Looking for some advice on how to add exclusions for application specific vulnerabilities for the entire enterprise or a large asset group.
For example:
I want wanted to exclude all vulnerabilities linked to a specific version of Java, or I want to exclude all vulnerabilities tied to MS Sever 2008 (just OS Security Patches).
I know we can create tags and asset groups based on installed software, but how would I obtain a list of current (and new) vulnerabilities just the specific application?
So @rpuga is correct in the fact that you can’t specifically create an exclusion and give it the scope of “Everything in this vulnerability category” but you can create asset groups based off of that installed software or specific vulnerabilities and then create an exception for the specific vulnerability scoped to the full asset group.
So each specific vulnerability will need to be excluded one at a time but scoped to the full asset group.
So for example if you had 10 specific vulnerabilities but they were present on 100 servers. You could create an asset group based off of those 10 vulnerabilities to include those 100 servers. After that is created you would only need to do 10 exceptions but scoped to that asset group.
The more specific vulnerabilities there are, the more work there will be in creating the exceptions for sure though.
I actually found a nice little workaround to this. You can create one exception for multiple vulnerabilites at once across an entire asset group; there’s just a little roundabout way of doing it:
Pull up one of the assets that is affected by all the vulns you want to exclude
Use the selection box to select all of the vulns you want to exclude (e.g, control-F java and check all the boxes)
Hit the “Exclude” button on the top left of the Vulnerabilities pane
The exception box pops up with all of the selected vulnerabilities, and it allows you to specify a asset groups
Multiple vulnerabilities are excepted on multiple assets at once
Thanks for sharing.