I cannot seem to figure out how to add a bulk exclusion for vuln. ‘TLS/SSL Server is enabling the BEAST attack’ discovered on a specific port. For example, we have 1,500 vulnerabilities for this vuln on port 3389 / RDP. We need to accept risk on this specific port due to its internal and isolated with other layers of defense.
I’m hoping I do not have to add one exclusion at a time for each asset…
Per Mikko with R7 support:
At this time, we do not have the capability to exclude vulnerabilities for a specific port.
My response was:
If I have vulnerability ‘TLS/SSL Server is enabling the BEAST attack’ on 2,000 assets, and some assets have multiple instances vulnerability on multiple ports (e.g. 443, 3389). We just need to do an exclusion for that vulnerability on port 3389 as accepting risk.
I asked him to submit a feature request for this important feature.
Even though I can use a dynamic asset group with vuln. title and port, by using that asset group for the exclusion, it will not constrain it to just the port specific in the asset group. As a result, it will exclude the vuln. on all the selected assets regardless of the port it was found on…
This is a huge shortcoming in my opinion. What do y’all think?
We ran into the same issue and were disappointed we couldn’t exclude TLS/SSL vulns on 3389
1 Like
Same issue here. We also wanted to be able to exclude certain issues based on IP range; similar to what you can do in Tenable. For some SSL issues, I don’t care about them if they are on an internal machine. However, I care about them a lot of they are found on a forward facing server. In Tenable, I could do a global exclusion based on IP address and that feature is missing in R7.
1 Like
Update:
Response from R7 support:
I’ve gone ahead and created an IDEA ticket for your “Feature Request.” The ticket number is IDEA-20470, and I’ve attached it to this case for your convenience.
1 Like