Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Purpose

This document describe how to mark a finding as a false positive.

Introduction

When you want to mark a finding as a false positive because you do not know why the scanner is finding a risk that it is not supposed to pick up on.

Report a False Positive

Prerequisites

Before you start make sure that the False Positive column is activated to show the status of the findings.

To activate the column:

  1. Click on the down pointing arrow in any column heading.
  2. Select Columns > False Positive in the displayed menu.

    FalsePositive01


Reporting

To report a false positive:

  1. Go to Main Menu > Netsec > Reporting Tools.
  2. Select a group in Target Group.
  3. In the Findings tab, select the finding to mark as false positive.
    Multiple findings can be selected by pressing the CTRL or the SHIFT key while clicking on the findings.
  4. Right click on finding or groups of findings and select Mark as False Positive.
  5. The Mark False Positive window is displayed.



  6. Select if this mark should cover Only this scan or All future scans.
  7. Select Disable the script in scan policy, if you do not want the script to run again.
  8. In the Internal Comment window leave comments as to why you think it should be marked as false positive.
  9. If this comment should be shown in future scans select the Show comment on future findings.
  10. Comment in Additional information to Outpost24 if you want to inform Outpost24 Vulnerability Research team. This information will be used to further improve the vulnerability database.
  11. Include blueprints for the Outpost24 Vulnerability Research team.
  12. And select Send email using external email client.
  13. Once all of the information is filled out, click Save.


A False Positive will still be listed in the results, but will be marked as a false positive in the exported report.

To unmark an entry as a false positive, select Unmark as False Positive.

Reference

Reporting Tools