The runZero platform now supports suppressions for Findings, Vulnerability Groups, and individual Vulnerability instances. This feature can be used to ignore specific issues, filtering them from the default views, and adjusting asset risks to match. Suppressions are useful for filtering issues that are false positives, present an acceptable risk, or are generally non-actionable in your environment.
At the most general level, an entire Finding within a specific organization can be suppressed. This suppression applies to all vulnerability groups and specific vulnerabilities that roll up under this Finding. For example, if Denial-of-Service vulnerabilities are not something you care about, you can apply a suppression for the entire Finding, which will then filter out issues like the Eclipse Jetty MadeYouReset vulnerability or resource exhaustion attacks against Apache Tomcat.
Ignore an entire Finding by using the Suppress button in the top right of the Findings page. Once the Suppress finding dialog appears, you must select a reason from the dropdown, provide an optional comment, and then click Suppress.
The Finding will now be suppressed and hidden in the Findings view by default.
To show all suppressed findings, enter the search query suppressed:true
In addition to Findings, suppressions can be applied to Vulnerability Groups (all instances of a specific vulnerability by name and source) and individual instances of a Vulnerability, tied to a single asset and/or service. After applying a suppression, the risk of the related assets will be adjusted to match.
When a Finding or Vulnerability Group is suppressed, all of the individual vulnerability records identified for the Finding or Vulnerability Group are also suppressed. Additionally, any new vulnerabilities discovered for a suppressed Finding or Vulnerability Group in the future will automatically be suppressed as well.
All suppression actions are recorded in the event log and can be found using the search term: action:findings-suppressed OR action:vulnerability-groups-suppressed OR action:vulnerabilities-suppressed
We hope that you find suppressions to be a useful feature for managing your exposure management program. If you have any feedback or suggestions, please reach out to our engineering team via support@runzero.com.
