Working with exceptions

This topic provides instructions on creating, viewing, disabling, enabling, and deleting exceptions for the selected vulnerabilities. To know what exceptions are and how they can be used, see Exceptions.

Creating an exception

As an administrator, on the Manage > Exceptions page, click Create Exception and perform the following steps:

  1. Enter a unique name and a justification.
  2. (Optional) Select the Permanent Exception check box and enter the start date to permanently exclude a vulnerability. 
    The end date for permanent exceptions is set to 100 years from the start date. You can always modify the end dates after creating an exception.
  3. Select the start and end dates for the exception. 
    The exception expires after the end date at 12 AM UTC.
  4. (Optional) Enter the Change Request ID, if it has been created in the IT Service Management system.
  5. (Optional) Enter the name or email address of the user who owns the exception.
  6. Click Select Vulnerabilities and use any of the following search options to select the vulnerabilities to be excluded from remediation:
    • Choose one or more vulnerabilities from the list. You can select the check box next to Vulnerability Name to choose all the vulnerabilities in the list.

    • Enter a vulnerability name and click Search Search icon.png.

      You can either enter a search term or use Advanced filter to select vulnerabilities.

    • Click Advanced filter and select the required filters, and click Done. You can select multiple search criteria from the following options:
      • CVE ID
      • Operating System
      • Severity

      • Status

        Important

        When you select the Operating System and Severity filters, you can click Select all to select all the sub-criteria, and click Clear all to clear your selection.

        The vulnerabilities that match the search results are displayed.

  7. Click Select Assets and use any of the following search options to select the assets with vulnerabilities to be excluded from remediation:
    • Choose one or more assets from the list. You can select the check box next to Asset Name to choose all the assets in the list.

    • Enter an asset name and click Search Search icon.png.

      You can either enter a search term or use Advanced filter to select assets.

    • Click Advanced filter and select the required filters, and click Done. You can select multiple search criteria from the following options:
      • Asset
      • Asset Tag
      • Operating System

      • Status

        Important

        When you select the Asset, Operating System and Status filters, you can click Select all to select all the sub-criteria, and click Clear all to clear your selection.

        The assets that match the search results are displayed.

  8. Choose the assets or network devices for which the exception is to be created.
  9. Click Save to create the exception. 
    It appears on the Manage Exceptions page. Depending on the start date, the status is either Active (if Start Date is the current date) or Enabled (if Start Date is a future date). You can create a remediation operation when the exception is in the Enabled state. If an exception is permanent, its end date is displayed as NA.

Important

If you create a remediation operation for a vulnerability and then create an exception on that vulnerability, the vulnerability is still remediated. However, the exception is considered in the remediation operations that are created after the exception was created. 

Viewing exceptions

On the Manage Exceptions page, view the following details:

  • Exception Name and justification
  • Owner
  • Start and End Dates
  • Created and Updated Dates
  • Status

To search for an exception, enter an exception name or status, and click search.png.

Click the exception name to view details.

  • As a non-administrative operator user, you can see the list of applicable vulnerabilities and impacted assets or network devices.
  • As an administrator, to view additional details for an active exception, click View Vulnerability and Asset Combination
    The vulnerability, severity level, CVE IDs, and the total number of impacted assets are displayed.

Disabling and enabling an exception

You can disable an exception if you want it to be inactive for a while. 

On the Manage > Manage Exceptions page, do the following: 

  • Select an exception and click Actions >Disable and click Continue
    The exception status changes to Disabled. It still appears in the exceptions list. 
  • Select an exception and click Actions >Enable.
    The exception status changes to Enabled. The exception becomes Active on the start date. 

When you disable an exception, vulnerabilities appear on the Risks page and are available for remediation. On the Vulnerability Dashboard, the Vulnerabilities by Stage widget reflects the changes. If you disable an older exception (not created today), data in the Vulnerability Trend widget is not updated immediately as the trend widget is refreshed at 12 AM UTC every night.

Extending an exception date

On the Manage > Manage Exceptions page, do the following:

  1. Select an exception and click Actions > Edit Exception Date.
  2. Select a new end date.
  3. Click Save.

Important

For Expired exceptions, you can edit both the start and end dates. For exceptions in an Active, Enabled, or Disabled states, you can only edit the end date.

Deleting an exception

You can delete an exception in any state. When an exception is deleted, you can create remediation operation for the vulnerabilities on the assets.

On the Manage > Manage Exceptions page, do the following:

  1. Select an exception and click Actions > Delete.
  2. Click Continue.

What happens to an exception when I delete a scan file?

All vulnerabilities are deleted from the exception unless they exist in some other scan file. Exception status remains the same.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*