Marking an Issue as False Positive

Owned by Jonathan Bellard
Last updated: Apr 12, 2024 by Nathan O'Hare
1 min read

Marking an Issue as a False Positive in the Platform

If you identify an issue that you believe is incorrectly reported or not relevant, you can mark it as a false positive directly through the Platform.

Marking an issue as False Positive will only affect that occurrence of the issue. In other words, future occurrences of the same issue (on the same affected instance) will be reported when updated scan data is imported to the Platform

This is especially applicable to regular vulnerability scans being imported into the Platform, since issues previously marked as False Positive will continue to be discovered and reported in subsequent scans.

If an issue needs to be suppressed from reporting either indefinitely or until a specific date in the future, perhaps because there are plans to mitigate the issue in the future, please use Issue Suppression feature

Steps to Mark an Issue as a False Positive:

  1. Access Issues Interface: Go to the Issues interface located under Results on the menu.

  2. Select Issue: Choose the issue you wish to mark as a false positive from the table.

  3. Initiate False Positive Process: Under Affected Hosts, click the ‘three dots’ button on the right-hand side.

  4. Mark as False Positive: Select ‘False positive…’ from the options.

  5. Explain Your Reasoning: Enter your rationale in the comment box and add any relevant attachments.

  6. Save: Click ‘Save comment’ to apply the change.

Bulk Status Changes: You can also change the statuses of multiple issues at once. Find out how to do this here: https://rootshellsecurity.atlassian.net/wiki/spaces/PK/pages/1304526857