Workflow (Remediation/Exception)
      Back to home
      1. Knowledge Base
      2. Analyst/Remediator Learning Path
      3. Workflow (Remediation/Exception)

      How do I create an Exception Plan?

      Select your vuln instances and click Create Exception Plan

      Overview

      An exception plan houses a group of vulnerability instances that have been determined by the organization to require more time before being remediated, or in some cases, a known expectation of not being able to remediate the vulnerability due to some specific business reason.

      Selection of Vuln Instances

      Users can select the vuln instances to be grouped within the exception plan a number of ways, however, a vuln instance can only be in ONE exception plan at a time. If a user attempts to create an exception plan with a vuln instance that exists within an exception plan already they will receive an error. The vuln instance can ALSO exist in one remediation plan.

      From Report Table

      Users can leverage the Report Table found within the Prioritize page to identify and select the vuln instances.

      1. Load a Saved Report or Query
      2. Manipulate your query as needed to identify vuln instances that need to be worked on
        1. Note: Add instance.in_plan = false to your query to find vuln instances not already in a plan.
      3. Select one or more vuln instances by clicking the checkbox on the report table row
      4. Click on "Create Exception Plan"
      5. See Exception Plan settings below

      From a Vuln Instance Details Pane or Page

      Users can create a remediation plan from within a specific vuln instance page or details pane. 

      1. Open a Vuln Instance details pane by clicking on the "Eye" icon on the row (next to the checkbox)
      2. From the Plans section (on the second row, far right section)
      3. Click on Create Exception Plan
      4. See Exception Plan settings below

      From within a Remediation Plan Details Page

      Users can create an exception from within an existing Remediation Plan. This is the preferred best practice and intended use case when working with remediation teams. A remediation team member is assigned a remediation plan and they determine that one or more of the instances cannot be remediated within the time expected so they create an exception plan.

      1. Open the specific Remediation Plan Details
      2. Select one or more vuln instances from the report table
      3. Select Create Exception Plan
      4. See Exception Plan Settings below

      Through Automated Rules

      As of 9/07 this feature is not yet available. Expect this to be available by end of Q1 2024.

      Administrators, Managers, and Automation Managers will be able to configure automated exception plan rules. Each rule consists of a Name, a Schedule, a specific Query, and the Exception Plan settings.

      Exception Plan Settings

      1. Select the Exception Type
        1. Risk Accepted = This is the base exception type, if it is not a false positive use this setting.
        2. False Positive = If you believe the vuln instance is a false positive use this.
      1. Provide a Reason (these are managed by your Admins, if a reason is missing ask your Manager or Admin to add it)
      2. Provide the Risk Accepted Until Date (this acts as the Expiration date)
      3. Provide the Exception Plan Details
        1. You may format your plan details as you wish.
      1. If you would like to attach files you may attach one or more files
      2. If you have an external approval site/ticket you'd like to link to this plan place the link
      3. Hit Create/Save