Customizing Values for a Specific Vulnerability (by Vuln ID)
WhiteHat Portal users with the authority to do so may accept the business risk of a given vulnerability or customize the Rating or CVSS score for that vulnerability. (If a risk is accepted, it will be listed at the default WhiteHat risk rating.)
To customize the risk rating or CVSS score, or accept the business risk for one or more specific vulnerabilities, select the vulnerabilities (using the checkbox to the left of the Vuln ID) in the Vulnerability Details page. (Use the filter if needed to identify the vulnerabilities you want to customize.)
Once you have selected the vulnerabilities to be customized, click on "Bulk Actions" and choose "Customize Vulnerability." You will see a dialog box that will allow you to accept a risk, or restore the default Risk Rating and CVSS scores, or customize the Risk Rating, the CVSS Score, or both:
Note that you can only accept all selected vulnerabilities or set all selected vulnerabilities to a given set of values. If you want to set various risk levels, or customize some vulnerabilities' risk levels and accept the business risk for others, those must each be done separately. In all cases, you will be asked to enter a reason for the customization you are requesting (see "Reason" field above).
To accept the business risk for all the vulnerabilities you selected, check the "Accept vulnerabilities" box. If any of the vulnerabilities being accepted were previously set to a custom rating, they will revert to their default WhiteHat risk level once they have been accepted.
To remove all previously established Custom Ratings or CVSS Scores, check the "Remove Custom Ratings and Scores" box.
To set a custom rating for all the vulnerabilities you selected, click the radio button for the rating you want the vulnerabilities to be set to (Critical, High, Medium, Low, or Note).
To set a custom CVSS Score for all the vulnerabilities you selected, click the appropriate radio button for each factor you want to adjust. You will be able to see the effect of the changes you are making on the CVSS scores shown for each vulnerability on the customization page.
Record the reason for making the change before you click on "Save."
Once you are satisfied with the changes you are making, click on "Save" to save your changes. If you have made an error in selecting your vulnerabilities and need to cancel, click "Cancel."
If you accept the risk for a vulnerability with a customized risk rating, the rating will return to the default value. If at a future point you un-accept the risk for that vulnerability, it will continue to display the default value until or unless you customize the risk rating again. |