Working with exceptions

This topic provides instructions on creating, viewing, disabling, enabling, and deleting exceptions for the selected vulnerabilities. 

To know what exceptions are and how they can be used, see Exceptions.

Creating an exception

As an administrator, on the Manage > Manage Exceptions page, click Create Exception and do the following:

1. Enter a unique name and a justification.
2. (Optional) To mark vulnerabilities in an exception permanently, select the Permanent Exception check box and the start date. 
   The end date for permanent exceptions is set to 100 years from the start date. You can always modify the start and end dates after creating an exception.
3. Select the start and end dates for the exception. 
   The exception expires after the end date at 12 AM UTC.
4. (Optional) Enter the Change Request ID, if it has been created in the IT Service Management system.
5. (Optional) Enter the name or email address of the user who owns the exception.

6. Select Vulnerabilities and do one of the following. You can use Advanced Search to filter the list. 

   1. Click Select Vulnerabilities and choose one or more vulnerabilities from the list.
   2. Select Vulnerability Name on all the pages to choose all the vulnerabilities in the list.

   The selected vulnerabilities appear in the table. 

7. Choose the assets or network devices for which the exception is to be created.
8. Save the exception. 
   It appears on the Manage Exceptions page. Depending on the start date, the status is either Active (if Start Date is the current date) or Enabled (if Start Date is a future date). You can create a remediation operation when the exception is in the Enabled state. If an exception is permanent, its end date is displayed as NA.

Viewing exceptions

On the Manage Exceptions page, view the following details:

• Exception Name and justification
• Owner
• Start and End Dates
• Created and Updated Dates
• Status

To search for an exception, enter an exception name or status, and click .

Click the exception name to view details.

• As a non-administrative operator user, you can see the list of applicable vulnerabilities and impacted assets or network devices.

• As an administrator, to view additional details for an active exception, click View Vulnerability and Asset Combination. 
  The vulnerability, severity level, CVE IDs, and the total number of impacted assets are displayed.

Disabling and enabling an exception

You can disable an exception if you want it to be inactive for a while. 

On the Manage > Manage Exceptions page, do the following: 

• Select an exception and click Actions >Disable and click Continue. 
  The exception status changes to Disabled. It still appears in the exceptions list. 
• Select an exception and click Actions >Enable.
  The exception status changes to Enabled. The exception becomes Active on the start date. 

When you disable an exception, vulnerabilities appear on the Risks page and are available for remediation. On the Vulnerability Dashboard, the Vulnerabilities by Stage widget reflects the changes. If you disable an older exception (not created today), data in the Vulnerability Trend widget is not updated immediately as the trend widget is refreshed at 12 AM UTC every night.

Extending an exception date

On the Manage > Manage Exceptions page, do the following:

1. Select an exception and click Actions > Edit Exception Date.
2. Select a new end date.
3. Click Save.

Deleting an exception

You can delete an exception in any state. When an exception is deleted, you can create remediation operation for the vulnerabilities on the assets.

On the Manage > Manage Exceptions page, do the following:

1. Select an exception and click Actions > Delete.
2. Click Continue.