You can mark vuln instances Closed in bulk by using a lifecycle rule or you can delete instances in bulk.
Last Updated 4/29/2024
Overview
There may be instances where vuln instances are not being marked closed by your scanner but you've verified that they are indeed closed, however, NopSec relies on your scanner as the source of truth and will continue showing them as Open. In this case you have two options, select the items you think are no longer truly active and create an Exception Plan as False Positives or enable a Lifecycle rule to close them or delete them.
You can now create Lifecycle rules within your Settings page.
Walkthrough
Permissions
Users must have settings.write permissions in order to enable and configure a Lifecycle Rule.
Last Detected Date
In order to test what vuln instances would be marked closed or deleted if a rule were to be enabled, use the following query in your Prioritize page:
instance.last_detected_date < "-Xd"
- Replace X with the number of days you'd like to use.
- This query is using a relative date syntax and reads as:
- Find all instances with a last detected date before (<) Today minus X days (d).
Close Rules
You can enable or disable the Vuln Instance Close rules in your Settings | Lifecycle tab.
If you enable the rule you can place a number which the number of Days you would like use in the query above.
Once you've placed a number you can hit Save at the top of the screen.
Note: This number must always be lower than your Vuln Instance Deletion rules (if enabled).
Deletion Rules
You can enable or disable the Vuln Instance Deletion rules in your Settings | Lifecycle tab.
If you enable the rule you can place a number which the number of Days you would like use in the query above.
Once you've placed a number you can hit Save at the top of the screen.
Note: This number must always be higher than your Vuln Instance Close rules (if enabled).
Rule Schedule
The lifecycle rules will run once a day at the end of the day around 10:00 pm to 12:00 am EST.