Contents: |
If Kiuwan finds any reported vulnerability of any component, it will display the details of the vulnerability and score the component in a Security Risk indicator.
But, depending on the concrete case, the alert might not apply to your organization or you can decide not to be alerted about certain vulnerabilities. In these cases, you can decide to Mute the Vulnerability so Kiuwan does not alert about it and consequently it's taking into account when calculating Security Risk indicators. |
In order to mute vulnerabilities , only users granted with Application Management permission are allowed to access Mute Vulnerabilities modules. |
Kiuwa Insights lets you to mute a specific CVE over a component(s) (i.e. this specific component should not raise this specific CVE)
You cannot completely mute a CVE. You can mute a CVS over a specific component(s), but the CVE remains active and any new component affected by that CVE will still be reported. |
Muting a vulnerabiltiy over a component can be applied to several scopes
Mute Scope | Precedence | Meaning |
---|---|---|
Component | 1 | The CVE muted applies to the selected component in all the applications that component may appear. |
App-Comp | 2 | The CVE muted applies to the selected component only in the specified application. Same component in other applications remains flagged as vulnerable by that CVE. |
Precedence column means the apllicability of the mute in case of conflicts, being applied the case with higher precedence value.
Mutes are applied retroactively, i.e. mutes will be applied not only to future analyses but also to past analyses |
You can mute at different locations:
Kiuwan Insights lets you to globally administrate the mutes defined within your Kiuwan account.
You can access Global Mute Admin by selecting Mute Vulnerabilities option at Components / Security tab's hamburguer menu.
Mute Vulnerabilities allows you to manage mutesbased on Vulnerabilities and/or Components
When "By Vulnerability" tab is selected, the full list of Vulnerabilities discovered through all the applications of your Kiuwan account is displayed
Clicking on a CVE will open the list of componets affected by that vulnerability.
Clicking on Modify button of a component will open Mute Vulnerabilities dialog.
Then, you can decide to mute the vulnerability for the selected component either for all aplications, for a set of apps or for only one application.
After mute, you will see the scope fof the mute at Mute Vulnerabilities tab.
When "By Component" tab is selected, the full list of Componentes affected by some CVE through all the applications of your Kiuwan account is displayed
Clicking on a Component will open the list of CVEs found for that component.
Clicking on Modify button of a CVE will open Mute Vulnerabilities dialog.
Then, you can decide to mute the vulnerability for the selected component either for all aplications, for a set of apps or for only one application.
After mute, you will see the scope fof the mute at Mute Vulnerabilities tab.
You can mute from Component tab.
Just click on the dropdown menu at the right of a specific Component and select Mute Vulnerabilities.
Mute Vulnerabilities dialog will open letting you to select the CVE to mute and decide to mute it either by all the apps of your account or for the current application.
After clicking on Save you will see the muted vulnerability greyed when opening the component.
You can mute from Security tab.
Just click on a Vulenrability and its details will be displayed. Alos, the list of components affected by the vulnerability is displayed.
Just select the Mute Vulnerabilties from the dropdown menu at the right of a specific Component.
Then, Mute Vulnerabilties dialog will open.
Mute Vulnerabilities dialog lets you to select the CVE to mute and decide to mute it either by all the apps of your account or for the current application.