Applying a vulnerability exception rule

In IBM QRadar Vulnerability Manager, you can manually apply a vulnerability exception rule to a vulnerability that you decide does not pose a significant threat.

If you apply an exception rule, the vulnerability is no longer displayed in QRadar Vulnerability Manager search results. However, the vulnerability is not removed from QRadar Vulnerability Manager.

Procedure

  1. Click the Vulnerabilities tab.
  2. In the navigation pane, click Manage Vulnerabilities > By Network.
  3. Optional: Search your vulnerability data. On the toolbar, click Search > New Search.
  4. Click the Vulnerability Instances column link.
  5. Select the vulnerability that you want to create an exception rule for.
  6. On the toolbar, select Actions > Exception.
  7. In the Exception Rule field, select an expiry option.
  8. To provide a reason for the exception, select a reason from the Reason list.
  9. In the Assets field, select your target assets for the exception rule by choosing from the following options:
    • To apply the exception to all assets, select Exception vulnerability for all assets.
    • To apply the exception to a specific asset, select Exception for specific asset with current IP.

      By default, the asset that is associated with the vulnerability that you selected in Step 5 is selected.

    • To apply the exception to a specific IP address, CIDR, or network, enter the details, select your domain and click Add.

      If you select a specific network from your network hierarchy, the exception applies only to the IP addresses in that network. For example, if an IP address is assigned to two networks in the network hierarchy, the exception does not apply to that same IP address in the second network, unless you specify it as an exception.

  10. In the Notes field, enter comments in the Comments text box.
  11. Click Save or Cancel.