Versions Compared

Old Version 5

changes.mady.by.user Nathan O'Hare

Saved on

compared with

New Version 6

changes.mady.by.user Nathan O'Hare

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Introduction

Prism's Issue Suppression feature allows you to choose which issues or affected instances managed in Prism you'd like to prevent from being reported as open/published/active issues. This feature is useful in a variety of situations, some examples being:

...

Note

IMPORTANT NOTE: Issue Suppression does not work retrospectively and works from the point at which you invoke suppression. Therefore, when you suppress an issue or an affected instance of an issue, Prism will not suppress historic or existing issues, only future issues that are imported.

Suppression Types: Issue-Level vs Instance-Level

There are two types of Issue Suppression you can utilise in Prism:

  1. Issue-Level Suppression - this will suppress an entire issue regardless of the affected instances/hosts for the issue. Any future scans/tests that contain a matching issue will be suppressed. By performing Issue-level suppression, Prism will update the issue's status to "Suppressed" and consider the whole issue as 'Closed'.

  2. Instance-Level Suppression will suppress only an affected instance for an issue - For example, if an issue contains multiple affected instances (e.g hosts), you can choose to suppress only certain instances affected by the issue. Any future scans/tests that contain both a matching issue & instance combination will be suppressed. Prism will consider the issue as 'Open', but the affected instance/host will have their status updated to "Suppressed"

...

Suppression Time: Indefinite vs Date-Based

Both Issue-Level and Instance-Level suppression allow suppression to occur indefinitely or until a specified date in the future.

  • For Indefinite Suppression, Prism will automatically apply the "Suppressed" status to future issues or instances without an end date.

  • For Date-Based Suppression, Prism will automatically apply the "Suppressed" status to future issues or instances until the specified date has passed. After the date has passed, the issue or instance will return to a status of "Published" (for an Issue), or "Vulnerable" (for an instance)

Suppressing an Issue

Issue-Level suppression is performed from within a scan/phase only.

...

  1. In the window, you have options to specify the scope of the suppression:

    • This Project Only - This will limit the scope of the suppression to the same issues identified within the current Project. Other projects in the platform will not be affected by this suppression action. When you choose this option, a “Suppress until” field will appear

    • Platform Wide - This will expand the scope of the suppression across the entire platform tenant. Where this issue appears in the current project as well as all other projects, suppression will be applied. When you choose this option, a “Suppress until” field will appear

  2. Optionally, after selecting the scope, the “Suppress until” field will appear where you can choose to set a date in the future for Date-Based Suppression, or leave the date field blank for Indefinite Suppression

  3. Reason - a reason for suppression is mandatory and must be entered here before committing the action to Prism

  4. Click ‘Submit’ to save the suppression instruction

Suppressing an Instance

Instance-Level suppression is performed from within an Issue only.

...

  1. In the window, you have options to specify the scope of the suppression:

    • This Project Only - This will limit the scope of the suppression to the same issue & instance combination identified within the current Project. All future scans/tests in the current project containing this issue & instance combination will be suppressed. Other projects in the platform will not be affected by this suppression action. When you choose this option, a “Suppress until” field will appear

    • Platform Wide - This will expand the scope of the suppression across the entire platform tenant. Suppression will be applied wherever this issue & instance combination appears in future tests/scans. When you choose this option, a “Suppress until” field will appear

  2. Optionally, you can choose to set a date in the future for Date-Based Suppression, or leave the date field blank for Indefinite Suppression

  3. Reason - a reason for suppression is mandatory and must be entered here before committing the action to Prism

  4. Click ‘Submit’ to save the suppression instruction

Issue Rules: Suppressed Issues

For each suppression instruction committed to Prism, an entry under the “Issue Rules” will appear that describes the suppression instruction

...