Showing results for 
Search instead for 
Did you mean: 
Level 10

Ignoring tickets and 'scan once, report many'

I am confused about reporting and ignoring tickets.

Let's say that we have a couple of smtp relays set up for business purposes, and that we've mitigated the risk involved with them to the extent we can with firewall rules, etc.

Since we're not going to get rid of those particular vulnerabilities, we ignore the tickets associated with them.  However, we still want to find and remediate any other smtp relays that pop up.

Ignored tickets will cause those vulnerabilities to stop showing up in scan reports; the Foundscore in scan reports won't be dinged by those ignored vulnerabilities.

However, asset reports (and their Foundscores) aren't changed by ignoring tickets; those vulnerabilities still show up in the reports and are factored into the Foundscores.

Is the above correct?  It seems to be based on what I've read here in the discussion group and a little testing.

How does this fit with the 'scan once, report many' model?  It looks to me like every time I want a report that doesn't include those ignored vulnerabilities/tickets, I need to run a scan.  I also prefer the reporting features available with asset reports (e.g. asset filters), but I can't combine that functionality with the ignored tickets functionality on one report.

Am I  missing something?

We are running 7.0.3.  I am relatively new to MVM.


0 Kudos