Hello everyone,
I want to address an idea on how to handle vulnerability exceptions and would like to know if this is something others would also appreciate. We have, let’s say, 5 assets with the vulnerability “Apache Tomcat: Obsolete version.” Additionally, there are 38 more unique vulnerabilities deriving from the one described above. Currently, I need to create temporary vulnerability exceptions for all these 5 assets because the asset owners need more time to upgrade their systems. I have created an asset group so that I can apply the vulnerability exception for “Apache Tomcat: Obsolete version” to these 5 assets.
However, it would be even better if I had the option to create a vulnerability group (in this case, a group with 38 Apache vulnerabilities). In the end, I could create a temporary exception for the asset group, including the newly created vulnerability group.
With the current possibilities, I have to create 38 separate exceptions for each unique vulnerability, which is really cumbersome.
Or maybe there is another way to do this, and I am not aware of it. I have already created a case: 08749378 for this idea.
Would appreciate hearing thoughts from others on this approach.
UPDATE 23.12.2024 (Case Update):
Dear David,
Your Rapid7 support case “Idea - Vulnerability Exception Handling”, case #08749378, has been updated with the following information:
Hi David,
We have created your enhancement request, Idea - 21140.