The Platform’s Issue Suppression feature allows you to choose which issues or affected instances managed in the platform you'd like to prevent from being reported as open/published/active issues. This feature is useful in a variety of situations, some examples being:
you have a legacy asset that is due to be decommissioned/replaced, and any reported issues will not be remediated
you have an issue where remediation is not feasible or available
IMPORTANT NOTE: Issue Suppression does not work retrospectively and works from the point at which you invoke suppression. Therefore, when you suppress an issue or an affected instance of an issue, the platform will not suppress historic or existing issues, only future issues that are imported. |
There are two types of Issue Suppression you can utilise in the platform:
Issue-Level Suppression - this will suppress an entire issue regardless of the affected instances/hosts for the issue. Any future scans/tests that contain a matching issue will be suppressed. By performing Issue-level suppression, the platform will update the issue's status to "Suppressed" and consider the whole issue as 'Closed'.
Instance-Level Suppression will suppress only an affected instance for an issue - For example, if an issue contains multiple affected instances (e.g hosts), you can choose to suppress only certain instances affected by the issue. Any future scans/tests that contain both a matching issue & instance combination will be suppressed. The platform will consider the issue as 'Open', but the affected instance/host will have their status updated to "Suppressed"
Both Issue-Level and Instance-Level suppression allow suppression to occur indefinitely or until a specified date in the future.
For Indefinite Suppression, the platform will automatically apply the "Suppressed" status to future issues or instances without an end date.
For Date-Based Suppression, the platform will automatically apply the "Suppressed" status to future issues or instances until the specified date has passed. After the date has passed, the issue or instance will return to a status of "Published" (for an Issue), or "Vulnerable" (for an instance)
Issue-Level suppression is performed from within a scan/phase only.
Navigate to the relevant Project, then the relevant scan/phase within that Project
Under the "Issues Overview" tab within a scan/phase, identify the issue you'd like to suppress, click the three-dots to the right of the issue and select "Suppress Issue"
In the window, you have options to specify the scope of the suppression:
This Project Only - This will limit the scope of the suppression to the same issues identified within the current Project. Other projects in the platform will not be affected by this suppression action. When you choose this option, a “Suppress until” field will appear
Platform Wide - This will expand the scope of the suppression across the entire platform tenant. Where this issue appears in the current project as well as all other projects, suppression will be applied. When you choose this option, a “Suppress until” field will appear
Optionally, after selecting the scope, the “Suppress until” field will appear where you can choose to set a date in the future for Date-Based Suppression, or leave the date field blank for Indefinite Suppression
Reason - a reason for suppression is mandatory and must be entered here before committing the action to the platform
Click ‘Submit’ to save the suppression instruction
Instance-Level suppression is performed from within an Issue only.
Navigate to the relevant Project, then the relevant scan/phase within that Project
Under the "Issues Overview" tab within a scan/phase, identify and click into an issue that contains an affected instance you;d like to suppress, click the three-dots to the right of the affected instance and select "Suppress Issue Host"
In the window, you have options to specify the scope of the suppression:
This Project Only - This will limit the scope of the suppression to the same issue & instance combination identified within the current Project. All future scans/tests in the current project containing this issue & instance combination will be suppressed. Other projects in the platform will not be affected by this suppression action. When you choose this option, a “Suppress until” field will appear
Platform Wide - This will expand the scope of the suppression across the entire platform tenant. Suppression will be applied wherever this issue & instance combination appears in future tests/scans. When you choose this option, a “Suppress until” field will appear
Optionally, you can choose to set a date in the future for Date-Based Suppression, or leave the date field blank for Indefinite Suppression
Reason - a reason for suppression is mandatory and must be entered here before committing the action to the platform
Click ‘Submit’ to save the suppression instruction
For each suppression instruction committed to the platform, an entry under the “Issue Rules” will appear that describes the suppression instruction
You can access Issue Rules as follows:
Navigate to “Results” → “Issue Rules”
Select the “Suppressed Issues” tab:
You can use the Cogs in the column headers to toggle between different data for the displayed Issue Rules
