Can you modify the criteria of a vuln check to adhere to corporate policy?
e.g. “CIFS Account Lockout Policy Allows Password Brute Forcing on” is hard coded to look for a value lower than 3, if our policy is different can we modify the check vs putting an exclusion in for it?