selected vulnerabilities. 

    Note:

    • Whenever you delete any scan file or tag, exceptions referring to that scan file or tag are not affected.
    • Only the users that are part of the creator security group have permission to delete an exception.

Filtering exceptions

Filters let you limit the data displayed on this page using different criteria, as described in the following sections. By default, all the exceptions in the system are displayed.

Filtering data in columns

Using the text boxes at the top of each column, enter any number of characters. As you enter characters, the list narrows its results to show only items with data that includes the text string you have entered. Clear all text from the search box to show all items. You can enter data in multiple columns to show only results that match all criteria.

Some columns provide a list of choices that you can select. The columns are filtered to show only the values you select.

Filtering by status

You can filter the exceptions displayed on the Exception Management page with the Status filter at the top of the page. You can select one of the following statuses:

  • ACTIVE
  • ENABLED
  • DISABLED
  • EXPIRED

Filtering by CVE IDs

You can filter the exceptions displayed on the Exception Management page with the CVE filter at the top of the page. This filter is populated only if the exceptions are defined in the system for CVE IDs. You can select multiple CVE IDs. 

Filtering by tags

You can filter the exceptions displayed on the Exception Management page with the Tags filter at the top of the page. The Tags filter is populated only if you have tags defined in the system. You can select multiple tags. 

Filtering by assets

You can filter the exceptions displayed on the Exception Management page with the Assets filter at the top of the page. This filter is populated only if the exceptions are defined in the system for assets. 

You can select one of the following values:

  • With All Assets: When you choose this option, the exceptions for which you had selected the All option under Assets are shown. 
  • With Selected Asset Names: When you choose this option, the exceptions for which you had selected the Selected option under Assets are shown. When you choose the With Selected Asset Names option, another filter appears where you can further select assets for which you want to see the exceptions.

Exception status and operations

The operations that you can perform on an exception depend on the status of the exception, as shown in the following table:

ScenarioException status on GUIAllowed operations on an exception
Exception is added, and the current date is before the Start Date

ENABLED – Indicates that the exception is added, but not currently applied to the assets for the selected vulnerabilities. Therefore, the assets on which the selected vulnerabilities are reported will be remediated, until the exception becomes active.

By default, an exception is enabled as soon as it is added.

Disable, Delete
Exception is added, and the current date is between the Start Date and End DateACTIVE – Indicates that the exception is currently applied to assets for the selected vulnerabilities. Therefore, the assets on which the selected vulnerabilities are reported will not be remediated.Disable, Delete
Exception is added, and the current date is after the End DateEXPIRED – Indicates that the exception is no longer applied to the assets as it has reached its end date. Therefore, the assets on which the selected vulnerabilities are reported will be remediated. Delete
Exception is added, but disabled

DISABLED – Indicates that exception is disabled and currently not applied to the assets for the selected vulnerabilities. Therefore, the assets on which the selected vulnerabilities are reported will be remediated, until you enable the exception.

Note: You cannot enable or disable an expired exception.

Enable, Delete

Exporting exceptions

You can export the exceptions in your system to a CSV formatted file. Exported data is stored in a ZIP file. You can also limit the data to be displayed on the pages by using various filters and then export the limited data. 

After exporting, you can open the file in a spreadsheet and then manipulate the data in any way you want.   

To export the contents of the dashboard

Click Export, at top right. Using your browser, you can open the file or save it locally. Data in the Start Date and End Date columns is exported according to the browser timezone.

Was this page helpful? Yes No Submitting... Thank you

Comments