The following fields in the Basic Details wizard page of an Exception Request must be specified when creating an exception.
Title : Enter the text to name the exception request.
Vulnerability Scope: Click to view a list of options. When you select an option the Exception Request Basic Details page will alter depending on your selection.
Vulnerability Definition(s): Use this option to create an exception for one or more vulnerability definitions. This will apply an exception for one or more vulnerabilities across a range of entities.
The Basic Details page of the Exception Request wizard.
- Optional: Click + to open the Select Vulnerabilities dialog to browse for one or more vulnerabilities. The exception will be linked to any vulnerabilities selected.
The Select Vulnerabilities dialog.
- Optional: Click + to open the Select Vulnerabilities dialog to browse for one or more vulnerabilities. The exception will be linked to any vulnerabilities selected.
- Common Platform Enumeration(s): Creating an exception for a CPE can save you a lot of time if you have a technology that you are unable to patch that has multiple CVEs. This allows you to create a single exception for the CPE, instead of an exception for each vulnerability tied to the CPE. For example, if a version of your router operating system embeds an outdated Java version, you can create an exception for the router OS, and therefore not be required to patch the outdated Java version until a router OS patch is available.
Selecting this option will apply the exception to all new and existing vulnerabilities attached to all new and existing CVEs mapped to the selected CPE. - Apply To All Vuln Definitions for selected Entity(s): The exception will apply to all vulnerability definitions for the selected entities and entity collections options. This option is useful for servers that you don't want to apply any patches to. For example, an e-commerce provider may restrict that its servers are not allowed to be patched during the holiday shopping season.
Entities Scope: Click this field to view a list of options to define the vulnerability scope on the entities:
- Apply to All Instances: Applies the exception to all instances of the vulnerability or CPE.
Selecting this option along with Vulnerability Definitions or Common Platform Enumeration(s) in the Vulnerability Scope field will make the exception automatically apply to all new and existing vulnerabilities created with the specified definitions. - Select Entities: Confines the exception to the chosen entities.
Selecting this option along with Apply To All Vuln Definition for selected Entity(s) in the Vulnerability Scope field will make the exception automatically apply to all new and existing vulnerabilities created with the specified definitions. - Others: Add the scope in a text description if you're not able to select specific entities.
- Apply to All Instances: Applies the exception to all instances of the vulnerability or CPE.
Reason for Exception : Explain why the exception is required.
Compensatory Controls : Select compensating controls, if applicable, that will offset the risk of the vulnerabilities.
Start Date : Select a date from when you want to start applying the exception.
- End Date: If the exception is for a specific period, select an end date. Otherwise, leave this field empty if the exception is on-going.
Next Review : Select the date and time that the exception should be reviewed by next. This is just a memo field and will not send any notification.
- Override Compliance Score: Enter a value to override the compliance score.
