Viewing and exporting exceptions
You can view the list of exceptions in the system and details of an exception on the Exception Management page. You can use various filtering options to limit the data to be displayed on the page. In addition, you can export the exceptions in comma-separated value (CSV) format. By default, this page displays the exceptions created by the currently logged-in user as well as the exceptions created by other users that are applicable to the currently logged-in user.
When you upgrade to version 3.0.01 or later of TrueSight Vulnerability Management, the vulnerabilities that are excluded in previous versions are converted to exceptions in version 3.0.01 or later. Converted exceptions appear with the following name, upgraded_<vulnerabilityId>. If an exception with the same name exists in the version 3.0.01 or later, the converted exception appears with the following name, upgraded_<vulnerabilityId>_1, if only one security group has excluded that vulnerability. If another security group has also excluded that vulnerability, the exception appears with the following name, upgraded_<vulnerabilityId>_2. The count in the exception name suffix (_<n>) increases by 1 as the number of security groups increase which have excluded that vulnerability.
Each vulnerability is converted into one exception and that exception is applied to all the assets in TrueSight Vulnerability Management. A converted exception has the following other attributes:
- Start Date appears as the date on which you upgrade to version 3.0.01 or later.
- End date appears as 01/01/9999.
- Justification appears as Upgraded exception
This topic contains the following sections:
To view the list of exceptions
- Select TrueSight Vulnerability Management > Exception Management.
The Exception Management page appears. (optional) Perform the following actions on the exceptions list:
(optional) Perform the following actions on an exception:
Action Description View Exception Details Displays details of an exception, such as exception name, CVE IDs of the applicable vulnerabilities, exception owner, and assets and selection criteria of assets. Enable Enables an exception so that it is applied to assets when the exception becomes active. Therefore, the assets on which the selected vulnerabilities are reported will not be remediated. This option is available from the Actions menu. You cannot enable an expired exception.
Note: Only the users that are part of the creator security group have permission to enable an exception.Disable Disables an exception so that the selected vulnerabilities do not affect the assets. Therefore, the assets on which the selected vulnerabilities are reported will be remediated, until you enable the exception. This option is available from the Actions menu. You cannot disable an expired exception.
Note: Only the users that are part of the creator security group have permission to disable an exception.Delete Deletes an exception, after which exception is no more applicable. This option is available from the Actions menu. Once you delete an exception, assets included in the exception can be remediated for the selected vulnerabilities.
Note:- Whenever you delete any scan file or tag, exceptions referring to that scan file or tag are not affected.
- Only the users that are part of the creator security group have permission to delete an exception.
Filtering exceptions
Filters let you limit the data displayed on this page using different criteria, as described in the following sections. By default, all the exceptions in the system are displayed.
Filtering data in columns
Using the text boxes at the top of each column, enter any number of characters. As you enter characters, the list narrows its results to show only items with data that includes the text string you have entered. Clear all text from the search box to show all items. You can enter data in multiple columns to show only results that match all criteria.
Some columns provide a list of choices that you can select. The columns are filtered to show only the values you select.
Filtering by status
You can filter the exceptions displayed on the Exception Management page with the Status filter at the top of the page. You can select one of the following statuses:
- ACTIVE
- ENABLED
- DISABLED
- EXPIRED
Filtering by CVE IDs
You can filter the exceptions displayed on the Exception Management page with the CVE filter at the top of the page. This filter is populated only if the exceptions are defined in the system for CVE IDs. You can select multiple CVE IDs.
Filtering by tags
You can filter the exceptions displayed on the Exception Management page with the Tags filter at the top of the page. The Tags filter is populated only if you have tags defined in the system. You can select multiple tags.
Filtering by assets
You can filter the exceptions displayed on the Exception Management page with the Assets filter at the top of the page. This filter is populated only if the exceptions are defined in the system for assets.
You can select one of the following values:
- With All Assets: When you choose this option, the exceptions for which you had selected the All option under Assets are shown.
- With Selected Asset Names: When you choose this option, the exceptions for which you had selected the Selected option under Assets are shown. When you choose the With Selected Asset Names option, another filter appears where you can further select assets for which you want to see the exceptions.
Exception status and operations
The operations that you can perform on an exception depend on the status of the exception, as shown in the following table:
Scenario | Exception status on GUI | Allowed operations on an exception |
---|---|---|
Exception is added, and the current date is before the Start Date | ENABLED – Indicates that the exception is added, but not currently applied to the assets for the selected vulnerabilities. Therefore, the assets on which the selected vulnerabilities are reported will be remediated, until the exception becomes active. By default, an exception is enabled as soon as it is added. | Disable, Delete |
Exception is added, and the current date is between the Start Date and End Date | ACTIVE – Indicates that the exception is currently applied to assets for the selected vulnerabilities. Therefore, the assets on which the selected vulnerabilities are reported will not be remediated. | Disable, Delete |
Exception is added, and the current date is after the End Date | EXPIRED – Indicates that the exception is no longer applied to the assets as it has reached its end date. Therefore, the assets on which the selected vulnerabilities are reported will be remediated. | Delete |
Exception is added, but disabled | DISABLED – Indicates that exception is disabled and currently not applied to the assets for the selected vulnerabilities. Therefore, the assets on which the selected vulnerabilities are reported will be remediated, until you enable the exception. Note: You cannot enable or disable an expired exception. | Enable, Delete |
Exporting exceptions
You can export the exceptions in your system to a CSV formatted file. Exported data is stored in a ZIP file. You can also limit the data to be displayed on the pages by using various filters and then export the limited data.
After exporting, you can open the file in a spreadsheet and then manipulate the data in any way you want.
To export the contents of the dashboard
Click Export, at top right. Using your browser, you can open the file or save it locally. Data in the Start Date and End Date columns is exported according to the browser timezone.
Comments
Log in or register to comment.