• EnglishEspañol日本語한국어Português
  • Log inStart now

Change vulnerability status

New Relic Vulnerability Management may detect a good amount of vulnerabilities across your system. Most of these vulnerabilities may need remediation, but some might be not be applicable to your environment, or your internal policies might categorize them as low risk or limited exposure due to how your systems leverage the potentially vulnerable component.

Understanding that you may want to tailor your visibility by entity or criticality, New Relic Vulnerability Management allows you to manage your vulnerabilities by:

  • Assigning individual entities to an Ignored status so their vulnerabilities no longer appear in Vulnerability Management
  • Ignoring a certain kind of vulnerability in bulk so it no longer appears across multiple entities
  • Removing the Ignored status at a later date if you want to view and review those vulnerabilities again

Ignore a vulnerability

You can manually ignore vulnerabilities on a per entity basis. Once you set the status of an instance to Ignored, we’ll exclude this instance from the summary tiles and vulnerability list by default. Other instances of this vulnerability on other entities will still keep the Affected status.

Change Ignored status to Affected

It's good practice to review ignored vulnerabilities and validate whether they should stay ignored. Changing the status from Ignored to Affected reintroduces the vulnerability back into default views and counts on this entity, but other instances of this vulnerability on other entities will still remain ignored.

Surface vulnerabilities assigned Ignored

Before you assign Ignored to a vulnerability or entity, it's important to understand that the change affects how other code owners manage that particular instance. For example, marking a vulnerability or entity as Ignored prevents other users with account access from seeing that vulnerability.

  • You can surface Ignored vulnerabilities with the filter bar. From the filter bar, you can add Status = Ignored to view Ignored vulnerabilities.
  • From the the Vulnerabilities table, select Ignored to surface ignored vulnerabilities.

At a minimum, we recommend reviewing your vulnerabilities every 90 days to ensure you aren't introducing risk into your system.

Why ignore a vulnerability?

When you choose to ignore a vulnerability, you'll be prompted to explain the rationale behind the decision. For example, you might say that the vulnerable code is not used in the system, and therefore isn't currently relevant for maintaining the system. We recommend that when you give this context, you also provide supplemental documentation when possible.

We'll also prompt you to set a duration for the Ignored status. Vulnerability Management will perform an automatic update that changes it from Ignored to Affected. If an instance is already considered No Longer Detected, the status will remain no longer detected.

Permissions

Can't change a vulnerability status? Ask your administrator if you have permissions.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.