This page walks you through how to risk accept vulnerabilities in Unified VRM to align your risk decisions to your Unified VRM reports.
Before you begin
To risk accept a vulnerability, you must have admin privileges to the platform.
Risk accept vulnerabilities
You can use risk accept rules to accept the risk of a vulnerability without modifying the severity level of the plugin. Vulnerabilities that have been risk accepted are still tracked, but hidden in Prioritization. To view accepted vulnerabilities, you can use the Risk Accept filter.
False Positives
You can use an accept rule to report false positives. NopSec, Inc. reviews reported false positives in order to identify potential issues with a scanner's plugin.
Risk acceptance scanner import
Unified VRM imports risk accepted vulnerabilities from the following scanners upon initial integration sync:
- Qualys VM
- Tenable.io VM
- Rapid7 InsightVM (coming soon)
Risk acceptance scanner sync
Unified VRM pushes risk acceptance decisions to the following scanners:
- Qualys VM
- Rapid7 Insight VM (coming soon)
Tenable.io VM does not support syncing risk acceptance via integrations.