-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #17229 from newrelic/tech-writer-review-edits
(PUBLISH: 5-13): Vulnerability "Ignored" feature doc (description)
- Loading branch information
Showing
17 changed files
with
204 additions
and
0 deletions.
There are no files selected for viewing
202 changes: 202 additions & 0 deletions
202
src/content/docs/vulnerability-management/change-vulnerability-status.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,202 @@ | ||
| --- | ||
| title: Change vulnerability status | ||
| metaDescription: Use Vulnerability Management to overcome blindspots and assign remediation to developers as a security team. | ||
| freshnessValidatedDate: never | ||
| --- | ||
|
|
||
| import vmIgnoreEntityVulnList from 'images/security_screenshot-ignore-entity-vulnlist.webp' | ||
|
|
||
| import vmIgnoreEntityDetails from 'images/security_screenshot-ignore-entity-details.webp' | ||
|
|
||
| import vmIgnoreEntityForm from 'images/security_screenshot-ignore-entity-form.webp' | ||
|
|
||
| import vmIgnoreBulkVulnList from 'images/security_screenshot-ignore-bulk-vulnlist.webp' | ||
|
|
||
| import vmIgnoreBulkDetails from 'images/security_screenshot-ignore-bulk-details.webp' | ||
|
|
||
| import vmIgnoreBulkForm from 'images/security_screenshot-ignore-bulk-form.webp' | ||
|
|
||
| import vmAffectedEntityVulnList from 'images/security_screenshot-affected-entity-vulnlist.webp' | ||
|
|
||
| import vmAffectedEntityDetails from 'images/security_screenshot-affected-entity-details.webp' | ||
|
|
||
| import vmAffectedEntityFiltered from 'images/security_screenshot-affected-entity-filtered.webp' | ||
|
|
||
| import vmAffectedEntityForm from 'images/security_screenshot-affected-entity-form.webp' | ||
|
|
||
| import vmAffectedBulkVulnList from 'images/security_screenshot-affected-bulk-vulnlist.webp' | ||
|
|
||
| import vmAffectedBulkSelection from 'images/security_screenshot-affected-bulk-selection.webp' | ||
|
|
||
| import vmAffectedBulkDetails from 'images/security_screenshot-affected-bulk-details.webp' | ||
|
|
||
| import vmAffectedBulkForm from 'images/security_screenshot-affected-bulk-form.webp' | ||
|
|
||
| New Relic Vulnerability Management may detect an overwhelming amount of vulnerabilities across your system. Most of these vulnerabilities may need remediation, but many might be low risk, or have limited external exposure. You can manage your vulnerabilities by: | ||
|
|
||
| * Assigning individual entities the `Ignored` status so their vulnerabilities no longer appear in Vulnerability Management | ||
| * Ignoring a certain kind of vulnerability in bulk so it no longer appears across multiple entities | ||
| * Removing the `Ignored` status at a later date if you want to detect those vulnerabilities again | ||
|
|
||
| ## Ignore a vulnerability [#ignore-vulnerability] | ||
|
|
||
| You can manually ignore vulnerabilities on a per entity basis. Once you set the status of an instance to `Ignored`, we’ll exclude this instance from the summary tiles and vulnerability list by default. Other instances of this vulnerability on other entities will still keep the `Affected` status. | ||
|
|
||
| <CollapserGroup> | ||
| <Collapser | ||
| id="ignore-entity" | ||
| title="Ignore a vulnerability for a specific entity" | ||
| > | ||
|
|
||
| 1. Go to **[one.newrelic.com](https://one.newrelic.com/) > All entities > (select your entity) > Vulnerability Management** > Click the **Vulnerabilities** tab, then select the vulnerability you want to ignore. If you don't see the vulnerability you want to manage, it might already have the `Ignored` status. | ||
|
|
||
| <img | ||
| title="Vulnerabilities tab scoped to a specific entity" | ||
| alt="An image showing the scoped vulnerabilities tab of Vulnerability Management" | ||
| src={vmIgnoreEntityVulnList} | ||
| /> | ||
|
|
||
| 1. To update the status to `Ignored`, click the **Change to ignored** button. | ||
|
|
||
| <img | ||
| title="Vulnerability instance details pages" | ||
| alt="An image showing the change to ignored button on vulnerability instance details page" | ||
| src={vmIgnoreEntityDetails} | ||
| /> | ||
|
|
||
| 1. Fill out the form to explain the reasoning behind ignoring this vulnerability. Include a time period that the vulnerability should be ignored. | ||
|
|
||
| <img | ||
| title="Vulnerability instance details form" | ||
| alt="An image showing the ignore form on vulnerability instance details page" | ||
| src={vmIgnoreEntityForm} | ||
| /> | ||
|
|
||
| </Collapser> | ||
| <Collapser | ||
| id="bulk-ignore" | ||
| title="Ignore a vulnerability across multiple instances" | ||
| > | ||
|
|
||
| 1. Go to **[one.newrelic.com](https://one.newrelic.com/) > All capabilities > Vulnerability Management** > Click the **Vulnerabilities** tab, then choose the vulnerability you want to ignore. By default, this vulnerability view filters To vulnerabilities where at least one entity is marked `Affected`. | ||
|
|
||
| <img | ||
| title="Vulnerabilities tab for all entities" | ||
| alt="An image showing the all entities vulnerabilities tab of Vulnerability Management" | ||
| src={vmIgnoreBulkVulnList} | ||
| /> | ||
|
|
||
| 1. Referring to **Area of Impact**, select each entity you want to ignore, then click the **Change to ignored** button. | ||
|
|
||
| <img | ||
| title="Vulnerabilities details" | ||
| alt="An image showing the selection of specific entities" | ||
| src={vmIgnoreBulkDetails} | ||
| /> | ||
|
|
||
| 1. Fill out the form to explain the reasoning behind ignoring th is vulnerability. Include a time period that the vulnerability should be ignored. | ||
|
|
||
| <img | ||
| title="Vulnerabilities details form " | ||
| alt="An image showing the ignore form on vulnerability instance details page" | ||
| src={vmIgnoreBulkForm} | ||
| /> | ||
| </Collapser> | ||
| </CollapserGroup> | ||
|
|
||
| ## Change Ignored status to Affected [#bulk-manage] | ||
|
|
||
| It's good practice to review ignored vulnerabilities and validate whether they should stay ignored. Changing the status from Ignored to Affected reintroduces the vulnerability back into default views and counts on this entity, but other instances of this vulnerability on other entities will still remain ignored. | ||
|
|
||
| <CollapserGroup> | ||
| <Collapser | ||
| id="remove-ignored" | ||
| title="Remove ignored status for a specific entity" | ||
| > | ||
|
|
||
| 1. Go to **[one.newrelic.com](https://one.newrelic.com/) > All entities > (select the entity you want to update) > Vulnerability Management** > Click the **Vulnerabilities** tab. | ||
| 1. Update the filter from `Status = Affected` to `Status = Ignored`. This updates the default `Affected` view to instead display all the ignored vulnerabilities. | ||
|
|
||
| <img | ||
| title="Vulnerabilities tab scoped to a specific entity" | ||
| alt="An image showing the scoped vulnerabilities tab of Vulnerability Management with filter tab open" | ||
| src={vmAffectedEntityVulnList} | ||
| /> | ||
|
|
||
| 1. Choose the vulnerability that you want to update, then click **Change to affected**. | ||
|
|
||
| <img | ||
| title="Vulnerabilities tab scoped to a specific entity and only ignored instances" | ||
| alt="An image showing the scoped vulnerabilities tab of Vulnerability Management filtered to only ignored instances" | ||
| src={vmAffectedEntityDetails} | ||
| /> | ||
|
|
||
| 1. Fill out the form to explain the reasoning behind changing this vulnerability to `Affected`. | ||
|
|
||
| <img | ||
| title="Vulnerability instance details form" | ||
| alt="An image showing the affected form on vulnerability instance details page" | ||
| src={vmAffectedEntityForm} | ||
| /> | ||
|
|
||
| </Collapser> | ||
| <Collapser | ||
| id="bulk-change-status" | ||
| title="Remove Ignored status across multiple instances" | ||
| > | ||
|
|
||
| 1. Go to **[one.newrelic.com](https://one.newrelic.com/) > All capabilities > Vulnerability Management** > Click the **Vulnerabilities** tab | ||
| 1. From the settings cog, click the **Ignored** checkbox. This adds an ignore column to your vulnerability table. | ||
|
|
||
| <img | ||
| title="Vulnerabilities tab with ignored column added" | ||
| alt="An image showing the all entities vulnerabilities tab with an ignore column added" | ||
| src={vmAffectedBulkVulnList} | ||
| /> | ||
|
|
||
| 1. Select a vulnerability with an **Ignored** count greater than 0. | ||
| 1. Update the filter from `Status = Affected` to `Status = Ignored`. | ||
|
|
||
| <img | ||
| title="Vulnerabilities details" | ||
| alt="An image showing the vulnerability details page with the status dropdown open" | ||
| src={vmAffectedBulkDetails} | ||
| /> | ||
|
|
||
| 1. In the **Area of Impact** section, select the entities you want to mark `Affected`. | ||
|
|
||
| <img | ||
| title="Vulnerabilities details with instances selected" | ||
| alt="An image showing the vulnerability details page with affected instances selected" | ||
| src={vmAffectedBulkSelection} | ||
| /> | ||
|
|
||
| 1. Fill out the form to explain the reasoning behind changing this vulnerability to `Affected`. | ||
|
|
||
| <img | ||
| title="Vulnerabilities details with form open" | ||
| alt="An image showing the vulnerability details page with form to change instances to affected" | ||
| src={vmAffectedBulkForm} | ||
| /> | ||
|
|
||
| </Collapser> | ||
| </CollapserGroup> | ||
|
|
||
| ## Surface vulnerabilities assigned `Ignored` [#surface-vulnerabilities] | ||
|
|
||
| Before you assign `Ignored` to a vulnerability or entity, it's important to understand that the change affects how other code owners manage that particular instance. For example, marking a vulnerability or entity as `Ignored` prevents other users with account access from seeing that vulnerability. | ||
|
|
||
| * You can surface `Ignored` vulnerabilities with the filter bar. From the filter bar, you can add `Status = Ignored` to view `Ignored` vulnerabilities. | ||
| * From the the **Vulnerabilities** table, select **Ignored** to surface ignored vulnerabilities. | ||
|
|
||
| At minimum, we recommend reviewing your vulnerabilities every 90 days to ensure you aren't introducing risk into your system. | ||
|
|
||
| ## Why ignore a vulnerability? [#why-ignore] | ||
|
|
||
| When you choose to ignore a vulnerability, you'll be prompted to explain the rationale behind the decision. For example, you might say that the vulnerable code is not used in the system, and therefore isn't currently relevant for maintaining the system. We recommend that when you give this context, you also provide supplemental documentation when possible. | ||
|
|
||
| We'll also prompt you to set a duration for the `Ignored` status. Vulnerability Management will perform an automatic update that changes it from `Ignored` to `Affected`. If an instance is already considered **No Longer Detected**, the status will remain no longer detected. | ||
|
|
||
| ## Permissions [#permissions] | ||
|
|
||
| Can't change a vulnerability status? Ask your administrator if you have permissions. |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file added
BIN
+241 KB
src/images/security_screenshot-ignore-security_screenshot-ignore-bulk-vulnlist.webp
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters