In the first part of this series, I discussed how false positives can be generated. In this post I’ll walk you through how to create an exception for false positives within Halo so they will no longer be reported.
Creating Vulnerability Exceptions in Halo
Once we know a reported vulnerability is a false positive, we can create an exception for it in Halo. Log on to your Halo account and click the “Software” icon. You can the click on a group name, followed by a server name, to get a list of potential vulnerabilities found on that server. Each vulnerability will appear similar to Figure 1.
As discussed in the last post, we determined that these two CVE issues were actually a false positive due to backporting version issues. With this in mind, let’s add an exception for them so they no longer appear in our vulnerability reports. To the right of each listed vulnerability you’ll see an “Add Exception” button. Clicking this button produces the software exception screen shown in Figure 2.
Note that we can create this exception for this one server, all servers in the group, or all servers within your account. You can even define how long you want this exception to be in place. Since we verified the system is in fact patched, we may wish to make this exception permanent.
Once complete, we can click the “Save” button. This will write the exception back to the grid. When we are returned to the software risks screen, the entry will still be listed but the two CVE entries will be crossed out. Rerunning a new scan will cause the entry to be remove from report completely.
That’s all there is too it!