I can't really speak for how customers handle the ticketing, but I definitely wanted to weigh in that "unpatchable vulnerabilities" doesn't mean NOT VULNERABLE. I would think that even if a vulnerability didn't have a patch, you would most assuredly want to report on it? Ignore or False Positive Acknowledged probably isn't the best method...
Thanks for your reply.
I agree with you. I want the unpatchable vulnerabilities to be reported on the scans. If I didn't want them, I'd just mark them as false-positives (or disable them from the scan).
Vulnerabilities marked as "ignored" are reported on "asset reports" but not "scan reports" (as they should). This affects the risk assessment on the dashboard (as it uses the scan reports and not the asset reports in order to gather data).