RiskVision provides the ability to link your exceptions to vulnerabilities or vulnerability instances. This feature provides the following types of vulnerability exceptions:
- Exempt all instances of one or more vulnerability definitions;
- Exempt some instances of one or more vulnerability definitions; and
- Exempt one or more entities or entity collections from all vulnerability instances on those chosen entities and/or entity collections.
Valid combinations of Vulnerability and Entity Scope Settings:
You can also create exceptions for inferred vulnerabilities. If you have an inferred vulnerability, and if you do not already have a vulnerability instance for it, RiskVision will automatically create a vulnerability instance. Automatically created vulnerability instances (created when an exception is created) will be treated as a manually created vulnerability instance, and they need to be manually resolved. These exceptions can be combined with vulnerability instances from scanners and manually created vulnerability instances within the same exception request. If you create an exception for a vulnerability definition that is applied to all instances of the vulnerability definition, then the exception applies to vulnerability instances originated by scanners, users, and inferred vulnerabilities.