1. Knowledge Base
  2. Utilizing Unified VRM

How To Risk Accept a Vulnerability

This page walks you through how to risk accept vulnerabilities in Unified VRM to align your risk decisions to your Unified VRM reports.

Before you begin

To risk accept a vulnerability, you must have admin privileges to the platform.

Risk accept vulnerabilities

You can use risk accept rules to accept the risk of a vulnerability without modifying the severity level of the plugin. Vulnerabilities that have been risk accepted are still tracked, but hidden in Prioritization. To view accepted vulnerabilities, you can use the Risk Accept filter.

False Positives

You can use an accept rule to report false positives. NopSec, Inc. reviews reported false positives in order to identify potential issues with a scanner's plugin.

Risk acceptance scanner import

Unified VRM imports risk accepted vulnerabilities from the following scanners upon initial integration sync:

  • Qualys VM
  • Tenable.io VM
  • Rapid7 InsightVM (coming soon)

Risk acceptance scanner sync

Unified VRM pushes risk acceptance decisions to the following scanners:

  • Qualys VM
  • Rapid7 Insight VM (coming soon)

Tenable.io VM does not support syncing risk acceptance via integrations.