Knowledge base
Knowledge base
Breadcrumbs

Accept Risks



Purpose

This document describes how to accept a risk so that it does not appear during the scans.

Introduction

If a risk cannot be mitigated right away, that risk can be accepted so that it will not be picked up by the tool every time a scan runs.

The risk can be accepted for ever or for a short period of time. It is customizable to what ever period of time is needed, if the risk cannot be mitigated right away.

Accepting a Risk

  1. Go to Main Menu > Netsec > Reporting Tools.

  2. Select a group in Target Group.

  3. In the Findings tab, select the finding to accept the risk on.
    Multiple findings can be selected by pressing the CTRL or the SHIFT key while clicking on the findings.

  4. Right click on finding or groups of findings and select Accept Risk.

  5. The Accept Risk window is displayed.

    Accept Risk


  6. Set a time frame for the how long the risks can be accepted:

    • Forever

    • For a number of days

    • Until a given date

  7. Set a target or target groups the risk is accepted for.

  8. Enter a Comment of why the risk has been accepted and click on Save.

Select any option to accept the risk of this vulnerability for corresponding targets. If this finding is still existing during the next scan, it will automatically import the acceptance settings as of the previous scan.

Appendix

Option

Description

Accept forever

The risk is accepted for ever and will not show up in further scans until deselected.

Accept for number of days

The risk is accepted for the set number of days. After the set days has past, the risk is presented in the scans again if not mitigated during that time.

Accept until

The risk is accepted until the given date. After the set date has past, the risk is presented in the scans again if not mitigated during that time.

Targets

A risk can be either accepted for:

  • Current Target where the findings currently exist.

  • All Currently Selected in Target window.

  • All Targets Including New targets added in the system later.

  • All target groups of current targets where currently selected targets exist.

Comment

Comment that informs the reason the risk has been accepted.

Set as default

Stores the selection made as a default setting.

Example:

Setting the selection to 5 days and then check the Set as default, the new default will be 5 days, and use those set values as the new default when accepting further risks.

If no selections are made, the original default is 30 days when checked.


Related Articles